byt3bl33d3r.md

Awesome Stars

A curated list of my GitHub stars! Generated by starred

Contents

• ActionScript

• Assembly

• C

• C#

• C++

• CSS

• Dart

• Go

• Groff

• HTML

• Haskell

• Java

• JavaScript

• [Jupyter Notebook](#jupyter notebook)

• Lua

• Others

• PHP

• PLpgSQL

• Perl

• Pony

• PowerShell

• Python

• Roff

• Ruby

• Rust

• Shell

• VimL

• [Visual Basic](#visual basic)

ActionScript

• Flashbang - Project "Flashbang" - An open-source Flash-security helper

Assembly

• LoadDll - Better version of RunDll with GUI. This program allows you to load DLLs on Windows. You can select how to load the DLL. By direct Entry Point call (DllMain) or if you want to call directly an exported function of the DLL.

• pokecrystal - disassembly of Pokémon Crystal

C

• DoubleAgent - Zero-Day Code Injection and Persistence Technique

• Invoke-Vnc - Powershell VNC injector

• phc-winner-argon2 - The password hash Argon2, winner of PHC

• CVE-2016-5195 - CVE-2016-5195 (dirtycow/dirtyc0w) proof of concept for Android

• no-more-secrets - A recreation of the famous data decryption effect as seen in the 1992 movie Sneakers.

• patchkit - binary patching from Python

• winafl - A fork of AFL for fuzzing Windows binaries

• ExtractKeyMaster - Exploit that extracts Qualcomm's KeyMaster keys using CVE-2015-6639 and CVE-2016-2431

• warp17 - The Stateful Traffic Generator for Layer 1 to Layer 7

• pivoter - Pivoter is a proxy tool for pentesters to have easier lateral movement.

• Throwback - HTTP/S Beaconing Implant

• hashcat - World's fastest and most advanced password recovery utility

• hashcat-legacy - Advanced CPU-based password recovery utility

• icmptunnel - Transparently tunnel your IP traffic through ICMP echo and reply packets.

• SoftEtherVPN - A Free Cross-platform Multi-protocol VPN Software. * For support, troubleshooting and feature requests we have http://www.vpnusers.com/. For critical vulnerability please email us. (mail address is on the header.)

• iodine - Official git repo for iodine dns tunnel

• 3proxy - 3proxy - tiny free proxy server

• Win32-OpenSSH - Win32 port of OpenSSH

• beurk - BEURK Experimental Unix RootKit

• pynids -

• kekeo - A little toolbox to play with Microsoft Kerberos in C

• peinjector - peinjector - MITM PE file infector

• AD-control-paths - Active Directory Control Paths auditing and graphing tools

• backdoors -

• sheep-wolf - Wolves Among the Sheep

• proxenet - The REAL^WONLY Hacker-Friendly proxy for web application pentests.

• post-exploitation - Post Exploitation Collection

• reaver-wps-fork-t6x -

• pixiewps - An offline WPS brute-force utility

• mimikatz - A little tool to play with Windows security

• python-netfilterqueue - Python bindings for libnetfilter_queue

• fb-adb - A better shell for Android devices

• asus-cmd - ASUS Router infosvr UDP Broadcast root Command Execution

• nvram-faker - A simple library to intercept calls to libnvram when running embedded linux applications in emulated environments.

• PuttyRider - Hijack Putty sessions in order to sniff conversation and inject Linux commands.

• simple-rootkit - A simple attack against gcc and Python via kernel module, with highly detailed comments.

C#

• oleviewdotnet - A .net OLE/COM viewer and inspector to merge functionality of OleView and Test Container

• DotNetToJScript - A tool to create a JScript file which loads a .NET v2 assembly from memory.

• CScriptShell - CScriptShell, a Powershell Host running within cscript.exe

• OpenPasswordFilter - An open source custom password filter DLL and userspace service to better protect / control Active Directory domain passwords.

• RottenPotato - RottenPotato local privilege escalation from service account to SYSTEM

• PSShell - PSShell gets the job done when harsh group policy restrictions are in place.

• PowerShell - PowerShell for every system!

• PowerShdll - Run PowerShell with rundll32. Bypass software restrictions.

• KeeThief - Methods for attacking KeePass 2.X databases, including extracting of encryption key material from memory.

• EtwStream - Logs are event streams. EtwStream provides In-Process and Out-of-Process ObservableEventListener. Everything can compose and output to anywhere by Reactive Extensions.

• PSAttack - A portable console aimed at making pentesting with PowerShell a little easier.

• DSInternals - DSInternals PowerShell Module and Framework

• p0wnedShell - PowerShell Runspace Post Exploitation Toolkit

• pash - Mono Version of PowerShell 3.0

• QuasarRAT - Remote Administration Tool for Windows

• Psychson - Phison 2251-03 (2303) Custom Firmware & Existing Firmware Patches (BadUSB)

C++

• italc - iTALC classroom management software

• RpcView -

• rattler - Automated DLL Enumerator

• tensorflow - Computation using data flow graphs for scalable machine learning

• tortunnel - A partial Onion Proxy implementation that's designed to build single-hop circuits through Tor exit nodes

• dripcap - ☕️ Caffeinated Packet Analyzer

• ssf - Secure Socket Funneling - Network tool and toolkit - TCP and UDP port forwarding, SOCKS, relay protocol, cross platform shell, standalone and cross platform

• RemCom - Remote Command Executor: A OSS replacement for PsExec and RunAs - or Telnet without having to install a server. Take your pick :)

• edb-debugger - edb is a cross platform x86/x86-64 debugger.

• KeeFarce - Extracts passwords from a KeePass 2.x database, directly from memory.

• selfhash - SysCon14 release

• losslessh264 - (Deprecated) Lossless h.264 recoder/recompressor. For newest version see:

• SysvolExplorer - Active Directory Group Policy analyzer

• demoncrypt - Believe in the Right to Share. Secure, Anonymous, Free, Everywhere. Welcome to the Future of File Sharing.

• s-4-u-for-windows - s(4)u for Windows

• rowhammer-test - Test DRAM for bit flips caused by the rowhammer problem

• IAT_patcher - Persistent IAT hooking application - based on bearparser.

CSS

• megaboilerplate - Handcrafted starter projects, optimized for simplicity and ease of use.

Dart

• markov - Markov chain generator in Dart

Go

• wuzz - Interactive cli tool for HTTP inspection

• EGESPLOIT - EGESPLOIT is a golang library for malware development

• keytransparency - A transparent and secure way to look up public keys.

• phishery - An SSL Enabled Basic Auth Credential Harvester with a Word Document Template URL Injector

• git-seekret - Git module to prevent from committing sensitive information into the repository.

• termui - Golang terminal dashboard

• gotty - Share your terminal as a web application

• gopacket - Provides packet processing capabilities for Go

• gobuster - Directory/file & DNS busting tool written in Go

Groff

• justniffer - Justniffer Just A Network TCP Packet Sniffer .Justniffer is a network protocol analyzer that captures network traffic and produces logs in a customized way, can emulate Apache web server log files, track response times and extract all "intercepted" files from the HTTP traffic

HTML

• visualize_logs - A Python library and command line tools to provide interactive log visualization.

• Secure-Host-Baseline - Configuration guidance and files in support of the DoD Windows 10 Secure Host Baseline. iadgov

• gophish - Open-Source Phishing Toolkit

• jamaal-re-tools - Automatically exported from code.google.com/p/jamaal-re-tools

• GoogleScraper - A Python module to scrape several search engines (like Google, Yandex, Bing, Duckduckgo, Baidu and others) by using proxies (socks4/5, http proxy) and with many different IP's, including asynchronous networking support (very fast).

• quantuminsert - Quantum Insert

• pirate-get - A command line interface for The Pirate Bay

• snarf - Snarf man-in-the-middle / relay suite

Haskell

• shellcheck - ShellCheck, a static analysis tool for shell scripts

Java

• vncthumbnailviewer - Viewer for Observing Multiple Computers using VNC

• ysoserial-modified - That repository contains my updates to the well know java deserialization exploitation tool ysoserial.

• ysoserial - A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

• wycheproof - Project Wycheproof tests crypto libraries against known attacks.

• Burp-Non-HTTP-Extension - Non-HTTP Protocol Extension (NoPE) Proxy and DNS for Burp Suite.

• androrat - androrat

• pushy - Easy-as RPC. Zero-server RPC for Python and Java.

• cortana-scripts - A collection of Cortana scripts that you may use with Armitage and Cobalt Strike 2.x. Cortana Scripts are not compatible with Cobalt Strike 3.x. Cobalt Strike 3.x uses a variant of Cortana called Aggressor Script.

• binnavi - BinNavi is a binary analysis IDE that allows to inspect, navigate, edit and annotate control flow graphs and call graphs of disassembled code.

• JustTrustMe - An xposed module that disables SSL certificate checking for the purposes of auditing an app with cert pinning

JavaScript

• Shellcode-Via-HTA - How To Execute Shellcode via HTA

• hyper - A terminal built on web technologies

• CyberChef - The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis

• homebridge - HomeKit support for the impatient

• poisontap - Exploits locked/password protected computers over USB, drops persistent WebSocket-based backdoor, exposes internal router, and siphons cookies using Raspberry Pi Zero & Node.js.

• novahot - A webshell framework for penetration testers.

• monkey - Infection Monkey - An automated pentest tool

• jsxt - The collection of the Javascript / JScript extensions and standalone scripts

• felony - 🔑🔥📈 Next Level PGP

• HackVault - A container repository for my defensive/offensive hacks!

• asciinema2gif - Generate animated GIFs from asciinema terminal recordings

• sniffly - Sniffing browser history using HSTS

• MagicPython - Cutting edge Python syntax highlighter for Sublime Text, Atom and Visual Studio Code. Used by GitHub to highlight your Python code!

• pm - package managers visualization

• sleepy-puppy - Sleepy Puppy XSS Payload Management Framework

• web-console - Simple web-based SSH, remote shell in your browser

• cloud-pcap - Web PCAP storage and analytics

• mitm-grabb3r - MITM GRABB3R

• gproxy - googleusercontent.com as HTTP(S) proxy

• mstsc.js - A pure Node.js Microsoft Remote Desktop Protocol (RDP) Client

• resume.github.com - Resumes generated using the GitHub informations

• eye - Python object inspector

• xss-keylogger - A keystroke logger to exploit XSS vulnerabilities in a site - for my personal Educational purposes only

• friends - 📺 P2P chat powered by the web.

• hodor - Official repo for the hodor-lang.org programming language

• pycryptocat - pyCryptoCat - A CryptoCat standalone python client.

• blessed-contrib - Build terminal dashboards using ascii/ansi art and javascript

• faraday - Collaborative Penetration Test and Vulnerability Management Platform

• DoFler - Dashboard of Fail. A application to carve out images/accounts/vulns on conference networks and display them for general entertainment.

• beef - The Browser Exploitation Framework Project

Jupyter Notebook

• clickbait-detector - Detects clickbait headlines using deep learning.

Lua

• kali-nethunter - The Kali NetHunter Project

Others

• OPCDE - OPCDE DXB 2017 Materials

• Probable-Wordlists - Wordlists sorted by probability originally created for password generation and testing

• status-list - A list of your various social statii.

• Social-Engineering-Payloads - Collection of generic social engineering payloads

• Red-Team-Infrastructure-Wiki - Wiki to collect Red Team infrastructure hardening resources

• RegistrationFreeCOM - Inject DLL Prototype using Microsoft.Windows.ACTCTX COM Object

• awesome - 😎 Curated list of awesome lists

• Mackenzie - AWS Lambda Infection Toolkit // Persistent Lambda Malware PoC

• BlueHat2016 - Slides & Code BlueHat 2016

• wq - :wq

• SCADAPASS - SCADA StrangeLove Default/Hardcoded Passwords List

• awesome-windows-exploitation - A curated list of awesome Windows Exploitation resources, and shiny things. Inspired by awesom

• Hob0Rules - Password cracking rules for Hashcat based on statistics and industry patterns

• ssh-badkeys - A collection of static SSH keys (public and private) that have made their way into software and hardware products.

• RobotsDisallowed - A harvest of the Disallowed directories from the robots.txt files of the world's top websites.

• iOSAppReverseEngineering - The world’s 1st book of very detailed iOS App reverse engineering skills :)

• TSA-Travel-Sentry-master-keys - 3D reproduction of TSA Master keys

• awesome-sysadmin - A curated list of amazingly awesome open source sysadmin resources inspired by Awesome PHP.

• itpol - Useful IT policies

• xssshell-xsstunnell - XSS Tunnel is a standard HTTP proxy which sits on an attacker’s system. XSS Shell is a powerful XSS backdoor, in XSS Shell one can interactively send requests and get responses from victim and it allows you to keep the control of session.

• awesome-pentest - A collection of awesome penetration testing resources, tools and other shiny things

• Smartphone-Pentest-Framework - Repository for the Smartphone Pentest Framework (SPF)

• sslstrip2 - SSLStrip version to defeat HSTS

• Google-dorks - Common google dorks and others you prolly donn know :P

PHP

• BezierInfo-2 - A from-the-ground-up rewrite of https://pomax.github.io/bezierinfo, using react, babel, webpack, and other modern things.

• FiercePhish - FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more.

• xss_payloads - Exploitation for XSS

• SecLists - SecLists is the security tester's companion. It is a collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more.

• dropPoint - Remotely accessible Tor hidden service deployment suite

• wpes - WeakNet PHP Execution Shell

• AD-permissions - Active Directory permissions (ACL/ACE) auditing tools

• Parser - Browser sniffing gone too far — A useragent parser library for PHP

• FruityWifi - FruityWiFi is a wireless network auditing tool. The application can be installed in any Debian based system adding the extra packages. Tested in Debian, Kali Linux, Kali Linux ARM (Raspberry Pi), Raspbian (Raspberry Pi), Pwnpi (Raspberry Pi), Bugtraq, NetHunter.

• php-webshells - Common php webshells. Do not host the file(s) on your server!

PLpgSQL

• idaref - IDA Pro Instruction Reference Plugin

Perl

• epowner - McAfee ePolicy 0wner exploit code

• EQGRP - Decrypted content of eqgrp-auction-file.tar.xz

• asterisk-speech-recog - Speech recognition script for Asterisk that uses google's speech engine.

• evilgrade -

• Slow-HTTP-Post - Slow HTTP POST testing tool

Pony

• ponysay - Pony rewrite of cowsay.

PowerShell

• SeeCLRly - Fileless SQL Server CLR-based Custom Stored Procedure Command Execution

• Untypo - Help recover passwords / etc. that were incorrectly entered with a typo

• EncryptedStore - Offensive Data Storage

• RandomPS-Scripts - Random PowerShell scripts

• Invoke-Obfuscation - PowerShell Obfuscator

• Inveigh - Inveigh is a Windows PowerShell LLMNR/mDNS/NBNS spoofer/man-in-the-middle tool

• Tater - Tater is a PowerShell implementation of the Hot Potato Windows Privilege Escalation exploit from @breenmachine and @foxglovesec

• DeepBlueCLI -

• MailSniper - MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can be used as a non-administrative user to search their own email, or by an administrator to search the mailboxes of every user in a domain.

• PowerShell-Suite - My musings with PowerShell

• powercat - netshell features all in version 2 powershell

• Misc-PowerShell-Stuff - random powershell goodness

• BloodHound - Six Degrees of Domain Admin

• mimikittenz - A post-exploitation powershell tool for extracting juicy info from memory.

• PowerOutlook - Sample code from Owning MS Outlook with Powershell

• Javascript-Backdoor - Learn from Casey Smith @subTee

• PowerTools - PowerTools is a collection of PowerShell projects with a focus on offensive operations.

• Interceptor - PowerShell HTTP(s) Intercepting Proxy

• WMIOps - This repo is for WMIOps, a powershell script which uses WMI for various purposes across a network.

• PowerCat - A PowerShell TCP/IP swiss army knife.

• NetRipper - NetRipper - Smart traffic sniffing for penetration testers

• Empire - Empire is a PowerShell and Python post-exploitation agent.

• Generate-Macro - This Powershell script will generate a malicious Microsoft Office document with a specified payload and persistence method.

• nishang - Nishang - PowerShell for penetration testing and offensive security.

• Powershell -

• Egress-Assess - Egress-Assess is a tool used to test egress data detection capabilities

• PowerUp - This version of PowerUp is now unsupported. See https://github.com/Veil-Framework/PowerTools/tree/master/PowerUp for the most current version.

• Veil-Pillage - Veil-Pillage is a post-exploitation framework that integrates with Veil-Evasion.

Python

• evilginx - Man-in-the-middle attack framework used for phishing credentials and session cookies of any web service.

• EQGRP_Lost_in_Translation - Decrypted content of odd.tar.xz.gpg, swift.tar.xz.gpg and windows.tar.xz.gpg

• mimipy - port of mimipenguin.sh in python with some additional protection features

• mimipenguin - A tool to dump the login password from the current linux user

• IIS_exploit - Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016.

• gdrive-appdata - Fetch Android appdata/ from Google Drive

• pyamf - AMF for Python

• struts-pwn - An exploit for Apache Struts CVE-2017-5638

• arp_aio - ARP requests using asyncio

• routersploit - The Router Exploitation Framework

• Bella - A pure python, post-exploitation, data mining tool and remote administration tool (RAT) for macOS / OS X. 🍎💻

• maya - Timestamps for Humans™

• PoC - Various PoCs

• argcomplete - Python and tab completion, better together.

• click-completion - Add or enhance bash, fish, zsh and powershell completion in Click

• exterminate - Break Python programs with a single import.

• saythanks.io - Spreading Thankfulness in Open Source.

• pipenv - Sacred Marriage of Pipfile, Pip, & Virtualenv.

• delegator.py - Subprocesses for Humans 2.0.

• pwntools - CTF framework and exploit development library

• truffleHog - Searches through git repositories for high entropy strings, digging deep into commit history

• rpivot - socks4 reverse proxy for penetration testing

• tauthon - Fork of Python 2.7 with new syntax, builtins, and libraries backported from Python 3.

• zget - Filename based peer to peer file transfer

• gTTS - Module and command line utility to save spoken text to mp3 via the Google Text to Speech (TTS) API

• pybrain -

• WAFNinja - WAFNinja is a tool which contains two functions to attack Web Application Firewalls.

• gitfiti - abusing github commit history for the lulz

• TrumpScript - Make Python great again

• java_deserialization_exploits - A collection of Java Deserialization Exploits

• dnsteal - DNS Exfiltration tool for stealthily sending files over DNS requests.

• Ebowla - Framework for Making Environmental Keyed Payloads

• gef - Multi-Architecture GDB Enhanced Features for Exploiters & Reverse-Engineers

• peda - PEDA - Python Exploit Development Assistance for GDB

• NfSpy - ID-spoofing NFS client

• kaced -

• Responder - Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.

• google_socks - A proof of concept demonstrating the use of Google Drive for command and control.

• Bayesian_Network - A Bayesian Method for the Induction of Probalistic Networks from Data

• pacdoor - Proof-of-concept JavaScript malware implemented as a Proxy Auto-Configuration (PAC) File

• MonitorDarkly - Poc, Presentation of Monitor OSD Exploitation, and shenanigans of high quality.

• datasploit - A tool to perform various OSINT techniques, aggregate all the raw data, visualise it on a dashboard, and facilitate alerting and monitoring on the data.

• stargate - Stargate

• pywerview - A (partial) Python rewriting of PowerSploit's PowerView

• cditter - CDitter – Electromechanical based data exfiltration

• android_fde_bruteforce - Scripts to bruteforce Android's Full Disk Encryption off the device

• Cloakify - CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings; Evade DLP/MLS Devices; Defeat Data Whitelisting Controls; Social Engineering of Analysts; Evade AV Detection

• badusb2-mitm-poc - BadUSB 2.0 USB-HID MiTM POC

• SpaceshipGenerator - A Blender script to procedurally generate 3D spaceships

• pywinrm - Python library for Windows Remote Management (WinRM)

• xonsh - Python-powered, cross-platform, Unix-gazing shell

• pyad - Python Active Directory Tools

• ldapdomaindump - Active Directory information dumper via LDAP

• python_lnk_maker - Make Windows LNK file with python (pylnk)

• SharpMeter -

• exserial - Java Untrusted Deserialization Exploits Tools

• bt2 - Blaze Telegram Backdoor Toolkit is a post-exploitation tool that leverages the infrastructure of Telegram as a C&C

• plasma - Plasma is an interactive disassembler for x86/ARM/MIPS. It can generates indented pseudo-code with colored syntax.

• firefox_decrypt - Firefox Decrypt is a tool to extract passwords from Firefox profiles

• waybackpack - Download the entire Wayback Machine archive for a given URL.

• sneaky-creeper - Get your APT on using social media as a tool for data exfiltration.

• Pazuzu - Pazuzu: Reflective DLL to run binaries from memory

• gdog - A fully featured Windows backdoor that uses Gmail as a C&C server

• JSRat-Py - This is my implementation of JSRat.ps1 in Python so you can now run the attack server from any OS instead of being limited to a Windows OS with Powershell enabled.

• dcept - A tool for deploying and detecting use of Active Directory honeytokens

• autorelay - Automatically performs the SMB relay attack

• sidomo - Simple Docker Python Module

• secure-smtpd - Fork of Python's standard SMTP server. Adding support for various extensions to the protocol.

• Tunna - Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP. It can be used to bypass network restrictions in fully firewalled environments.

• python-qBittorrent - Python wrapper for qBittorrent Web API (for versions above v3.1.x)

• SPF - SpeedPhishing Framework

• EvilAbigail - Automated Linux evil maid attack

• clusterd - application server attack toolkit

• fast-recon - Does some google dorks against a domain

• pentest-machine - Automates some pentest jobs via nmap xml file

• GasPot - GasPot Released at Blackhat 2015

• SimplyEmail - Email recon made fast and easy, with a framework to build on

• backdoor-pyc - Patch pyc files with your code. Fairly lame.

• Skype-Maltego-Client - A set of local skype transforms for Maltego to utilise Skype and search the directory

• PyLaTeX - A Python library for creating LaTeX files

• Mobile-Security-Framework-MobSF - Mobile Security Framework is an intelligent, all-in-one open source mobile application (Android/iOS/Windows) automated pen-testing framework capable of performing static, dynamic analysis and web API testing.

• autoresp - Runs Responder, uploads hashes for cracking, alerts when cracked

• python-adb - Python ADB + Fastboot implementation

• wsuspect-proxy -

• autoDANE - Auto Domain Admin and Network Exploitation.

• API-namechk.com - (Unofficial) Python API for http://namechk.com

• skype-osint - Python OSINT Tool to retrieve information from Skype

• pack - PACK (Password Analysis and Cracking Kit)

• commix - Automated All-in-One OS command injection and exploitation tool.

• pcap-reassembler - Reassembles UDP/TCP packets into application layer messages.

• dpkt - fast, simple packet creation / parsing, with definitions for the basic TCP/IP protocols

• NMAPgrapher - A tool to generate graph and other output from NMAP XML files

• scripts -

• nessrest - A python library for using the new Nessus REST API.

• pycepa - python tor client

• PySocks - A semi-actively maintained SocksiPy fork. Contains many improvements to the original.

• pr0cks - python script setting up a transparent proxy to forward all TCP and DNS traffic through a SOCKS / SOCKS5 or HTTP(CONNECT) proxy using iptables -j REDIRECT target

• memorpy - Python library using ctypes to search/edit windows/linux programs memory

• rpyc - RPyC (Remote Python Call) - A transparent and symmetric RPC library for python

• pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python

• sslstrip - A tool for exploiting Moxie Marlinspike's SSL "stripping" attack.

• pyNES - Python programming for Nintendo 8 bits

• SPSE - Collection of scripts created while taking the SecurityTube Python Scripting Expert course

• NTP_Trojan - Reverse NTP remote access trojan in python, for penetration testers

• Reverse_SSH_Shell - A reverse ssh shell written in python, intended for penetration testers to use as a covert channel on windows

• Stego_Dropper - A python based dropper, that uses steganography and an image over http to transfer a file

• XMPP_Shell_Bot - A shell / chat bot for XMPP and cloud services

• Reverse_HTTPS_Bot - A python based https remote access trojan for penetration testing

• Reverse_DNS_Shell - A python reverse shell that uses DNS as the c2 channel

• LSB-Steganography - Python program to steganography files into images using the Least Significant Bit.

• PeachPy - x86-64 assembler embedded in Python

• ripPE - ripPE - section extractor and profiler for PE file analysis

• python-mss - An ultra fast cross-platform multiple screenshots module in pure Python using ctypes.

• btproxy - Man in the Middle analysis tool for Bluetooth.

• plumbum - Plumbum: Shell Combinators

• pyautogui - A cross-platform GUI automation Python module for human beings. Used to programmatically control the mouse & keyboard.

• airpwn-ng - airpwn-ng

• grab - Web Scraping Framework

• onelinerizer - Convert any Python file into a single line of code.

• snapception - Intercept and decrypt all snapchats received over your network

• smbspider - SMB Spider is a lightweight python utility for searching SMB/CIFS/Samba file shares. While performing a penetration test, the need to search hundreds of hosts for sensitive password files resulted in this project.

• ZIB-Trojan - The Open Tor Botnet (ZIB); Python-based forever-FUD IRC Trojan

• webhandler - Bash simulator to control a server using PHP system functions.

• scapy-to-api - Sniff packets and POST to API

• CredCrack - A fast and stealthy credential harvester

• big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.

• pymiproxy - A small and sweet man-in-the-middle proxy capable of doing HTTP and HTTP over SSL.

• sploitego - Maltego Penetration Testing Transforms

• whitepages - Python wrapper for the whitepages api. For more information about the whitepages api see their documentation at http://pro.whitepages.com/developer/documentation/api-overview/

• bokken - Dear user: This is a git mirror of our Mercurial repository in https://bokken.inguma.eu that you can use if you prefer to use pull requests. For instructions, latest updates and such visit our main site at http://www.bokken.re and our blog http://ingumadev.blogspot.com.

• unicorn - Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18.

• ivre - Network recon framework.

• Python-Scripts - My Python scripts.

• aggr-inject - Remote frame injection PoC by exploiting a standard compliant A-MPDU aggregation vulnerability in 802.11n networks.

• wildpwn - unix wildcard attacks

• scapy-ssl_tls - SSL/TLS layers for scapy the interactive packet manipulation tool

• psutil - A cross-platform process and system utilities module for Python

• Just-Metadata - Just-Metadata is a tool that gathers and analyzes metadata about IP addresses. It attempts to find relationships between systems within a large dataset.

• pyinstaller - Freeze (package) Python programs into stand-alone executables

• enjarify -

• pymetasploit - A full-fledged msfrpc library for Metasploit framework.

• httpie - Modern command line HTTP client – user-friendly curl alternative with intuitive UI, JSON support, syntax highlighting, wget-like downloads, extensions, etc. https://httpie.org

• entweet - Badass encryption for Twitter

• python-triplesec - A Python port of the triplesec library.

• TwistedEve - a tool that facilitates eavesdropping and man-in-the-middle attacks

• mitmproxy - An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers

• zarp - Network Attack Tool

• LaZagne - Credentials recovery project

• EyeWitness - EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

• social-engineer-toolkit - The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.

• httpagentparser - Python HTTP Agent Parser

• ptf - The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.

• wifite-mod-pixiewps -

• twisted-connect-proxy - Default Twisted does not ship with a CONNECT-enabled HTTP(s) proxy. This code provides one.

• smbmap - SMBMap is a handy SMB enumeration tool

• pysecdump - Python-based tool to dump security information from Windows systems

• the-backdoor-factory - Patch PE, ELF, Mach-O binaries with shellcode

• LANs.py - Inject code, jam wifi, and spy on wifi users

• impacket - Impacket is a collection of Python classes for working with network protocols.

• SMBTrap - Tools developed to test the Redirect to SMB issue

• patator - Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.

• dnschef - DNSChef - DNS proxy for Penetration Testers and Malware Analysts

• sslstrip - A tool for exploiting Moxie Marlinspike's SSL "stripping" attack.

• Cellular-Automata-Manager - Open source environment for cellular automata

• pyhipku - Encode any IP address as a haiku, funny and lovely. TRY IT NOW: http://pyhipku.lord63.com

• dissectors - This project is part of improving Cuckoo Sandbox, for more information https://honeynet.org/gsoc/slot3 I will use Scapy to write protocols dissectors for: TCP, UDP, ICMP, DNS, HTTP, FTP, IRC, SMB, SIP, TELNET, SSH, IMAP, POP and H.323

• multibootusb - Create multiboot live Linux on a USB disk...

• Ghost.py - Webkit based scriptable web browser for python.

• volatility - An advanced memory forensics framework

• dbx-keygen-linux - Encryption key extractor for Dropbox DBX files

• dbx-keygen-windows - Encryption key extractor for Dropbox DBX files

• Dshell - Dshell is a network forensic analysis framework.

• net-creds - Sniffs sensitive data from interface or pcap

• Delorean - NTP Main-in-the-Middle tool

• CapTipper - Malicious HTTP traffic explorer

• xss2shell - Tool for abusing XSS vulnerabilities on Wordpress and Joomla! installations

• crowbar - Crowbar is brute forcing tool that can be used during penetration tests. It is developed to support protocols that are not currently supported by thc-hydra and other popular brute forcing tools.

• uiautomator - Python wrapper of Android uiautomator test tool.

• scapy-http - Support for HTTP in Scapy

• percol - adds flavor of interactive filtering to the traditional pipe concept of UNIX shell

• robobrowser -

• wfuzz - Web application fuzzer

• rdpy - Remote Desktop Protocol in Twisted Python

• iDictPy - A salty-ass 100% verified hacker status python script to turn apple id's into apple crisp #nicememe

• unhash - unhash is a set of tools designed to enable better password auditing

• bowcaster -

• PCredz - This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.

• pyobfuscate - pyobfuscate

• meterssh - MeterSSH is a way to take shellcode, inject it into memory then tunnel whatever port you want to over SSH to mask any type of communications as a normal SSH connection. The way it works is by injecting shellcode into memory, then wrapping a port spawned (meterpeter in this case) by the shellcode over SSH back to the attackers machine. Then connecting with meterpreter's listener to localhost will communicate through the SSH proxy, to the victim through the SSH tunnel. All communications are relayed through the SSH tunnel and not through the network.

• bunny - Bunny is a wireless. meshing, darknet that uses 802.11 to hide its communications

• wifiphisher - Automated victim-customized phishing attacks against Wi-Fi clients

• vFeed - The Correlated Vulnerability And Threat Intelligence Database API

• nogotofail - An on-path blackbox network traffic security testing tool

• wps - WPS related utilities

• BDFProxy - Patch Binaries via MITM: BackdoorFactory + mitmProxy.

• Veil-Ordnance - Veil-Ordnance is a tool designed to quickly generate MSF stager shellcode

• loc-nogps -

• dumpmon - Information Dump Monitor

• xsscrapy - XSS spider - 66/66 wavsep XSS detected

• Responder - Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.

• ridenum - Rid_enum is a null session RID cycle attack for brute forcing domain controllers.

Roff

• facebook-tunnel - Tunneling Internet traffic over Facebook chat.

Ruby

• hash_link -

• mastodon - A GNU Social-compatible microblogging server

• searchpass - A simple tool for offline searching of default credentials for network devices, web applications and more.

• wordpress-exploit-framework - A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.

• browser-backdoor - BrowserBackdoor is an Electron Application with a JavaScript WebSocket Backdoor and a Ruby Command-Line Listener

• wpbrute-rpc -

• bettercap - A complete, modular, portable and easily extensible MITM framework.

• yasuo - A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network

• gitrob - Reconnaissance tool for GitHub organizations

• memorandom -

• memorandom -

• ZackAttack - Unveiled at DEF CON 20, NTLM Relaying to ALL THE THINGS!

• metasploit-framework - Metasploit Framework

Rust

• groot - 🌳 The Groot Programming Language

Shell

• rsync-time-backup - Time Machine style backup with rsync.

• algo - Set up a personal IPSEC VPN in the cloud

• awesome-iocs - A collection of sources of indicators of compromise

• tmux-logging - Easy logging and screen capturing for Tmux.

• Skippy - A script made to validate numerous cryptographic-related vulnerabilities such as: Heartbleed, Logjam, CRIME,POODLE, DROWN, Weak Cipher Suites enabled, NULL ciphers, MD5 signed certificates, secure renegotiation checks, and self-signed certificate checks.

• backdoor-apk - backdoor-apk is a shell script that simplifies the process of adding a backdoor to any Android APK file. Users of this shell script should have working knowledge of Linux, Bash, Metasploit, Apktool, the Android SDK, smali, etc. This shell script is provided as-is without warranty of any kind and is intended for educational purposes only.

• ArchStrike - An Arch Linux repository for security professionals and enthusiasts. Done the Arch Way and optimized for i686, x86_64, ARMv6, ARMv7 and ARMv8.

• firmwalker - Script for searching the extracted firmware file system for goodies!

• lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

• sasquatch -

VimL

• minimap-vim - Minimap for Vim

Visual Basic

• uacscript - Windows 7 UAC Bypass Vulnerability in the Windows Script Host

License

To the extent possible under law, byt3bl33d3r has waived all copyright and related or neighboring rights to this work.