There are no reviews yet. Be the first to send feedback to the community and the maintainers!
bbot
A recursive internet scanner for hackers.writehat
A pentest reporting tool written in Python. Free yourself from Microsoft Word.TREVORspray
TREVORspray is a modular password sprayer with threading, clever proxying, loot modules, and more!MANSPIDER
Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!badsecrets
A library for detecting known secrets across many web frameworksTREVORproxy
A SOCKS proxy written in Python that randomizes your source IP address. Round-robin your evil packets through SSH tunnels or give them billions of unique source addresses!offensive-azure
Collection of offensive tools targeting Microsoft Azurekali-setup-script
Bash script which prepares Kali for a pentest by enabling session logging, installing tools, and making common configuration changesbaddns
Check subdomains for subdomain takeovers and other DNS tomfooleryspiderfoot-neo4j
Import, visualize, and analyze SpiderFoot scans in Neo4j, a graph databasecredshed
credshed - a scalable database for credential leaks. Written in Python, it can easily ingest poorly-formatted files or entire directories into a searchable database. MongoDB is used in the backend.cloudcheck
Check whether an IP address or hostname belongs to popular cloud providersdp_cryptomg
Another tool for exploiting CVE-2017-9248, a cryptographic weakness in Telerik UI for ASP.NET AJAX dialog handler.KCMTicketFormatter
Format SSSD Raw Kerberos Payloads into CCACHE files for use on Windows systemsConvert-Invoke-Kerberoast
Converts the output from Invoke-Kerberoast into hashcat format.fulcrom
A web shell for pivoting and lateral movementevilginx-setup-script
A quick-and-easy bash script installing and launching EvilGinx2, a phishing reverse-proxybls-bible
BLS-Bible is a knowledge-base application that houses a collection of guides and write-ups that BLS uses for our various operations.zmap-asset-inventory
Python script which takes internal asset inventory at scale using zmap. Outputs to CSV.public-dns-servers
A CI/CD-verified list of the internet's known-good public DNS servers (from public-dns.info) Updated weekly!enter_the_matrix
ETM enables the creation of detailed attack graphs and figures while calculating the risk associated with your attack narratives. ETM was built keeping NIST recommendations on threat matrices in mind. Features an API to interact on your data to act as a living database of your executed threat models.bbot-vivagraphjs
Visualize BBOT scans in realtime with VivaGraphJSwebspray
Fuzz for hidden proxies, vhosts, and URLssigma-rules
A collection of Sigma rules organized by MITRE ATT&CK techniquebbot-module-playground
A proving grounds for young and aspiring BBOT modulesnmappalyzer
A lightweight Python 3 Nmap wrapper that doesn't try too hard. Gracefully handles any Nmap command, providing access to all output types (normal, greppable, xml), plus JSON!mklnk
Create a lnk shortcut file for Windowscredshed-api
REST API for Credshedcredshed-gui
Vue.js frontend for credshedCisco-7937G-PoCs
Proofs of concept for three vulnerabilities affecting the Cisco 7937G Conference StationJSDiagrammer
Simple javascript library that will aid in creating simple diagrams with pictures for nodes and arrows for the edges connecting nodes.blue-resources
A collection of helpful blue team resourcesradixtarget
RadixTarget is a performant radix implementation designed for quick lookups of IP addresses/networks and DNS hostnames.filter-qualys-csv
Cut down on the size of Qualys' scan results by filtering based on severity, keywords, etc. Written in Python.BLSPyUtils
Repo for small functions used often in Python.ASM_BBOT_Training
Love Open Source and this site? Check out how you can help us