There are no reviews yet. Be the first to send feedback to the community and the maintainers!
objection
📱 objection - runtime mobile explorationgowitness
🔍 gowitness - a golang, web screenshot utility using Chrome HeadlessreGeorg
The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.ruler
A tool to abuse Exchange servicesmana
*DEPRECATED* mana toolkit for wifi rogue AP attacks and MitMDET
(extensible) Data Exfiltration Toolkit (DET)godoh
🕳 godoh - A DNS-over-HTTPS C2kwetza
Python script to inject existing Android applications with a Meterpreter payload.Snoopy
Snoopy: A distributed tracking and data interception frameworkhostapd-mana
SensePost's modified hostapd for wifi attacks.rattler
Automated DLL EnumeratorDNS-Shell
DNS-Shell is an interactive Shell over DNS channelUSaBUSe
Universal Serial aBUSe is a project to demonstrate the risks of hardware bypasses of software security by Rogan Dawes at SensePost.snoopy-ng
Snoopy v2.0 - modular digital terrestrial tracking frameworkreDuh
Create a TCP circuit through validly formed HTTP requestsFrack
Frack - Keep and Maintain your breach dataautoDANE
Auto Domain Admin and Network Exploitation.impersonate
A windows token impersonation toolSPartan
Frontpage and Sharepoint fingerprinting and attack tool.wiresocks
A sock, with a wire, so you can tunnel all you desire.mallet
Mallet is an intercepting proxy for arbitrary protocolsUserEnum
Domain user enumeration tooljack
Drag and Drop ClickJacking PoC development assistance tool.wpa_sycophant
Evil client portion of EAP relay attackwikto
Nikto for Windows with some extra features.routopsy
Routopsy - Hacking Routers with Routersheartbleed-poc
Test for SSL heartbeat vulnerability (CVE-2014-0160)dwn
d(ockerp)wn - a docker pwn tool managergdi-palettes-exp
DC25 5A1F - Demystifying Windows Kernel Exploitation by Abusing GDI Objectsassless-chaps
Crack MSCHAPv2 challenge/responses quickly using a database of NT hasheswadi
Wadi Fuzzing Harnessbirp
Big Iron Recon & Pwnagego-out
☄️ go-out - A Golang egress buster.mail-in-the-middle
mydumbedr
liniaal
Liniaal - A communication extension to Rulerfrida-windows-playground
A collection of Frida hooks for experimentation on Windows platforms.ms16-098
Windows 8.1 x64 Exploit for MS16-098 RNGOBJ_Integer_Overflownotruler
The opposite of Ruler, provides blue teams with the ability to detect Ruler usage against Exchange.offensive-rpc
Offensive RPC PoCanapickle
Toolset for writing shellcode in Python's Pickle language and for manipulating pickles to inject shellcode.autoresponder
Quick python script to automatically load NTLM hashes from Responder logs and fires up Hashcat to crack themxrdp
A rudimentary remote desktop tool for the X11 protocol exploiting unauthenticated x11 sessionsapostille
peanuts
Peanuts is a free and open source wifi tracking tool. Based on the SensePosts Snoopy-NG project that is now closed.WiFi-Rifle
Creating a wireless rifle de-authentication gun, which utilized a yagi antenna and a Raspberry Pi.punch-q
👊 A small utility to play with IBM MQhash-cracker
Script to perform some hashcracking logic automagicallycommon-substr
Simple tool to extract the most common substrings from an input text. Built for password cracking.shinai-fi
Docker images for learning wifi hackingthumbscr-ews
Exchangelib wrapper for pentestingwsproxy
A websocket proxyBiLE-suite
The Bi-directional Link Extractor.go-derper
Memcache hacking tool.yeti
SensePost's network footprinting and enumeration tool. You can't pwn what you don't know about.understanding-eap
A repository with toy implementations of MSCHAPv2, MPEE and WPA/2 to understand EAP bettersockstlsproxy
ntcrack
Left To My Own Devices - NT hash toolsdual-pod-shock
policies
Collection of information security policies.Suru
Suru is one of the original Man In The Middle (MITM) proxies that sits between the user's browser and the web application.steampipe-plugin-projectdiscovery
A steampipe plugin to query projectdiscovery.io tools.squeeza
SQL Injection without the pain of syringes.x11-active-displays
Checks X11 and outputs a screenshot to of the display if allowed and the display is activewpa3-vuln
hostapd and wpa_supplicant 2.7 vulnerable to Mathy's WPA3 bugsSapCap
SApCap is a SAP packet sniffer and decompression tool for analysing SAP GUI (DIAG) traffic6thSense
A while back antirez, in a post to Bugtraq, detailed a new Tcp portscan method.maltego-mvs
Tools to combine MVS data with external sources and visualise the output in Maltego.password-tools
Service desk password tools.cipherchecks
visually see issues with supported cipher suitesntp_monlist
Basic script to pull addresses from a NTP server using the monlist command.XAPSpy
Runtime analysis of windows phone 7 applications.esp-vnc
Our fork of the esp-link firmware with a built in VNC server for passing input events to an AVR. Part of our Universal Serial aBUSe project.casper
Casper is a tiny system tray application that can be used to view the invisible windows on your desktop.SAPProx
SAPProx is a proof of concept tool for intercepting and modifying SAP GUI (DIAG protocol) traffic.JBaah
HTTP Brute Forcer (Java replacement for SP's CrowBar).SP-DNS-mine
Google DNS name / sub domain miner.SpUD
SensePost Unified Data API (SPUD) is a wrapper for apps requiring use of the deprecated Google API.neverevercookie
GUI for cleaning out evercookie persistence locations.dresscode
Manifestor
Android Manifest.xml toolClashofSpamTitan
BilePublic
BiLE stands for Bi-directional Link Extraction. It is used in the footprinting process to find non-obvious relationships between different web sites.glypeahead
Port scan through Glype proxies.finder
Finder.pl remotely checks IIS Servers for most of the methods used by WebDAV.jcertchecker
JCertChecker is used to check HTTPS certificates.desperate
MonSoen
Proxy Server network scanner and tunnelling tool.Scully
Scully is a client interface to MSSQL and MySQL database servers.hash-cracker-apple-silicon
Script to perform some hashcracking logic automagicallysconwar
a bring your own client programming gameCarbanakCheck
Check squid logs for possible Carbanak malware.go
Seriously primitive portscanner using Squid proxy.pudding
IDS evasion for web-based exploits via encoding built into a "proxy"gr-protocoldecoder
A simple way to decode a known protocol in GRC in real time.mpdchecker
Confirm the presence of HTTP methods per directory.unitools
For working with IIS servers with the Unicode bugfile-read-experiments
A few short scripts to look at the performance of various file read strategies.ctf-challenges
A collection of CTF challengessensedecode
Sensedecode includes 2 perl scripts which exploit the IIS url decoding bug.Love Open Source and this site? Check out how you can help us