HackGit

​​Omnisci3nt A powerful web reconnaissance tool designed to unravel the concealed intricacies of the online realm. With a comprehensive array of capabilities, Omnisci3nt offers users the means to delve into various aspects of a target domain, including IP lookup, domain information, SSL certificate details, DNS enumeration, subdomain enumeration, port scanning, web crawling, analysis of technologies utilized, Wayback Machine exploration, DMARC record examination, social media link discovery, and more. https://github.com/spyboy-productions/omnisci3nt #cybersecurity #bugbounty #pentesting

​​🕷🤖 Crawl4AI A powerful, free web crawling service designed to extract useful information from web pages and make it accessible for large language models (LLMs) and AI applications. • Efficient web crawling to extract valuable data from websites • LLM-friendly output formats (JSON, cleaned HTML, markdown) • Supports crawling multiple URLs simultaneously • Replace media tags with ALT. • Completely free to use and open-source https://github.com/unclecode/crawl4ai #cybersecurity #pentesting #bugbounty

​​IconJector This is a Windows Explorer DLL injection technique that uses the change icon dialog on Windows. https://github.com/0xda568/IconJector #cybersecurity #pentesting #redteam

​​Okta Terrify A tool to demonstrate how passwordless solutions such as Okta Verify's FastPass or other FIDO2/WebAuthn type solutions can be abused once an authenticator endpoint has been compromised. Whilst Okta Terrify demonstrates Okta specific attacks, the same methodology would typically apply to other passwordless solutions, as generally they all leverage asymmetric cryptography. https://github.com/CCob/okta-terrify #cybersecurity #infosec #pentesting

​​Misconfig Mapper A fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/or bug bounty targets! https://github.com/intigriti/misconfig-mapper #cybersecurity #pentesting #bugbounty

​​Subdominator A powerful tool for passive subdomain enumeration during bug hunting and reconnaissance processes. It is designed to help researchers and cybersecurity professionals discover potential security vulnerabilities by efficiently enumerating subdomains some various free passive resources. https://github.com/RevoltSecurities/Subdominator #pentesting #redteam #bugbounty

​​SharpBruteForceSSH A simple #SSH brute force tool written in C#. It is designed to perform dictionary-based brute force attacks on SSH services. The tool takes a target IP address, a list of usernames, and a list of passwords as input. It then attempts to authenticate using each combination of username and password until a successful login is found or all combinations have been exhausted. https://github.com/HernanRodriguez1/SharpBruteForceSSH #cybersecurity #pentesting #redteam

​​CCTV Close-Circuit #Telegram Vision revolutionizes location tracking with its open-source design and Telegram API integration. Offering precise tracking within 50-100 meters, users can monitor others in real-time for logistics or safety, redefining how we navigate our surroundings. https://github.com/IvanGlinkin/CCTV #OSINT #cybersecurity #infosec

​​go-secdump A tool built to remotely extract hashes from the SAM registry hive as well as LSA secrets and cached hashes from the SECURITY hive without any remote agent and without touching disk. https://github.com/jfjallid/go-secdump #cybersecurity #pentesting #redteam

​​SAP Threat Modeling Tool This tool helps you analyze and visualize connections between your SAP systems, enabling identification of potential security risks and vulnerabilities. https://github.com/redrays-io/SAP-Threat-Modeling #cybersecurity #infosec #pentesting

​​NucleiScanner Automates web app security testing, integrating Nuclei, Subfinder, Gau, Paramspider, and httpx. It collects subdomains, URLs, and identifies vulnerabilities using Nuclei Scanning templates. Simplifies security risk detection and mitigation for professionals and developers. https://github.com/0xKayala/NucleiScanner #cybersecurity #pentesting #redteam

​​dropper Project that generates Malicious Office Macro Enabled Dropper for DLL SideLoading and Embed it in Lnk file to bypass MOTW. https://github.com/SaadAhla/dropper #cybersecurity #pentesting #redteam

​​🕷 creepyCrawler #OSINT tool to crawl a site and extract useful recon info. https://github.com/chm0dx/creepyCrawler #cybersecurity #infosec #pentesting

​​🚀 Google Recaptcha Solver A Python script to solve Google reCAPTCHA using the DrissionPage library. https://github.com/sarperavci/GoogleRecaptchaBypass #cybersecurity #infosec #bugbounty

​​AutoAppDomainHijack Tools to automate finding AppDomain hijacks and generating payloads from shellcode. https://github.com/nbaertsch/AutoAppDomainHijack #cybersecurity #pentesting #redteam

​​lsassy Python tool to remotely extract credentials on a set of hosts. https://github.com/login-securite/lsassy #infosec #pentesting #redteam

​​Ominis OSINT: Secure Web-Search 🌐🕵️‍♂️ This Python script is an #OSINT tool. It performs online information gathering by querying Google for search results related to a user-inputted query. The tool extracts relevant information such as titles, URLs, and potential mentions of the query in the results. https://github.com/AnonCatalyst/Ominis-Osint #cybersecurity #infosec #pentesting

​​OFFAT The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towards completion https://github.com/OWASP/OFFAT #cybersecurity #pentesting #redteam

​​DarkGPT DarkGPT is an OSINT assistant based on GPT-4-200K designed to perform queries on leaked databases, thus providing an artificial intelligence assistant that can be useful in your traditional OSINT processes. https://github.com/luijait/DarkGPT #OSINT #cybersecurity #infosec

​​hauditor A tool designed to analyze the security headers returned by a web page and report dangerous configurations. https://github.com/trap-bytes/hauditor #cybersecurity #pentesting #bugbounty

​​Chiasmodon #OSINT tool designed to assist in the process of gathering information about target domain. Its primary functionality revolves around searching for domain-related data, including domain emails, domain credentials (usernames and passwords), CIDRs (Classless Inter-Domain Routing), ASNs (Autonomous System Numbers), and subdomains. the tool allows users to search by domain, CIDR, ASN, email, username, password, or Google Play application ID. https://github.com/chiasmod0n/chiasmodon #cybersecurity #infosec #pentesting

​​s4killer This is the source code associated with my blog post on exploiting the probmon.sys Minifilter driver in order to create a process killer. https://github.com/enkomio/s4killer #cybersecurity #pentesting #redteam

​​MemshellKit A highly customized memory shell one-click injection tool for multiple frameworks https://github.com/W01fh4cker/MemshellKit #infosec #pentesting #redteam

​​NativeThreadpool A proof of concept demonstrating how to create a thread pool using solely native Windows APIs to execute a work callback as well as a timer callback using the C programming language. https://github.com/fin3ss3g0d/NativeThreadpool #cybersecurity #infosec #pentesting

​​NTLM Relay Gat A powerful tool designed to automate the exploitation of NTLM relays using ntlmrelayx.py from the Impacket tool suite. By leveraging the capabilities of ntlmrelayx.py, NTLM Relay Gat streamlines the process of exploiting NTLM relay vulnerabilities, offering a range of functionalities from listing SMB shares to executing commands on MSSQL databases. https://github.com/ad0nis/ntlm_relay_gat #cybersecurity #pentesting #redteam

​​DockerExploit Docker Remote API Scanner and Exploit https://github.com/justakazh/DockerExploit #cybersecurity #pentesting #redteam

​​COATHANGER IOCs and detection script for COATHANGER #malware https://github.com/JSCU-NL/COATHANGER #cybersecurity #infosec #pentesting

​​SussyFinder Pocket size PHP malware/webshell/backdoor scanner excelent for real fight https://github.com/Cvar1984/sussyfinder #cybersecurity #pentesting #redteam

​​Valid8Proxy A versatile and user-friendly tool designed for fetching, validating, and storing working #proxies. Whether you need proxies for web scraping, data anonymization, or testing network security, Valid8Proxy simplifies the process by providing a seamless way to obtain reliable and verified proxies. https://github.com/spyboy-productions/Valid8Proxy #cybersecurity #infosec #privacy

​​🐈 CATSploit CATSploit is an automated penetration testing tool using Cyber Attack Techniques Scoring (CATS) method that can be used without pentester. Currently, pentesters implicitly made the selection of suitable attack techniques for target systems to be attacked. CATSploit uses system configuration information such as OS, open ports, software version collected by scanner and calculates a score value for capture eVc and detectability eVd of each attack techniques for target system. https://github.com/catsploit/catsploit #cybersecurity #pentesting #redteam

​​SecretPixel A cutting-edge steganography tool designed to securely conceal sensitive information within images. It stands out in the realm of digital steganography by combining advanced encryption, compression, and a seeded Least Significant Bit (LSB) technique to provide a robust solution for embedding data undetectably. https://github.com/x011/SecretPixel #cybersecurity #infosec #privacy

​​🛡Disable Windows Defender + UAC Bypass, + Upgrade to SYSTEM https://github.com/EvilGreys/Disable-Windows-Defender- #cybersecurity #pentesting #redteam

​​CVE-2024-23897 Nuclei template for CVE-2024-23897 (Jenkins LFI Vulnerability) https://github.com/kaanatmacaa/CVE-2024-23897 #cve #pentesting #bugbounty

​​TPM SNIFFING A repo for TPM Sniffing greatness https://github.com/NoobieDog/TPM-Sniffing #cybersecurity #infosec #pentesting

​​proctools Small toolkit for extracting information and dumping sensitive strings from Windows processes. Made to accompany another project that's in the works. https://github.com/mlcsec/proctools #cybersecurity #pentesting #redteam

​​MultiDump A post-exploitation tool written in C for dumping and extracting #LSASS memory discreetly, without triggering Defender alerts, with a handler written in #Python. https://github.com/Xre0uS/MultiDump #cybersecurity #pentesting #redteam

​​📹 Pantheon A GUI application that allows users to display information regarding network cameras in various countries as well as an integrated live-feed for non-protected cameras. https://github.com/josh0xA/Pantheon #OSINT #cybersecurity #recon

​​YWH Logo Vulnerable Code Snippets Code snippets containing several different vulnerabilities to practice your code analysis in a safe dockerized envoriment. The vulnerable code snippets are suitable for all skill levels. https://github.com/yeswehack/vulnerable-code-snippets #cybersecurity #infosec #pentesting

​​pphack The Most Advanced Client-Side Prototype Pollution Scanner https://github.com/edoardottt/pphack #cybersecurity #infosec #pentesting

​​💠 PipeViewer A GUI tool that allows users to view details about Windows Named pipes and their permissions. It is designed to be useful for security researchers who are interested in searching for named pipes with weak permissions or testing the security of named pipes. https://github.com/cyberark/PipeViewer #cybersecurity #pentesting #redteam