HackGit

​​Offensive OSINT Tools This repository consists of tools/links that a expert can use during Pentest/RedTeam. At the moment there are a huge number of awesome lists that contain a ton of tools, but the Offensive specialist most often doesn't need them, which is what motivated the creation of this list. These tools cover almost all the needs of the Offensive specialist and will help you get the job done well. If the tool performs multiple functions, for example collecting subdomains and URLs, it will be listed in two places. https://github.com/wddadk/Offensive-OSINT-Tools #OSINT #pentesting #redteam

​​Advanced SQL Injection for AWAE Goal is to master SQL Injection Discovery, Detection and Exploitation. https://github.com/shreyaschavhan/advanced-sql-injection-for-awae #cybersecurity #pentesting #bugbounty

​​Awesome Password Spraying A curated list of password spraying tools, projects, and resources. Note that this project primarily focuses on password-spraying tools and resources for Microsoft Office 365 and Azure Entra environments. https://github.com/puzzlepeaches/awesome-password-spraying #cybersecurity #pentesting #redteam

​​BlueToolkit A versatile Bluetooth Classic vulnerability testing framework, revealing new and old vulnerabilities in Bluetooth devices. Ideal for vulnerability research and penetration testing, we've curated and categorized Bluetooth vulnerabilities with an "Awesome Bluetooth Security" approach. https://github.com/sgxgsx/BlueToolkit #cybersecurity #pentesting #redteam

​​Omnisci3nt A powerful web reconnaissance tool designed to unravel the concealed intricacies of the online realm. With a comprehensive array of capabilities, Omnisci3nt offers users the means to delve into various aspects of a target domain, including IP lookup, domain information, SSL certificate details, DNS enumeration, subdomain enumeration, port scanning, web crawling, analysis of technologies utilized, Wayback Machine exploration, DMARC record examination, social media link discovery, and more. https://github.com/spyboy-productions/omnisci3nt #cybersecurity #bugbounty #pentesting

​​🕷🤖 Crawl4AI A powerful, free web crawling service designed to extract useful information from web pages and make it accessible for large language models (LLMs) and AI applications. • Efficient web crawling to extract valuable data from websites • LLM-friendly output formats (JSON, cleaned HTML, markdown) • Supports crawling multiple URLs simultaneously • Replace media tags with ALT. • Completely free to use and open-source https://github.com/unclecode/crawl4ai #cybersecurity #pentesting #bugbounty

​​IconJector This is a Windows Explorer DLL injection technique that uses the change icon dialog on Windows. https://github.com/0xda568/IconJector #cybersecurity #pentesting #redteam

​​Okta Terrify A tool to demonstrate how passwordless solutions such as Okta Verify's FastPass or other FIDO2/WebAuthn type solutions can be abused once an authenticator endpoint has been compromised. Whilst Okta Terrify demonstrates Okta specific attacks, the same methodology would typically apply to other passwordless solutions, as generally they all leverage asymmetric cryptography. https://github.com/CCob/okta-terrify #cybersecurity #infosec #pentesting

​​Misconfig Mapper A fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/or bug bounty targets! https://github.com/intigriti/misconfig-mapper #cybersecurity #pentesting #bugbounty

​​Subdominator A powerful tool for passive subdomain enumeration during bug hunting and reconnaissance processes. It is designed to help researchers and cybersecurity professionals discover potential security vulnerabilities by efficiently enumerating subdomains some various free passive resources. https://github.com/RevoltSecurities/Subdominator #pentesting #redteam #bugbounty