Starred repositories
Crowbar is brute forcing tool that can be used during penetration tests. It is developed to support protocols that are not currently supported by thc-hydra and other popular brute forcing tools.
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
Fast passive subdomain enumeration tool.
A DNS reconnaissance tool for locating non-contiguous IP space.
A UDF library with functions to interact with the operating system. These functions allow you to interact with the execution environment in which MySQL runs.
Medusa is a speedy, parallel, and modular, login brute-forcer.
OpenVAS Reporting: Convert OpenVAS XML report files to reports
proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4, SOCKS5 or HTTP(S) proxy. Supported auth-types: "user/pass" fo…
PowerShell Pass The Hash Utils
Extract credentials from lsass remotely
Credentials gathering tool automating remote procdump and parse of lsass process.
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
Firefox Decrypt is a tool to extract passwords from Mozilla (Firefox™, Waterfox™, Thunderbird®, SeaMonkey®) profiles
A tool to dump the login password from the current linux user
Username tools for penetration testing
Impacket is a collection of Python classes for working with network protocols.
John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs
A collaborative, multi-platform, red teaming framework
Plugins for Metasploit Framework
WhiteWinterWolf's PHP web shell