mgcfish Goto Github PK

out-fincodedcommand

POC Highlighting Obfuscation Techniques used by FIN threat actors based on cmd.exe's replace functionality and cmd.exe/powershell.exe's stdin command invocation capabilities

owa-brute-forcer

Tool to brute force OWA login

owa-brute-forcer-2

OWABF2 is a password spraying OWA bruteforcer featuring 3 different modes of bruteforcing

owadump

Search Email Accounts (OWA) for Passwords, PAN numbers as well as other Keywords

owasp-bywaf

ByWaf is a web application penetration testing framework (WAPTF). It consists of a command-line interpreter and a set of plugins.

owasp-masvs

The Mobile Application Security Verification Standard (MASVS) is a standard for mobile app security.

owasp-mstg

The Mobile Security Testing Guide (MSTG) is a manual for testing the security of mobile apps. It describes technical processes for verifying the controls listed in the OWASP Mobile Application Verification Standard (MASVS). The MSTG is meant to provide a baseline set of test cases for black-box and white-box security tests, and to help ensure completeness and consistency of the tests.

owasp-nettacker

Automated Penetration Testing Framework

owasp-orizon

Owasp Orizon is a source code static analyzer tool designed to spot security issues in Java applications.

owasp-vwad

The OWASP Vulnerable Web Applications Directory Project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.

owasp-xenotix-xss-exploit-framework

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework.

ownlist

Weekly compilation of offensive security tools and write-ups

owtf

OWASP OWTF, the Offensive (Web) Testing Framework, is an OWASP+PTES-focused try to unite great tools and make pen testing more efficient, written mostly in Python @owtfp http://owtf.org

p0f-mtu-script

ＷＩＴＣＨ？(VPN detector) source code

p0wn-box

p0wnedshell

PowerShell Runspace Post Exploitation Toolkit

p4wnp1

P4wnP1 is a highly customizable USB attack platform, based on a low cost Raspberry Pi Zero or Raspberry Pi Zero W.

pack

PACK (Password Analysis and Cracking Kit)

packetstorm-exploits

Collection of publicly available exploits from Packetstorm

padbuster

Automated script for performing Padding Oracle attacks

panhunt

PANhunt searches for credit card numbers (PANs) in directories.

pantagrule

large hashcat rulesets generated from real-world compromised passwords

parse-burp

Burp Scanner XML Parser

parsers

Miscellaneous parsing scripts for penetration testing

passhunt

Search drives for documents containing passwords

passhunt-1

Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.

passlist

👍 Awesome password to hack

passpal

Password analysis software

passphrase-wordlist

Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

password-lists

Password lists for use in penetration testing situations, broken up by TLD.