Open Source C&C Specification

Tools to decode SS7 messages from Dialogic SS7 stack

存储桶遍历漏洞利用工具

Local voice chatbot for engaging conversations, powered by Ollama, Hugging Face Transformers, and Coqui TTS Toolkit

The openSquat is an open-source tool for detecting domain look-alikes by searching for newly registered domains that might be impersonating legit domains and brands.

@qntm's Suicide Linux, now available on Docker!

-= Has features =- =============== -DDoS -Web Scanning -Phone Hunter -CCTV Hunter -Deface -Mass Deface -Deface Maker -Bypass Maker -Auto Bypasser -Database Dump -Dorking -Admin Finder -Wifi Jammer …

DarkAngel 是一款全自动白帽漏洞扫描器，从hackerone、bugcrowd资产监听到漏洞报告生成、漏洞URL截屏、消息通知。

DDoS Script (DDoS Panel) with Multiple Bypass ( Cloudflare UAM,CAPTCHA,BFM,NOSEC / DDoS Guard / Google Shield / V Shield / Amazon / etc.. )

Kali Linux OSINT VM. Build your own OSINT virtual machine with these shell scripts.

Open-Source AI Camera. Empower any camera/CCTV with state-of-the-art AI, including facial recognition, person recognition(RE-ID) car detection, fall detection and more

An advanced web directory & file scanning tool that will be more powerful than DirBuster, Dirsearch, cansina, and Yu Jian.一个高级web目录、文件扫描工具，功能将会强于DirBuster、Dirsearch、cansina、御剑。

Git All the Payloads! A collection of web attack payloads.

😈📚 A curated library of research papers and presentations for counter-detection and web privacy enthusiasts.

Objectify-s3 is a tool that recursively checks AWS S3 buckets and objects for misconfigured permissions.

Bucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations

The easiest, most common sense configuration management tool... because you just use fucking shell scripts.

FuckedUP - Best way to fuck up windows without UAC (.NET way) *BSOD

DeadPotato is a windows privilege escalation utility from the Potato family of exploits, leveraging the SeImpersonate right to obtain SYSTEM privileges. This script has been customized from the ori…

Scan for misconfigured S3 buckets across S3-compatible APIs!

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via [email protected]

Backup any telegram channel

Fast web fuzzer written in Go

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

Directory/File, DNS and VHost busting tool written in Go

rapid content discovery tool for recursively querying webservers, handy in pentesting and web application assessments

Quick bash script to run multiple wordlists through gobuster against a site. Mainly for CTFs. Do not use on systems without owners explicit permissions

Tesseract Open Source OCR Engine (main repository)

Discovering Typo Squatting on your domains!

Here are +200 different rats some with source code