Hunt down social media accounts by username across social networks

Automatic SQL injection and database takeover tool

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Web path scanner

The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).

A swiss army knife for pentesting networks

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

The recursive internet scanner for hackers. 🧡

You Know, For WEB Fuzzing ! 日站用的字典。

One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password 🛡️

Reverse engineering and pentesting for Android applications

Open Source Vulnerability Management Platform

Automated All-in-One OS Command Injection Exploitation Tool.

An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.

Study Notes For Web Hacking / Web安全学习笔记

The Leading Security Assessment Framework for Android.

Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them among connected sibling servers (Villain instances running on different machines).

Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management

pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.