- https://remnux.org/
- https://github.com/mandiant/flare-vm
- https://persistence-info.github.io/
- https://github.com/gtworek/PSBits
- https://github.com/D4Vinci/elpscrk
- https://github.com/securisec/chepy
- https://hideandsec.sh/books/cheatsheets-82c/page/active-directory-python-edition
- https://hideandsec.sh/books/cheatsheets-82c/page/active-directory-certificate-services
- https://github.com/sandialabs/wiretap
- https://github.com/eugeny/tabby
- https://github.com/t3l3machus/psudohash
- https://dork.offsec.nl/
- https://kb.offsec.nl/
- https://github.com/dafthack/GraphRunner
Resources of all the hacky - Need to clean this up better and sort. Continuing to add stuff.
- https://411hall.github.io/OSCP-Preparation/
- OSCP like machines
- The Journey to Try Harder: TJnull’s Preparation Guide for PEN-200 PWK/OSCP 2.0
- OSCP like Vulnhub
- OSCP templates
- OSCP exam Report Template
- OSCP Preparation Guide
- Hack Your OSCP Certification
- osintcurio.us
- twint - twitter scrapeing
- TCM - OSINT Course Resources
- faker
- fawkes
- maigret
- hybrid-analysis
- osint4all
- the-bbc-africa-eye-forensics-dashboard
- https://sector035.nl
- ReconFTW
- nuclei - Fast and customisable vulnerability scanner based on simple YAML based DSL
- SnitchDNS - database driven DNS Server with a Web UI
- AutoRecon - multi-threaded network reconnaissance tool
- projectdiscovery
- dalfox - fast, powerful parameter analysis and XSS scanner
- cloud_enum - Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
- MicroBurst - A PowerShell Toolkit for Attacking Azure
- FOCA - tool used mainly to find metadata and hidden information in the documents it scans
- RustScan - The Modern Port Scanner
- feroxbuster - A simple, fast, recursive content discovery tool written in Rust
- FFuF on Steroids
- Bloodhound
- Bloodhound.py
- SilentHound
- PlumHound
- GoFetch
- Sn1per
- dnstwist
- xsshunter
- ContentDiscovery
- Havoc
- Sliver
- Covenant
- Metasploit Framework
- Caledra
- shad0w
- SILENTTRINITY
- bruteratel
- Cobalt Strike Community Kit
- axiom = dynamic infrastructure framework for everybody
- bbrf-client - The Bug Bounty Reconnaissance Framework
- PACU - open-source AWS exploitation framework, designed for offensive security testing against cloud environments.
- ROADtools - Rogue Office 365 and Azure (active) Directory tools
- Introducing ROADtools - The Azure AD exploration framework
- grinder - automatically enumerate and fingerprint different hosts on the Internet using various back-end systems: search engines (such as Shodan or Censys)
- rengine - automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process
- OWASP Top 10
- OWASP Top 10
- Azure AD for Red Teamers
- arsenal
- AwesomeOpensource Stuff
- Red Team Tips
- KitPloit
- How to Install Mitre CALDERA and Configure Your SSL Certificate
- Top 51 Red Team Open Source Projects
- Emulation Library
- Red Teaming Toolkit
- RedTeam-Tactics-and-Technique
- Hacktricks
- Hacktricks - github
- https://redteams.fr/
- Offensive Security Cheet Sheets
- Pentestmonkey
- CTF Resources
- OWASP Top 10
- OWASP checklist
- Awesome Hacking
- SQL MAP Cheatsheet
- SQL Injection Payload List
- Starting Up Security
- bugbountytips
- RE stuff
- CWE Mitre
- OWASP Top 10
- CVE Mitre
- NTLMTheft
- File Signatures
- Pentesting Active Directory
- Azure Attack Paths
- Reverse Shell Cheet Sheet
- Upgrading Shells Interactive TTY
- pwncat - cytopia
- pwncat - calebsteward
- Weevely3
- ReverseShells
- RevShellNim
- pspy
- LinEnum
- linuxprivchecker
- LinPEAS
- WinPEAS
- deepce
- Linux GTFOBINS
- Windows GTFOBINS - LOLBAS
- LinPEAS and WinPEAS
- getsploit
- WADComs
- Linux Exploit Suggester
- GTFOArgs
- Basic Linux Privilege Escalation
- payloadallthethings
- Checklist - Linux Privilege Escalation
- Privilege Escalation
- Linux Capabilities Privilege Escalation via OpenSSL with SELinux Enabled and Enforced
- SUID vs Capabilities
- Linux Privilege Escalation using Capabilities
- Windows Privilege Escalation Guide
- Payloadallthethings Windows privilege escalation guide
- Windows Privilege Escalation Fundamentals
-
wordlistctl - Script to fetch, install, update and search wordlist archives from websites offering wordlists
-
Mentalist - graphical tool for custom wordlist generation
-
CeWL - Custom Word List generator
-
TTPassGen - password dictionary generator
- https://www.dcode.fr/cipher-identifier
- https://www.dcode.fr
- https://www.boxentriq.com/code-breaking/cipher-identifier
- Javascript Obfuscator
- jsconsole
- Javascript Minifier
- JS Obfuscator
- Prettier Codifier
- JSNice
- jsfuck
- URLDecoder
- STEGSTUFF
- Web Vulnerability Checklist
- username-anarchy
- usernameGenerator
- Attack Mitre
- Security Trails
- Ask the C2 Matrix
- Howto C2Matrix
- pupy
- Skype search engine
- Phishing with SAML and SSO Providers
- MalwareSourceCode
- Enterprise Scale Threat Hunting with Process Tree Analysis
- CVE-2020-0688 Microsoft Exchange Remote Code Execution With POC
- Spraykatz – retrieve credentials on Windows machines
- RdpThief – Extracting Clear Text Passwords from mstsc.exe using API Hooking
- CVE-2020-1472 – Zerologon Exploit POC
- Attacking and Defending the Microsoft Cloud (Office 365 & Azure AD)
- Office 365 and Azure AD security - Sean Metcalf
- Stego Cheatsheet
- StegBrute
- xss-encoder
- explain shell
- BASHRC Generator
- powerline
- tinypng
- Obsidian Note Taking
- Talon
- Crowbar
- TREVORspray
- Farmer
- CrackMapExec
- Pillager
- traitor
- Perfusion
- SUID3NUM
- penoit
- Retire.js
- Windows-Kernel-Exploits
- cutter - RE Platform
- monitor and control API calls made by applications and services
- bartail - real-time log file monitoring tool
- Static Binaries
- Updog
- pwndrop
- Responser-Windows
- Inveigh
- LaZagne
- Learn regex
- www.greynoise.io
- Vortex - VPN Overall Reconnaissance, Testing, Enumeration and Exploitation Toolkit
- oh365UserFinder
- pywerview
- https://bgp.tools/
- weirdAAL
- ScoutSuite
- PowerZure
- bucketbunny
- cloudsploit
- Stormspotter
- CloudPentestCheatSheets
- AzureHound
- awesome-cloud-security
- PACU
- WebGoat
- NodeGoat
- JuiceShop
- HackTheBox
- HackTheBox Academy
- TryHackMe
- VulnHub
- Websploit
- OverTheWire
- XSS Training
- AWS security - FLAWS
- AWS security = FLAWS2
- malware exercise
- GCP
- XSS Hunter
- ippsec-rocks
- web application whitebox challenges
- kontra
- ASCII Tables
- https://github.com/R3dy/capsulecorp-pentest
- https://www.amanhardikar.com/mindmaps/Practice.html
- https://github-dotcom.gateway.web.tr/0xffsec/webdojo
- https://rmusser.net/git/admin-2/Infosec_Reference/src/commit/7e88d1d9bd11800ec95dfff74ea2878214c300c7/Sphinx/source/Building-A-Pentest-Lab.md
- https://github.com/oliverwiegers/pentest_lab
- https://github.com/itboxltda/pentestlab
- https://github.com/s0wr0b1ndef/pentest-lab
- https://github.com/indigos33k3r/portainer-pentest-lab
- https://github.com/juanjoSanz/aws-pentesting-lab
- https://github.com/jbarone/penlab
- https://github.com/TROUBLE-1/White-box-pentesting
- https://github.com/Sliim/pentest-lab
- https://github.com/Marshall-Hallenbeck/red_team_attack_lab
- Ethical Hacking Labs