- Burp Suite - https://portswigger.net/burp/communitydownload
- OWASP ZAP - https://www.zaproxy.org/download/
- sqlmap http://sqlmap.org/
- Metasploit Framework - https://www.metasploit.com/download
- Nmap https://nmap.org/download.html
- Nikto https://github.com/sullo/nikto
- Dirb - https://sourceforge.net/projects/dirb/
- Wfuzz - https://github.com/xmendez/wfuzz
- Gobuster- https://github.com/OJ/gobuster
- Sublist3r https://github.com/aboul3la/Sublist3r
Bogdan Ungureanu ubogdan
ubogdan
/ hacknslash.md
Created
November 18, 2023 16:48
— forked from levent1ozgur/hacknslash.md
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0trace 1.5 A hop enumeration tool http://jon.oberheide.org/0trace/ | |
| 3proxy 0.7.1.1 Tiny free proxy server. http://3proxy.ru/ | |
| 3proxy-win32 0.7.1.1 Tiny free proxy server. http://3proxy.ru/ | |
| 42zip 42 Recursive Zip archive bomb. http://blog.fefe.de/?ts=b6cea88d | |
| acccheck 0.2.1 A password dictionary attack tool that targets windows authentication via the SMB protocol. http://labs.portcullis.co.uk/tools/acccheck/ | |
| ace 1.10 Automated Corporate Enumerator. A simple yet powerful VoIP Corporate Directory enumeration tool that mimics the behavior of an IP Phone in order to download the name and extension entries that a given phone can display on its screen interface http://ucsniff.sourceforge.net/ace.html | |
| admid-pack 0.1 ADM DNS spoofing tools - Uses a variety of active and passive methods to spoof DNS packets. Very powerful. http://packetstormsecurity.com/files/10080/ADMid-pkg.tgz.html | |
| adminpagefinder 0.1 This python script looks for a large amount of possible administrative interfaces on a given site. http://packetstormse |
I'll be organizing the plugins over time. Please submit PRs if you have any other outstanding plugins. I would like to tag each plugin with its corresponding IDA version, but it will take me a long time to test. If you can help there, please do.
If a plugin is only a source repo with no description or documentation, I am not adding it.
- Add more plugins
- Categorize plugins
ubogdan
/ pwned-passwords-sqlite-build.py
Created
October 4, 2024 14:00
— forked from timmc/pwned-passwords-sqlite-build.py
Building a sqlite DB for the Pwned Passwords data
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # Build a SQLite3 DB for looking up SHA-1 hashes of leaked passwords. | |
| # | |
| # This can be fed the txt file from one of Have I Been Pwned's hash | |
| # lists available from https://haveibeenpwned.com/Passwords -- but any | |
| # text file with line format ``hash-hex:count`` will work. | |
| # | |
| # When run on the v5 hash-ordered SHA-1 file, expect the build to take | |
| # about 35 minutes and produce a 15.7 GiB file (~30.5 bytes per record). | |
| # |
ubogdan
/ mitm.go
Created
September 12, 2024 09:48
— forked from awreece/mitm.go
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import "crypto/aes" | |
| import "fmt" | |
| import "encoding/hex" | |
| var start = []byte("AES-256 ECB mode twice, two keys") | |
| var end = []byte("\x4c\x76\xe9\x07\x86\xc4\xf3\x64\x6a\xdf\x99\x21\x7a\x64\xd0\xd7\x49\xed\xc5\x9f\x2c\x7f\xbb\x36\x58\xaf\x04\xaf\x07\x1d\x0c\x47") | |
| var reverse = make(map[string][32]byte) |
ubogdan
/ offsec.md
Created
November 18, 2023 16:50
— forked from jivoi/offsec.md
Penetrating Testing/Assessment Workflow
Penetrating Testing/Assessment Workflow & other fun infosec stuff
https://github.com/jivoi/pentest
My feeble attempt to organize (in a somewhat logical fashion) the vast amount of information, tools, resources, tip and tricks surrounding penetration testing, vulnerability assessment, and information security as a whole*
- Reconnaissance
- Passive/Semi-Passive
- Tools
- Passive/Semi-Passive
- Discover - https://github.com/leebaird/discover
ubogdan
/ Makefile
Created
February 12, 2024 10:36
— forked from itaysk/Makefile
Embed file in Go using ELF section
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| build: | |
| go build -o _main | |
| objcopy --add-section myfile=myfile _main main |
ubogdan
/ bug-bounty-checklist.json
Created
November 18, 2023 16:53
— forked from 0xklaue/bug-bounty-checklist.json
Bug bounty checklist for Swiftness (https://github.com/ehrishirajsharma/SwiftnessX)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "targets": [], | |
| "libraries": [ | |
| { | |
| "folders": [ | |
| { | |
| "id": "c43bd29e-8ebb-4a72-8cd4-be26d4b96087", | |
| "title": "Reconnaissance", | |
| "checklist": [ | |
| { |
ubogdan
/ get_ippsec_details.py
Created
November 18, 2023 16:52
— forked from sminez/get_ippsec_details.py
Find examples of pen testing methods and tools in videos by Ippsec (as of 22nd January 2020)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| """ | |
| Script used to pull down the current video descriptions from ippsec's youtube channel. | |
| The raw output still has a few HTML tags that need to be manually removed and there | |
| also seem to be multiple duplicates of videos that have been removed in the output | |
| saved as ippsec-details.txt | |
| """ | |
| import re | |
| import sys |
ubogdan
/ gist:f2c3dcf25944aa991cec76eaab635b02
Created
November 18, 2023 16:51
— forked from sirrushoo/gist:71872b5d1dc8df159215de5aaf014384
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0d1n|210.78028eb|Web security tool to make fuzzing at HTTP inputs, made in C with libCurl.| blackarch-webapp |https://github.com/CoolerVoid/0d1n | |
| 0trace|1.5|A hop enumeration tool.| blackarch-scanner |http://jon.oberheide.org/0trace/ | |
| 3proxy|0.8.13|Tiny free proxy server.| blackarch-proxy |http://3proxy.ru/ | |
| 3proxy-win32|0.8.13|Tiny free proxy server.| blackarch-windows |http://3proxy.ru/ | |
| 42zip|42|Recursive Zip archive bomb.| blackarch-dos |http://blog.fefe.de/?ts=b6cea88d | |
| a2sv|135.973ba13|Auto Scanning to SSL Vulnerability.| blackarch-scanner |https://github.com/hahwul/a2sv | |
| abcd|4.2738809|ActionScript ByteCode Disassembler.| blackarch-disassembler |https://github.com/MITRECND/abcd | |
| abuse-ssl-bypass-waf|5.3ffd16a|Bypassing WAF by abusing SSL/TLS Ciphers.| blackarch-webapp |https://github.com/LandGrey/abuse-ssl-bypass-waf | |
| acccheck|0.2.1|A password dictionary attack tool that targets windows authentication via the SMB protocol.| blackarch-cracker |http://labs.portcullis.co.uk/tools/acccheck/ | |
| ace|1.10|Automated Corp |
NewerOlder