tech-stack

    0

    0

    # Tools

- [Metaspoit](https://www.metasploit.com/): Penetration testing software
- [BeEF](http://beefproject.com/): The Browser Exploitation Framework
- [PTF](https://github.com/trustedsec/ptf): Penetration Testers Framework
- [Bettercap](https://bettercap.org): MITM framework
- [Nessus](http://www.tenable.com/products/nessus-vulnerability-scanner): Vulnerability scanner
- [AutoNessus](https://github.com/redteamsecurity/AutoNessus): Auto Nessus
- [BDFProxy](https://github.com/secretsquirrel/BDFProxy): Patch Binaries via MITM (BackdoorFactory)
- [Xplico](http://www.xplico.org/): Network Forensic Analysis Tool (eg. parse pcap file)
- [Sqlmap](http://sqlmap.org/): Automatic SQL injection and database takeover tool
- [jsql-injection](https://github.com/ron190/jsql-injection): Java application for automatic SQL database injection
- [HoneyProxy](http://honeyproxy.org/): MITM
- [Gophish](https://getgophish.com/): Open-Source Phishing Framework
- [SET](https://github.com/trustedsec/social-engineer-toolkit): Social-Engineer Toolkit
- [USBRubberDucky](http://usbrubberducky.com/): USB Rubber Ducky
- [USB Wifi Ducky](https://github.com/spacehuhn/wifi_ducky): Upload, save and run keystroke injection payloads with an ESP8266 + ATMEGA32U4
- [WHID](https://github.com/whid-injector/WHID): WiFi HID Injector for Fun & Profit - An USB Rubberducky On Steroids.
- [SimplyEmail](https://github.com/killswitch-GUI/SimplyEmail): Email recon framework
- [WiFI pineapple](http://www.securitytube.net/video/15243): WiFI pineapple (mitm)
- [makeMyCSRF](https://github.com/nj8/makeMyCSRF): makeMyCSRF is a tool that can be used to automate auto-submit HTML form creation
- [Weeman](https://github.com/Hypsurus/weeman): HTTP Server for phishing
- [PlugBot](http://www.redteamsecure.com/the-plugbot-hardware-botnet-research-project/): The PlugBot: Hardware Botnet Research Project
- [Pwn Phone](https://www.pwnieexpress.com/mr-robot-pwn-phone): Portable pentesting device
- [EmPyre](https://github.com/adaptivethreat/EmPyre): A post-exploitation OS X/Linux agent written in Python 2.7
- [Mimikatz](https://github.com/gentilkiwi/mimikatz): A little tool to play with Windows security ([videos](https://blog.didierstevens.com/2017/07/15/mimikatz-videos/amp/))
- [Acunetix](https://www.acunetix.com/): Scanner to check for XSS, SQL Injection and other web vulnerabilities
- [Burp Suite](https://portswigger.net/burp/): The leading toolkit for web application security testing
- [Burp NoPE Proxy](https://github.com/summitt/Burp-Non-HTTP-Extension/blob/master/README.md): Non-HTTP Protocol Extension (NoPE) Proxy and DNS for Burp Suite.
- [ntopng](http://www.ntop.org/): High-speed web-based traffic analysis
- [nethogs](https://github.com/raboof/nethogs): Linux 'net top' tool
- [jnettop](http://jnettop.kubs.info/wiki/): traffic visualiser
- [Lynis](https://github.com/CISOfy/Lynis): Security auditing tool for Linux, macOS, and UNIX-based systems
- [Volatility](https://github.com/volatilityfoundation/volatility): An advanced memory forensics framework
- [Radare](http://rada.re/r/): portable reversing framework
- [Android Fallible](https://android.fallible.co/): Secrets leak in Android apps
- [XssPy](https://github.com/faizann24/XssPy): Web Application XSS Scanner
- [Unicorn](https://github.com/trustedsec/unicorn): Tool for using a PowerShell downgrade attack and inject shellcode straight into memory
- [changeme](https://github.com/ztgrace/changeme): A default credential scanner
- [Mercure](https://github.com/synhack/mercure/): Tool for security managers who want to train their collaborators to phishing
- [catphish](https://github.com/ring0lab/catphish): For phishing and corporate espionage
- [Security Checklist](https://cto-security-checklist.sqreen.io/): The SaaS CTO Security Checklist
- [cgPwn](https://github.com/0xM3R/cgPwn): A lightweight VM for hardware hacking, RE (fuzzing, symEx, exploiting etc) and wargaming tasks
- [pwlist](https://github.com/droope/pwlist): Password lists obtained from strangers attempting to log in to my server
- [howmanypeoplearearound](https://github.com/schollz/howmanypeoplearearound): Count the number of people around you by monitoring wifi signals
- [xss-listener](https://github.com/cagataycali/xss-listener): XSS Listener is a penetration tool for easy to steal data with various XSS
- [owasp-mstg](https://github.com/OWASP/owasp-mstg): The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security testing and reverse engineering
- [KeychainCracker](https://github.com/macmade/KeychainCracker): macOS keychain cracking tool
- [Microsploit](https://github.com/Screetsec/Microsploit): Fast and easy create backdoor office exploitation using module metasploit packet
- [InjectProc](https://github.com/secrary/InjectProc): Process Injection Techniques
- [expdevBadChars](https://howucan.gr/scripts-tools/2198-expdevbadchars-bad-characters-highlighter-for-exploit-development): Bad Characters highlighter for exploit development
- [massExpConsole](http://www.kitploit.com/2017/05/massexpconsole-collection-of-tools-and.html?m=1): Collection of Tools and Exploits with a CLI UI
- [getsploit](https://github.com/vulnersCom/getsploit): Command line utility for searching and downloading exploits
- [Findsploit](https://github.com/1N3/Findsploit): Find exploits in local and online databases instantly
- [vulscan](https://github.com/scipag/vulscan): Advanced vulnerability scanning with Nmap NSE
- [psychoPATH](https://github.com/ewilded/psychoPATH): a blind webroot file upload & LFI detection tool
- [repo-supervisor](https://github.com/auth0/repo-supervisor): Scan your code for security misconfiguration, search for passwords and secrets
- [xssor](http://xssor.io/): Hack with Javascript (online tool)
- [xray](https://github.com/evilsocket/xray): XRay is a tool for recon, mapping and OSINT gathering from public networks
- [Frida](https://www.frida.re/): Inject JavaScript to explore native apps on Windows, macOS, Linux, iOS, Android, and QNX
- [objection](https://github.com/sensepost/objection): runtime mobile exploration (based on Frida)
- [pwnbox](https://github.com/superkojiman/pwnbox): Docker container with tools for binary reverse engineering and exploitation
- [backdoor-apk](https://github.com/dana-at-cp/backdoor-apk): shell script that simplifies the process of adding a backdoor to any Android APK file
- [Attify OS](https://github.com/adi0x90/attifyos): Distro for pentesting IoT devices
- [Zeus](https://github.com/DenizParlak/Zeus): AWS Auditing & Hardening Tool
- [EvilAbigail](https://github.com/GDSSecurity/EvilAbigail): Automated Linux evil maid attack (backdoors initrd)
- [mitm-router](https://github.com/brannondorsey/mitm-router): Man-in-the-middle wireless access point inside a docker container
- [Dracnmap](https://github.com/Screetsec/Dracnmap): Exploit Network and Gathering Information with Nmap
- [RastLeak](https://github.com/n4xh4ck5/RastLeak): Tool To Automatic Leak Information Using Hacking With Engine Searches
- [pupy](https://github.com/n1nj4sec/pupy): remote administration and post-exploitation tool (python)
- [pwndsh](https://github.com/SafeBreach-Labs/pwndsh): Post-exploitation framework (bash) ([presentation](http://www.ikotler.org/JustGotPWND.pdf))
- [kwetza](https://github.com/sensepost/kwetza): Python script to inject existing Android applications with a Meterpreter payload
- [zmap](https://github.com/zmap/zmap): ZMap Internet Scanner
- [zgrab](https://github.com/zmap/zgrab): Application layer scanner that operates with ZMap
- [OpenVAS](http://www.openvas.org/): The world's most advanced Open Source vulnerability scanner and manager
- [Vulny-Code-Static-Analysis](https://github.com/swisskyrepo/Vulny-Code-Static-Analysis): Basic script to detect vulnerabilities into a PHP source code
- [knockpy](https://github.com/guelfoweb/knock): Knock Subdomain Scan
- [BoopSuite](https://github.com/MisterBianco/BoopSuite): A Suite of Tools written in Python for wireless auditing and security testing ([demo](http://www.kitploit.com/2017/08/boopsuite-suite-of-tools-for-wireless.html))
- [DataSploit](https://github.com/DataSploit/datasploit): An OSINT Framework to perform various recon techniques
- [domain_analyzer](https://github.com/eldraco/domain_analyzer): Analyze the security of any domain by finding all the information possible
- [Luckystrike](https://github.com/curi0usJack/luckystrike): A PowerShell based utility for the creation of malicious Office macro documents ([demo](http://www.kitploit.com/2017/09/luckystrike-powershell-based-utility.html?m=1))
- [sqlcheck](https://github.com/jarulraj/sqlcheck): Automatically identify anti-patterns in SQL queries
- [SSRF Testing](https://github.com/cujanovic/SSRF-Testing/): https://github.com/cujanovic/SSRF-Testing/
- [XFLTReaT](https://github.com/earthquake/xfltreat/): Tunnelling Framework ([kitploit](http://www.kitploit.com/2017/09/xfltreat-tunnelling-framework.html?m=1))
- [rudra](https://github.com/7h3rAm/rudra): Framework for exhaustive analysis of (PCAP and PE) files
- [PenBox](https://github.com/x3omdax/PenBox): Penetration Testing Framework - The Tool With All The Tools , The Hacker's Repo ([website](http://fsociety.tn/PenBox/))
- [post-exploitation](https://github.com/mubix/post-exploitation): Post Exploitation Collection
- [p0wnedShell](https://github.com/Cn33liz/p0wnedShell): PowerShell Runspace Post Exploitation Toolkit
- [sshpry](https://github.com/nopernik/sshpry): Seamlessly spy on SSH session like it is your tty
- [cameradar](https://github.com/EtixLabs/cameradar): Cameradar hacks its way into RTSP CCTV cameras
- [DET](https://github.com/sensepost/DET): Data Exfiltration Toolkit
- [AhMyth-Android-RAT](https://github.com/AhMyth/AhMyth-Android-RAT): Android Remote Administration Tool
- [cve-search](https://github.com/cve-search/cve-search): tool to perform local searches for known vulnerabilities

# Use cases

- [https://github.com/eset/malware-ioc](https://github.com/eset/malware-ioc): Indicators of Compromises (IOC) of our various investigations

# Devices

- [Emutag](http://www.emutag.com/): Mifare ultralight and ntag2x3 emulator
- [WiFi deauther OLED V2](https://www.tindie.com/products/lspoplove/wifi-deauther-oled-v2-include-case-and-antenna/)
- [Mobile Hack Gear](http://mobilehackgear.dropmark.com/447045)

# Wifi

- [bully-vanilla](https://github.com/wiire-a/bully-vanilla): Bully is a new implementation of the WPS brute force attack
- [boxon](https://github.com/kcdtv/boxon):  Détecteur box vulnérables à la brèche PIN NULL ([topic](http://www.crack-wifi.com/forum/topic-12175-boxonsh-script-faille-box-pin-wps-null.html))
- [NullWpsPinAuto](https://github.com/Emilien942702/NullWpsPinAuto): Simple bash script intended to exploit the Null Wps Pin breach automatically

# Blog / Docs

- [The definitive guide to form-based website authentication](https://stackoverflow.com/questions/549/the-definitive-guide-to-form-based-website-authentication#477579)
- [Improved Persistent Login Cookie Best Practice](https://stackoverflow.com/questions/244882/what-is-the-best-way-to-implement-remember-me-for-a-website/244907#244907)
- [Nmap Cheat Sheet](https://www.stationx.net/nmap-cheat-sheet/)
- [XSS Cheat Sheet](https://raw.githubusercontent.com/jhaddix/XSS.png/master/XSS2.png)

# Training

- [HackTheBox](https://www.hackthebox.eu/en)
- [Hacker House](https://hacker.house/training/)
- [Docker Hacking Challenge](https://thenewstack.io/want-docker-hacking-challenge-try-vulnerable-vm/)

# Misc

- [Collection of CSP bypasses](http://sebastian-lekies.de/csp/bypasses.php)

# Other lists

- [https://github.com/zbetcheckin/Security_list](https://github.com/zbetcheckin/Security_list)
- [https://github.com/Hack-with-Github/Awesome-Hacking](https://github.com/Hack-with-Github/Awesome-Hacking)
- [https://github.com/enaqx/awesome-pentest](https://github.com/enaqx/awesome-pentest)
- [https://github.com/shieldfy/API-Security-Checklist](https://github.com/shieldfy/API-Security-Checklist)
- [https://github.com/forter/security-101-for-saas-startups](https://github.com/forter/security-101-for-saas-startups)
- [https://github.com/carpedm20/awesome-hacking](https://github.com/carpedm20/awesome-hacking)
- [https://github.com/sobolevn/awesome-cryptography](https://github.com/sobolevn/awesome-cryptography)
- [https://github.com/secfigo/Awesome-Fuzzing](https://github.com/secfigo/Awesome-Fuzzing)
- [https://github.com/vitalysim/Awesome-Hacking-Resources](https://github.com/vitalysim/Awesome-Hacking-Resources)
- [https://github.com/jivoi/awesome-osint](https://github.com/jivoi/awesome-osint)
    Codiga Logo
    Codiga Hub
    • Rulesets
    • Playground
    • Snippets
    • Cookbooks
    Codiga
    Code Analysis
    Code Snippets
    Support
    Legal
    soc-2 icon

    We are SOC-2 Compliance Certified

    G2 high performer medal

    Codiga – All rights reserved 2022.