tech-stack

    0

    0

    # Tools
    
    - [Metaspoit](https://www.metasploit.com/): Penetration testing software
    - [BeEF](http://beefproject.com/): The Browser Exploitation Framework
    - [PTF](https://github.com/trustedsec/ptf): Penetration Testers Framework
    - [Bettercap](https://bettercap.org): MITM framework
    - [Nessus](http://www.tenable.com/products/nessus-vulnerability-scanner): Vulnerability scanner
    - [AutoNessus](https://github.com/redteamsecurity/AutoNessus): Auto Nessus
    - [BDFProxy](https://github.com/secretsquirrel/BDFProxy): Patch Binaries via MITM (BackdoorFactory)
    - [Xplico](http://www.xplico.org/): Network Forensic Analysis Tool (eg. parse pcap file)
    - [Sqlmap](http://sqlmap.org/): Automatic SQL injection and database takeover tool
    - [jsql-injection](https://github.com/ron190/jsql-injection): Java application for automatic SQL database injection
    - [HoneyProxy](http://honeyproxy.org/): MITM
    - [Gophish](https://getgophish.com/): Open-Source Phishing Framework
    - [SET](https://github.com/trustedsec/social-engineer-toolkit): Social-Engineer Toolkit
    - [USBRubberDucky](http://usbrubberducky.com/): USB Rubber Ducky
    - [USB Wifi Ducky](https://github.com/spacehuhn/wifi_ducky): Upload, save and run keystroke injection payloads with an ESP8266 + ATMEGA32U4
    - [WHID](https://github.com/whid-injector/WHID): WiFi HID Injector for Fun & Profit - An USB Rubberducky On Steroids.
    - [SimplyEmail](https://github.com/killswitch-GUI/SimplyEmail): Email recon framework
    - [WiFI pineapple](http://www.securitytube.net/video/15243): WiFI pineapple (mitm)
    - [makeMyCSRF](https://github.com/nj8/makeMyCSRF): makeMyCSRF is a tool that can be used to automate auto-submit HTML form creation
    - [Weeman](https://github.com/Hypsurus/weeman): HTTP Server for phishing
    - [PlugBot](http://www.redteamsecure.com/the-plugbot-hardware-botnet-research-project/): The PlugBot: Hardware Botnet Research Project
    - [Pwn Phone](https://www.pwnieexpress.com/mr-robot-pwn-phone): Portable pentesting device
    - [EmPyre](https://github.com/adaptivethreat/EmPyre): A post-exploitation OS X/Linux agent written in Python 2.7
    - [Mimikatz](https://github.com/gentilkiwi/mimikatz): A little tool to play with Windows security ([videos](https://blog.didierstevens.com/2017/07/15/mimikatz-videos/amp/))
    - [Acunetix](https://www.acunetix.com/): Scanner to check for XSS, SQL Injection and other web vulnerabilities
    - [Burp Suite](https://portswigger.net/burp/): The leading toolkit for web application security testing
    - [Burp NoPE Proxy](https://github.com/summitt/Burp-Non-HTTP-Extension/blob/master/README.md): Non-HTTP Protocol Extension (NoPE) Proxy and DNS for Burp Suite.
    - [ntopng](http://www.ntop.org/): High-speed web-based traffic analysis
    - [nethogs](https://github.com/raboof/nethogs): Linux 'net top' tool
    - [jnettop](http://jnettop.kubs.info/wiki/): traffic visualiser
    - [Lynis](https://github.com/CISOfy/Lynis): Security auditing tool for Linux, macOS, and UNIX-based systems
    - [Volatility](https://github.com/volatilityfoundation/volatility): An advanced memory forensics framework
    - [Radare](http://rada.re/r/): portable reversing framework
    - [Android Fallible](https://android.fallible.co/): Secrets leak in Android apps
    - [XssPy](https://github.com/faizann24/XssPy): Web Application XSS Scanner
    - [Unicorn](https://github.com/trustedsec/unicorn): Tool for using a PowerShell downgrade attack and inject shellcode straight into memory
    - [changeme](https://github.com/ztgrace/changeme): A default credential scanner
    - [Mercure](https://github.com/synhack/mercure/): Tool for security managers who want to train their collaborators to phishing
    - [catphish](https://github.com/ring0lab/catphish): For phishing and corporate espionage
    - [Security Checklist](https://cto-security-checklist.sqreen.io/): The SaaS CTO Security Checklist
    - [cgPwn](https://github.com/0xM3R/cgPwn): A lightweight VM for hardware hacking, RE (fuzzing, symEx, exploiting etc) and wargaming tasks
    - [pwlist](https://github.com/droope/pwlist): Password lists obtained from strangers attempting to log in to my server
    - [howmanypeoplearearound](https://github.com/schollz/howmanypeoplearearound): Count the number of people around you by monitoring wifi signals
    - [xss-listener](https://github.com/cagataycali/xss-listener): XSS Listener is a penetration tool for easy to steal data with various XSS
    - [owasp-mstg](https://github.com/OWASP/owasp-mstg): The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security testing and reverse engineering
    - [KeychainCracker](https://github.com/macmade/KeychainCracker): macOS keychain cracking tool
    - [Microsploit](https://github.com/Screetsec/Microsploit): Fast and easy create backdoor office exploitation using module metasploit packet
    - [InjectProc](https://github.com/secrary/InjectProc): Process Injection Techniques
    - [expdevBadChars](https://howucan.gr/scripts-tools/2198-expdevbadchars-bad-characters-highlighter-for-exploit-development): Bad Characters highlighter for exploit development
    - [massExpConsole](http://www.kitploit.com/2017/05/massexpconsole-collection-of-tools-and.html?m=1): Collection of Tools and Exploits with a CLI UI
    - [getsploit](https://github.com/vulnersCom/getsploit): Command line utility for searching and downloading exploits
    - [Findsploit](https://github.com/1N3/Findsploit): Find exploits in local and online databases instantly
    - [vulscan](https://github.com/scipag/vulscan): Advanced vulnerability scanning with Nmap NSE
    - [psychoPATH](https://github.com/ewilded/psychoPATH): a blind webroot file upload & LFI detection tool
    - [repo-supervisor](https://github.com/auth0/repo-supervisor): Scan your code for security misconfiguration, search for passwords and secrets
    - [xssor](http://xssor.io/): Hack with Javascript (online tool)
    - [xray](https://github.com/evilsocket/xray): XRay is a tool for recon, mapping and OSINT gathering from public networks
    - [Frida](https://www.frida.re/): Inject JavaScript to explore native apps on Windows, macOS, Linux, iOS, Android, and QNX
    - [objection](https://github.com/sensepost/objection): runtime mobile exploration (based on Frida)
    - [pwnbox](https://github.com/superkojiman/pwnbox): Docker container with tools for binary reverse engineering and exploitation
    - [backdoor-apk](https://github.com/dana-at-cp/backdoor-apk): shell script that simplifies the process of adding a backdoor to any Android APK file
    - [Attify OS](https://github.com/adi0x90/attifyos): Distro for pentesting IoT devices
    - [Zeus](https://github.com/DenizParlak/Zeus): AWS Auditing & Hardening Tool
    - [EvilAbigail](https://github.com/GDSSecurity/EvilAbigail): Automated Linux evil maid attack (backdoors initrd)
    - [mitm-router](https://github.com/brannondorsey/mitm-router): Man-in-the-middle wireless access point inside a docker container
    - [Dracnmap](https://github.com/Screetsec/Dracnmap): Exploit Network and Gathering Information with Nmap
    - [RastLeak](https://github.com/n4xh4ck5/RastLeak): Tool To Automatic Leak Information Using Hacking With Engine Searches
    - [pupy](https://github.com/n1nj4sec/pupy): remote administration and post-exploitation tool (python)
    - [pwndsh](https://github.com/SafeBreach-Labs/pwndsh): Post-exploitation framework (bash) ([presentation](http://www.ikotler.org/JustGotPWND.pdf))
    - [kwetza](https://github.com/sensepost/kwetza): Python script to inject existing Android applications with a Meterpreter payload
    - [zmap](https://github.com/zmap/zmap): ZMap Internet Scanner
    - [zgrab](https://github.com/zmap/zgrab): Application layer scanner that operates with ZMap
    - [OpenVAS](http://www.openvas.org/): The world's most advanced Open Source vulnerability scanner and manager
    - [Vulny-Code-Static-Analysis](https://github.com/swisskyrepo/Vulny-Code-Static-Analysis): Basic script to detect vulnerabilities into a PHP source code
    - [knockpy](https://github.com/guelfoweb/knock): Knock Subdomain Scan
    - [BoopSuite](https://github.com/MisterBianco/BoopSuite): A Suite of Tools written in Python for wireless auditing and security testing ([demo](http://www.kitploit.com/2017/08/boopsuite-suite-of-tools-for-wireless.html))
    - [DataSploit](https://github.com/DataSploit/datasploit): An OSINT Framework to perform various recon techniques
    - [domain_analyzer](https://github.com/eldraco/domain_analyzer): Analyze the security of any domain by finding all the information possible
    - [Luckystrike](https://github.com/curi0usJack/luckystrike): A PowerShell based utility for the creation of malicious Office macro documents ([demo](http://www.kitploit.com/2017/09/luckystrike-powershell-based-utility.html?m=1))
    - [sqlcheck](https://github.com/jarulraj/sqlcheck): Automatically identify anti-patterns in SQL queries
    - [SSRF Testing](https://github.com/cujanovic/SSRF-Testing/): https://github.com/cujanovic/SSRF-Testing/
    - [XFLTReaT](https://github.com/earthquake/xfltreat/): Tunnelling Framework ([kitploit](http://www.kitploit.com/2017/09/xfltreat-tunnelling-framework.html?m=1))
    - [rudra](https://github.com/7h3rAm/rudra): Framework for exhaustive analysis of (PCAP and PE) files
    - [PenBox](https://github.com/x3omdax/PenBox): Penetration Testing Framework - The Tool With All The Tools , The Hacker's Repo ([website](http://fsociety.tn/PenBox/))
    - [post-exploitation](https://github.com/mubix/post-exploitation): Post Exploitation Collection
    - [p0wnedShell](https://github.com/Cn33liz/p0wnedShell): PowerShell Runspace Post Exploitation Toolkit
    - [sshpry](https://github.com/nopernik/sshpry): Seamlessly spy on SSH session like it is your tty
    - [cameradar](https://github.com/EtixLabs/cameradar): Cameradar hacks its way into RTSP CCTV cameras
    - [DET](https://github.com/sensepost/DET): Data Exfiltration Toolkit
    - [AhMyth-Android-RAT](https://github.com/AhMyth/AhMyth-Android-RAT): Android Remote Administration Tool
    - [cve-search](https://github.com/cve-search/cve-search): tool to perform local searches for known vulnerabilities
    
    # Use cases
    
    - [https://github.com/eset/malware-ioc](https://github.com/eset/malware-ioc): Indicators of Compromises (IOC) of our various investigations
    
    # Devices
    
    - [Emutag](http://www.emutag.com/): Mifare ultralight and ntag2x3 emulator
    - [WiFi deauther OLED V2](https://www.tindie.com/products/lspoplove/wifi-deauther-oled-v2-include-case-and-antenna/)
    - [Mobile Hack Gear](http://mobilehackgear.dropmark.com/447045)
    
    # Wifi
    
    - [bully-vanilla](https://github.com/wiire-a/bully-vanilla): Bully is a new implementation of the WPS brute force attack
    - [boxon](https://github.com/kcdtv/boxon):  Détecteur box vulnérables à la brèche PIN NULL ([topic](http://www.crack-wifi.com/forum/topic-12175-boxonsh-script-faille-box-pin-wps-null.html))
    - [NullWpsPinAuto](https://github.com/Emilien942702/NullWpsPinAuto): Simple bash script intended to exploit the Null Wps Pin breach automatically
    
    # Blog / Docs
    
    - [The definitive guide to form-based website authentication](https://stackoverflow.com/questions/549/the-definitive-guide-to-form-based-website-authentication#477579)
    - [Improved Persistent Login Cookie Best Practice](https://stackoverflow.com/questions/244882/what-is-the-best-way-to-implement-remember-me-for-a-website/244907#244907)
    - [Nmap Cheat Sheet](https://www.stationx.net/nmap-cheat-sheet/)
    - [XSS Cheat Sheet](https://raw.githubusercontent.com/jhaddix/XSS.png/master/XSS2.png)
    
    # Training
    
    - [HackTheBox](https://www.hackthebox.eu/en)
    - [Hacker House](https://hacker.house/training/)
    - [Docker Hacking Challenge](https://thenewstack.io/want-docker-hacking-challenge-try-vulnerable-vm/)
    
    # Misc
    
    - [Collection of CSP bypasses](http://sebastian-lekies.de/csp/bypasses.php)
    
    # Other lists
    
    - [https://github.com/zbetcheckin/Security_list](https://github.com/zbetcheckin/Security_list)
    - [https://github.com/Hack-with-Github/Awesome-Hacking](https://github.com/Hack-with-Github/Awesome-Hacking)
    - [https://github.com/enaqx/awesome-pentest](https://github.com/enaqx/awesome-pentest)
    - [https://github.com/shieldfy/API-Security-Checklist](https://github.com/shieldfy/API-Security-Checklist)
    - [https://github.com/forter/security-101-for-saas-startups](https://github.com/forter/security-101-for-saas-startups)
    - [https://github.com/carpedm20/awesome-hacking](https://github.com/carpedm20/awesome-hacking)
    - [https://github.com/sobolevn/awesome-cryptography](https://github.com/sobolevn/awesome-cryptography)
    - [https://github.com/secfigo/Awesome-Fuzzing](https://github.com/secfigo/Awesome-Fuzzing)
    - [https://github.com/vitalysim/Awesome-Hacking-Resources](https://github.com/vitalysim/Awesome-Hacking-Resources)
    - [https://github.com/jivoi/awesome-osint](https://github.com/jivoi/awesome-osint)
    Codiga Logo
    Codiga Hub
    • Rulesets
    • Playground
    • Snippets
    • Cookbooks
    soc-2 icon

    We are SOC-2 Compliance Certified

    G2 high performer medal

    Codiga – All rights reserved 2022.