This repository contains several applications, demonstrating the Meltdown bug.

A hacked together PHP shell designed to be stealthy and portable

Scans the local network to discover hosts, and automatically generates the user_config.xml file for Apache Guacamole.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

NSE script based on Vulners.com API

Manage all logistical information for a pentest including clients, contacts, employees, findings, projects, scoping, and vulnerabilities.

Encodes a PowerShell script in the pixels of a PNG file and generates a oneliner to execute

Custom bash scripts used to automate various penetration testing tasks including recon, scanning, enumeration, and malicious payload creation using Metasploit. For use with Kali Linux.

Batch file to help automate Windows enumeration for privilege escalation

a cheat-sheet for mathematical notation in code form

Fully functional multiple cryptocurrency and fiat currency exchange.

PowerShell Script to Dump Windows Credentials from the Credential Manager

Linux rootkit for Ubuntu 16.04 and 10.04 (Linux Kernels 4.4.0 and 2.6.32), both i386 and amd64

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

Small and highly portable detection tests based on MITRE's ATT&CK.

A collection of awesome penetration testing resources, tools and other shiny things

✍️ A curated list of CVE PoCs.

Dshell is a network forensic analysis framework.

All in one tool for Information Gathering, Vulnerability Scanning and Crawling. A must have tool for all penetration testers

A framework for wireless pentesting.

This repository is DEPRECATED, please use bettercap as this tool has been ported to its BLE modules.

Bruteforcing from various scanner output - Automatically attempts default creds on found services.

Exploits written by the Rhino Security Labs team

An exploit for Apache Struts CVE-2017-5638

BFAC (Backup File Artifacts Checker): An automated tool that checks for backup artifacts that may disclose the web-application's source code.

Remote Recon and Collection

OWASP based Web Application Security Testing Checklist is an Excel based checklist which helps you to track the status of completed and pending test cases.