Spraygen – Password List Generator For Password Spraying

Password list generator for password spraying – prebaked with goodies Version 1.4 Generates permutations of Months, Seasons, Years, Sports Teams (NFL, NBA, MLB, NHL), Sports Scores, “Password”, and even Iterable Keyspaces of a specified size. All permutations are generated with common attributes appended/prepended (such as “!” or “#”), or custom separators (such as “.” orRead More

Gitls – Enumerate Git Repository URL From List Of URL / User / Org

Enumerate git repository URL from list of URL / User / Org. Friendly to pipeline This tool is available when the repository, such as github, is included in the bugbounty scope. Sometimes specified as an org name or user name rather than a specific repository, you can use this tool to extract url from allRead More

Longtongue – Customized Password/Passphrase List Inputting Target Info

Customized Password/Passphrase List inputting Target Info Installation git clone https://github.com/edoardottt/longtongue.git cd longtongue python3 longtongue.py Usage usage: longtongue.py [-h] [-p | -c | -v] [-l | -L] [-y] [-n]Customized Password/Passphrase List inputting Target Infooptional arguments: -h, –help show this help message and exit -p, –person Set the target to be a person -c, –company Set theRead More

DNSx – A Fast And Multi-Purpose DNS Toolkit Allow To Run Multiple DNS Queries Of Your Choice With A List Of User-Supplied Resolvers

dnsx is a fast and multi-purpose DNS toolkit allow to run multiple probers using retryabledns library, that allows you to perform multiple DNS queries of your choice with a list of user supplied resolvers. dnsx is successor of dnsprobe that includes new features, multiple bugs fixes, and tailored for better user experience, few notable flagsRead More

Awesome Android Security – A Curated List Of Android Security Materials And Resources For Pentesters And Bug Hunters

A curated list of Android Security materials and resources For Pentesters and Bug Hunters. Blog AAPG – Android application penetration testing guide TikTok: three persistent arbitrary code executions and one theft of arbitrary files Persistent arbitrary code execution in Android’s Google Play Core Library: details, explanation and the PoC – CVE-2020-8913 Android: Access to appRead More

PwnedPasswordsChecker – Search (Offline) If Your Password (NTLM Or SHA1 Format) Has Been Leaked (HIBP Passwords List V5)

PwnedPasswordsChecker is a tool that checks if the hash of a known password (in SHA1 or NTLM format) is present in the list of I Have Been Pwned leaks and the number of occurrences. You can download the hash-coded version for SHA1 here or the hash-coded version for NTLM here Once the list is downloadedRead More

Lazymux – A Huge List Of Many Hacking Tools And PEN-TESTING Tools

Lazymux tools installer is very easy to use, only provided for lazy termux users; it’s huge list of Many Hacking tools and PEN TESTING! NOTE: Am not Responsible of bad use of this project.Requirements• Linux environment• Python 2.x• git Installation and Using Lazymux git clone https://github.com/Gameye98/Lazymux cd Lazymuxpython2 lazymux.py# ORpython lazymux.py Authors• Gameye98 Contributors• Sanix-darkerRead More

WordListGen – Super Simple Python Word List Generator For Fuzzing And Brute Forcing In Python

Super Simple Python Word List Generator for Password Cracking (Hashcat)!I know what your are thinking. Why create another word list generator? Well, I needed something very simple I could modify on the fly to get the exact character generators for the task at hand. This script is fully functional in its own right, but intendedRead More

Words Scraper – Selenium Based Web Scraper To Generate Passwords List

Selenium based web scraper to generate passwords list. Installation # Download Firefox webdriver from https://github.com/mozilla/geckodriver/releases$ tar xzf geckodriver-v{VERSION-HERE}.tar.gz$ sudo mv geckodriver /usr/local/bin # Make sure it is in your PATH$ geckodriver –version # Make sure webdriver is properly installed$ git clone https://github.com/dariusztytko/words-scraper$ sudo pip3 install -r words-scraper/requirements.txt Use cases Scraping words from the target’s pagesRead More

PayloadsAllTheThings – A List Of Useful Payloads And Bypass For Web Application Security And Pentest/CTF

A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques ! Every section contains the following files, you can use the _template_vuln folder to create a new chapter: README.md – vulnerability description and how to exploit it Intruder – a set of files to giveRead More