AI Summary: Android-Exploits is a repository that consolidates various Android exploits and provides a comprehensive guide for conducting Android exploitation. Its primary use case is to facilitate the testing and assessment of Android application security vulnerabilities through categorized exploits such as Denial of Service, local, remote, and web application exploits. Notable features include detailed instructions for utilizing the exploits alongside third-party tools like ExploitPack, along with references to common mobile hacking tools and resources related to Android security risks.

AI Summary: BabySploit is a user-friendly penetration testing toolkit designed to assist users in learning more complex frameworks like Metasploit. It features an intuitive interface and a suite of tools for exploiting vulnerabilities, making it accessible for users of all experience levels, while being optimized for Kali Linux and also tested for macOS compatibility. Notable functionality includes an integrated configuration management system and support for various essential exploitation tools.

README

Made For Kali Linux. No Support For Other Distros If There Are Problems. Tested and Working on MacOS for most Tools.
Developed by @maxbridgland
Donate

AI Summary: Bug-Bounty-Methodology is a collection of checklists designed for systematic bug bounty hunting. It covers various security testing scenarios, including 2FA testing, CAPTCHA bypass, CSRF protection, and OAuth misconfiguration, providing comprehensive guidelines for identifying vulnerabilities in web applications. Notable features include a structured compilation of methodologies tailored for different attack vectors and documentation that serves as a practical resource for penetration testers.

README

Bug-Bounty-Methodology

These are my checklists which I use during my bug bounty hunting.

AI Summary: BurpSuite-collections is a repository containing various non-BApp Store plugins for Burp Suite, aimed at enhancing penetration testing capabilities. Notable features include SQL injection detection, automated SSRF vulnerability scanning, and the ability to manage variables within Burp, allowing security professionals to effectively discover and exploit vulnerabilities. The project serves primarily as a resource for learning and research related to Burp Suite plugins.

README

Burp-Suite-collections

BurpSuite 相关收集项目，插件主要是非BApp Store（商店）

所有的汉化或者使用burpsuite都是在你配置好了Java环境的前提下！！！相关教程

最新版（202212之后）激活参考这个项目 自己解决，本项目不提供

AI Summary: CS7038-Malware-Analysis is a repository designed for educational purposes in the field of malware analysis, specifically for the University of Cincinnati’s course. It serves as a comprehensive resource for students, providing access to course materials and related multimedia content, including instructional videos on malware analysis techniques and methodologies.

README

CS7038-Malware-Analysis

Course Repository for University of Cincinnati Malware Analysis Class (CS[567]038)

Public URL: https://class.malware.re/

YouTube Videos: https://www.youtube.com/channel/UC0qfXmyAbSsmnisGQn1fAJA

AI Summary: The CTF-notes repository provides a comprehensive collection of resources and structured notes aimed at aiding individuals in preparing for Capture The Flag (CTF) competitions and penetration testing exams, such as the OSCP. It includes detailed checklists, exploitation techniques for various platforms, vulnerability payloads, and methodologies for offensive security. Noteworthy features include organized sections for post-exploitation tactics, memory forensics, and specific vulnerabilities, alongside a dedicated cheat sheet repository for quick reference during assessments.

AI Summary: The CVE PoC tool aggregates nearly every publicly available Proof-of-Concept (PoC) for Common Vulnerabilities and Exposures (CVEs), providing a comprehensive database of exploits for security professionals. It employs automated workflows to scrape and validate CVE details from various sources, including GitHub and HackerOne reports, while also allowing users to browse, search, and monitor PoCs for specific vulnerabilities. Noteworthy features include real-time updates, easy-to-read markdown documentation, and the ability to generate GitHub badges for affected software versions.

AI Summary: Destroylist is a comprehensive phishing and scam domain blacklist that provides real-time threat intelligence to protect users globally. This tool maintains an extensive database of over 100,000 phishing domains and features active statistics on domain additions and removals, ensuring up-to-date protection against online threats. The repository supports community contributions, fostering collaborative efforts in enhancing online security.

README

Destroylist: Phishing & Scam Domain Blacklist

AI Summary: Exploit Notes is a comprehensive resource platform designed for security research, focusing on hacking techniques and tools applicable to penetration testing, bug bounty programs, and Capture The Flag (CTF) challenges. It encompasses a wide array of topics including reconnaissance, various operating systems, web applications, databases, networks, and emerging technologies such as AI and blockchain. Users can leverage this repository for educational purposes, with the option to run it locally via a straightforward setup process.

AI Summary: GeoIntel is a Python tool leveraging Google’s Gemini API for AI-powered geolocation analysis of images, allowing users to identify the likely location where photos were taken. It features both a command-line interface and an interactive web interface with drag-and-drop functionality, real-time analysis, and support for additional context and location guesses. Notable capabilities include generating Google Maps links, providing confidence levels for predictions, and exporting results in JSON format.

AI Summary: Jok3r is a Python CLI application designed to assist penetration testers in executing automated network infrastructure and web security assessments. With over 50 integrated open-source tools, it streamlines vulnerability identification through context-aware checks, CVE lookups, and brute force attacks, all packaged within a Docker image for ease of use and customization. Notable features include automatic service fingerprinting, a comprehensive library of security checks for various network services, and automated post-authentication testing.

AI Summary: Kubernetes Goat is an intentionally vulnerable Kubernetes cluster environment designed for the purpose of learning and practicing Kubernetes security. It provides various scenarios for security testing, including exploitation of sensitive keys, SSRF vulnerabilities, and container escapes, thereby enabling users to gain hands-on experience with real-world security challenges in Kubernetes. The tool requires administrative access to a Kubernetes cluster and facilitates setup using kubectl and helm, offering a structured learning path for security professionals.

AI Summary: MetaOSINT is an open-source intelligence aggregation tool designed to assist OSINT practitioners in efficiently identifying and accessing relevant publicly available tools and resources. Its primary purpose is to streamline investigations by providing a curated list of top tools, significantly enhancing the speed and effectiveness of research and analysis. Notable features include an intuitive interface for surfacing resources and the ongoing community contribution model that allows users to submit additional tools.

AI Summary: OH SHINT is an informational blog focused on open-source intelligence (OSINT) and related topics, including operational security, surveillance, and counter-surveillance techniques. The blog aims to document various resources, tools, and methods for conducting OSINT investigations while sharing insights from the author’s expertise as a licensed private investigator. Notable features include comprehensive write-ups, guides, and resources that cover a wide array of intelligence-related subjects, catering to both amateurs and professionals in the field.

AI Summary: The OSINT Cheat Sheet is a comprehensive resource that aggregates various open-source intelligence (OSINT) tools, datasets, and tips for effective information gathering. It serves as an educational guide, emphasizing safe usage practices and the importance of risk management when utilizing both free and paid tools. Notably, it includes advice on using virtual environments, enhancing privacy measures, and strategies for engaging with OSINT resources responsibly.

README

OSINT CHEAT SHEET - List OSINT Tools

AI Summary: Penetration_Testing_POC is a comprehensive collection of proof of concepts (POCs), scripts, tools, and articles related to penetration testing, intended to serve as a reference resource. It systematically categorizes vulnerabilities across various domains such as IoT, mobile devices, web applications, and privilege escalation methods, providing users with essential insights and practical exploitation techniques. Notable features include organized documentation and links to external resources, ensuring that users can easily navigate and leverage the provided information for security assessments.

AI Summary: reNgine is a comprehensive web reconnaissance and vulnerability scanning tool aimed at security professionals, penetration testers, and bug bounty hunters. It features a highly configurable engine, data correlation capabilities, continuous monitoring, and a database-backed reconnaissance system, with the latest update including enhancements like a bounty hub integration, subdomain enumeration tools, and customizable reporting templates. This tool streamlines the reconnaissance process, enhancing efficiency and effectiveness in identifying vulnerabilities across web applications.

AI Summary: RootMyTV is an exploit tool designed for rooting or jailbreaking LG webOS smart TVs, primarily facilitating the installation of the webOS Homebrew Channel with elevated privileges. Notable features include its user-friendly interface and detailed instructions for exploiting unpatched webOS versions, enabling users to run third-party applications on their TVs. However, due to LG’s security updates, the tool is unlikely to work on models with firmware released after mid-2022.

AI Summary: Free database schema discovery and comprehension tool

Free database schema discovery and comprehension tool

AI Summary: SchemaSpy is a database metadata analysis tool designed for visualizing and understanding data models through HTML-based reports and entity-relationship diagrams. It supports over a dozen database types via JDBC drivers and can be executed as a standalone application or through Maven, making it versatile for database administrators and developers. Notable features include easy navigation of data schemas and the ability to generate comprehensive documentation of database structures.

README

AI Summary: Storm-Breaker is a versatile cybersecurity tool that enables unauthorized access to device information, including location, webcam, and microphone on smartphones, without requiring user permissions. Notable features include a revamped web user interface, the ability to operate on personal hosting environments, auto-download functionality for Ngrok, and comprehensive logging capabilities. This tool is primarily designed for penetration testing and social engineering exercises within controlled environments.

README

A Tool With Attractive Capabilities.

AI Summary: THC-Archive is a repository that consolidates all releases from The Hacker’s Choice, a prominent security research group. This collection serves as a backup for their work, ensuring that projects are preserved despite the lack of a full web server. Notable active projects include THC-Hydra, THC-IPv6, and utilities aimed at various hacking and security tasks.

README

THC-Archive

All releases of the security research group (a.k.a. hackers) The Hacker’s Choice

AI Summary: The tlosint-live repository provides a custom build configuration for a Kali Linux-based OSINT distribution tailored for Trace Labs. Its primary use case is to streamline the creation of a live OSINT environment, featuring a set of pre-configured tools and applications for data analysis, domain reconnaissance, and social media investigations. Notable features include an easily modifiable package list, integration of various OSINT tools, and the capability to generate a bootable ISO or OVA file for virtual environments.

AI Summary: WADComs is an interactive cheat sheet designed for offensive security professionals, offering a curated list of tools and their commands specifically for targeting Windows and Active Directory environments. Its primary use case is to aid security experts in executing effective penetration testing by providing quick access to essential commands. Notable features include its comprehensive tool listings and command syntaxes, all consolidated in a web-based format for ease of use.

AI Summary: Web-Fuzzing-Box is a tool designed for web application security testing, offering a diverse collection of dictionaries and payloads for conducting fuzzing attacks, including brute force, directory and file enumeration, and exploitation of web vulnerabilities. Notable features include a comprehensive suite of dictionaries tailored for specific vulnerabilities such as SQL injection, XSS, and authentication bypass, as well as case studies demonstrating the practical application of these resources in real-world scenarios. This tool is particularly valuable for penetration testers and security researchers seeking to enhance their web application assessments.