the only cheat sheet you need

Automatic SQL injection and database takeover tool

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Simple, Pythonic remote execution and deployment.

The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.

CTF framework and exploit development library

A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.

Incredibly fast crawler designed for OSINT.

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

Infection Monkey - An open-source adversary emulation platform

A Python wrapper for Google Tesseract

Automated All-in-One OS Command Injection Exploitation Tool

The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

Stalk your Friends. Find their Instagram, FB and Twitter Profiles using Image Recognition and Reverse Image Search.

Simple and rapid application development framework, built on top of Flask. includes detailed security, auto CRUD generation for your models, google charts and much more. Demo (login with guest/welc…

Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email

Server-Side Template Injection and Code Injection Detection and Exploitation Tool

A Social Media Enumeration & Correlation Tool by Jacob Wilkin(Greenwolf)

Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique present…

Weaponized web shell

An #OSINT Framework to perform various recon techniques on Companies, People, Phone Number, Bitcoin Addresses, etc., aggregate all the raw data, and give data in multiple formats.

Detect and bypass web application firewalls and protection systems

UAC bypass, Elevate, Persistence methods

Privilege Escalation Project - Windows / Linux / Mac

x86-64 assembler embedded in Python

Windows exploits, mostly precompiled. Not being updated. Check https://github.com/SecWiki/windows-kernel-exploits instead.

Command line utility for searching and downloading exploits

Gives you one-liners that aids in penetration testing operations, privilege escalation and more

XSS spider - 66/66 wavsep XSS detected