HackTricks-wiki / hacktricks
Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
☆8,776Updated this week
Related projects: ⓘ
- GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems☆10,628Updated 3 weeks ago
- PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)☆15,744Updated this week
- Fast web fuzzer written in Go☆12,270Updated 2 months ago
- This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.☆8,959Updated 2 weeks ago
- A list of interesting payloads, tips and tricks for bug bounty hunters.☆5,775Updated last year
- AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.☆5,080Updated 3 months ago
- Gather and update all available and newest CVEs with their PoC.☆6,445Updated this week
- The all-in-one browser extension for offensive security professionals 🛠☆5,736Updated last month
- Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)☆6,921Updated this week
- Monitor linux processes without root permissions☆4,854Updated last year
- Collection of methodology and test case for various web vulnerabilities.☆6,048Updated last month
- A fast, simple, recursive content discovery tool written in Rust.☆5,790Updated this week
- 🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List☆6,119Updated 2 months ago
- ⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting☆3,812Updated 3 weeks ago
- All about bug bounty (bypasses, payloads, and etc)☆5,745Updated last year
- A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.☆5,447Updated this week
- In-depth attack surface mapping and asset discovery☆11,798Updated this week
- Impacket is a collection of Python classes for working with network protocols.☆13,291Updated 2 weeks ago
- Scripted Local Linux Enumeration & Privilege Escalation Checks☆6,938Updated last year
- Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.☆4,850Updated last month
- reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and findin…☆5,595Updated last week
- Hosted Reverse Shell generator with a ton of functionality. -- (Great for CTFs)☆2,933Updated 2 months ago
- List of Awesome Red Teaming Resources☆6,820Updated 8 months ago
- 🎯 Command Injection Payload List☆2,887Updated 2 months ago
- A list of public penetration test reports published by several consulting firms and academic security groups.☆8,364Updated 3 months ago
- Adversary Emulation Framework☆8,239Updated this week
- A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference☆4,640Updated last year
- One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️☆5,542Updated 2 months ago
- "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.☆4,756Updated last week
- This cheasheet is aimed at the CTF Players and Beginners to help them understand the fundamentals of Privilege Escalation with examples.☆3,255Updated last year