Penetration testing tools cheat sheet, a quick reference high level overview for typical penetration testing engagements. Convenient commands for your pentesting / red-teaming engagements, OSCP and CTFs.
☆102Oct 13, 2025Updated 7 months ago
Alternatives and similar repositories for Offensive-Enumeration
Users that are interested in Offensive-Enumeration are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- A proper approach to pentest a Web application with the mixture of all useful payloads and complete testing guidance of attacks. Designed…☆109Feb 12, 2025Updated last year
- Scripts that are intended to help you in your pen-testing and bug-hunting efforts by automating various manual tasks, making your work mo…☆99May 14, 2026Updated last week
- Comprehensive guide to configuring Kali Linux, a Debian-based Linux distribution designed for penetration testers. The guide covers every…☆38Jan 6, 2025Updated last year
- List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.☆443Mar 16, 2026Updated 2 months ago
- This script was developped to assist in SpearPhishing campaign during Red Team operations. It can be used to generate random name based o…☆13Feb 6, 2023Updated 3 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- SetMyKali is a bash based tool to configure and customize kali linux☆69Apr 8, 2022Updated 4 years ago
- Collection of Penetration Testing Interview Questions across various domains, including Information Security, Network Security, Web Secur…☆66Aug 19, 2025Updated 9 months ago
- ☆13Jan 4, 2022Updated 4 years ago
- Reconnaisance Tool☆12Jun 4, 2020Updated 5 years ago
- ☆11Dec 17, 2023Updated 2 years ago
- Autorev.sh generates reverse shell codes for reverse shell . Supports linux and windows☆17Apr 8, 2022Updated 4 years ago
- A simple bug bounty utility tool to remove uninteresting entries from a list of URLs.☆13Jul 22, 2024Updated last year
- A script to test for subdomain takeovers from a list of domains☆12Feb 18, 2023Updated 3 years ago
- Red Team Projects with chat.openai.com.☆17Apr 3, 2023Updated 3 years ago
- Simple, predictable pricing with DigitalOcean hosting • AdAlways know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
- ☆21Aug 28, 2022Updated 3 years ago
- A Burp Extension to test applications for vulnerability to the Web Cache Deception attack☆29Nov 23, 2017Updated 8 years ago
- Burp Suite extension for extracting metadata from files☆20Dec 29, 2020Updated 5 years ago
- A Discord bot custom-built for the HoloPro fans server, but can be hosted for use on other Hololive servers as well!☆10Jun 18, 2023Updated 2 years ago
- ☆14Nov 18, 2021Updated 4 years ago
- Right-To-Left Override POC☆36Mar 21, 2022Updated 4 years ago
- Store my 'Useful Commands' for HTB/OSCP and additional notes from my Obisidan. Merge into Obsidian for direct formatting. Also check out …☆16Aug 16, 2023Updated 2 years ago
- Most common AWS S3 bucket names.☆31Jun 2, 2020Updated 5 years ago
- Reverse shell auto generator used for Hackthebox/OSCP/Pentest/LABExp☆39Dec 29, 2020Updated 5 years ago
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- ☆26Jan 27, 2022Updated 4 years ago
- WordPress File Upload RCE Exploit☆17Sep 1, 2025Updated 8 months ago
- Import Nmap scans to Cherrytree☆36Jul 4, 2022Updated 3 years ago
- A multithreaded, queued SSH key and/or password spraying tool.☆20Jan 5, 2023Updated 3 years ago
- Reporting template for OSCP, VHL and more.☆17Oct 30, 2021Updated 4 years ago
- Generate password spraying lists based on the pwdLastSet-attribute of users.☆55Dec 6, 2023Updated 2 years ago
- Hello World service written in three langaues, Java, Go, and C#☆14Jul 5, 2023Updated 2 years ago
- You can gather useful information accounts by username across all types networks ( which also include social media)☆29Oct 19, 2023Updated 2 years ago
- ☆42Jul 14, 2021Updated 4 years ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- An evil RMI server that can launch an arbitrary command. May be useful for CVE-2021-44228☆12Dec 12, 2021Updated 4 years ago
- an Evil Java RMI Registry.☆50Feb 8, 2023Updated 3 years ago
- ☆23Jul 5, 2020Updated 5 years ago
- Commands, snippets, exploits, tools, lists, collections and techniques I used on my journey to becoming an OSCP.☆314Mar 10, 2021Updated 5 years ago
- nodecraw allows you to perform web crawling on specified URLs. It utilizes various modules and libraries to crawl web pages, extract info…☆12Aug 25, 2024Updated last year
- Caeser Cipher your shellcode!☆21Mar 11, 2022Updated 4 years ago
- AppSec Payloads Arsenal for Pentration Tester and Bug Bounty Hunters☆929Apr 1, 2026Updated last month