Authorized security testing workspace. v2 TypeScript terminal product on release; v1 Python on pypi-release; Go branch is demo only.
Secrets Find0r is a multithreaded SMB share crawler that hunts for exposed credentials and secrets across Windows networks. It enumerates shares, recursively scans files with regex/keyword rules, highlights matched tokens on screen, and exports clean ASCII tables. Supports DOCX/PDF/legacy Office and depth limits.
Advanced mobile security research platform for authorized testing and educational purposes
WebSource Harvester is an educational web-source harvester that crawls a site (BFS, depth-controlled), downloads browser-visible assets (HTML, CSS, JS, images, fonts, PDFs), and rewrites paths so pages work offline, including nested routes. It enforces same-origin limits and is designed for learning, offline analysis, and safe portfolio demos.
Powerful Python SSH brute force tool with multi-threaded architecture, advanced honeypot detection, real-time statistics, and system reconnaissance. Perfect for authorized security testing and penetration testing.
Credential Reuse0r is a fast, multithreaded offensive security tool for testing credential reuse across multiple network services, especially in Windows Active Directory environments.
SMB Inspect0r is a fast multithreaded Python tool to scan networks for accessible SMB shares, supporting both anonymous and authenticated logins. Features include progress tracking, and detailed output of discovered shares.
A lightweight Rust CLI for authorized JWT security testing and lab use.
AD-Descript0r is a Python tool for Active Directory reconnaissance. It authenticates against a Domain Controller, retrieves all usernames and their descriptions, and displays the results in a clean table with colored output
Encoding-transformation utility for authorized testing, defensive validation and controlled lab learning.
Advanced network stress testing tool for controlled environments. Multi-protocol packet generation (UDP/TCP/ICMP/IPv6/ARP) with built-in safety validation, audit logging, and real-time statistics. Designed for authorized network testing and educational purposes only.
RTSP Brute Force Tool: A powerful utility for security testing of RTSP services through systematic credential brute forcing, designed for ethical hacking and educational purposes.
Blackbox pentesting agent
Discover 200+ CTF and bug bounty payloads with 8 categories for fast testing, research, and exploit development
Post-exploitation keylogger with C2 listener for authorized red team engagements
Shellcode Weaver is a professional security research and educational tool designed for authorized testing and learning about shellcode generation, analysis, and mutation. Written in Python, it serves as a comprehensive toolkit for security professionals, researchers, and students who need to understand low-level code execution and security testing
Offensive payload generator: reverse shells, web shells, XSS/SQLi/CMDi/LFI payloads with encoding variants
Stress-testing & web security recon toolkit load testing, proxy rotation, login automation, and vulnerability scanning.
分类:安全研究|HexStrike AI MCP 安全工具研究与观察
Authorized DuckyScript payload to install Windows-MCP and report status to Discord.
Add a description, image, and links to the authorized-testing topic page so that developers can more easily learn about it.
To associate your repository with the authorized-testing topic, visit your repo's landing page and select "manage topics."