Eng-RSMY · March 22, 2021 18:09 · Oct 14, 2020 · Jun 25, 2020 · Jun 5, 2020 · Jan 3, 2020
diff --git a/pwnd.md b/pwnd.md
@@ -169,4 +169,5 @@
 - [https://github.com/sobolevn/awesome-cryptography](https://github.com/sobolevn/awesome-cryptography)
 - [https://github.com/secfigo/Awesome-Fuzzing](https://github.com/secfigo/Awesome-Fuzzing)
 - [https://github.com/vitalysim/Awesome-Hacking-Resources](https://github.com/vitalysim/Awesome-Hacking-Resources)
-- [https://github.com/jivoi/awesome-osint](https://github.com/jivoi/awesome-osint)
+- [https://github.com/jivoi/awesome-osint](https://github.com/jivoi/awesome-osint)
+- [https://github.com/terjanq/Tiny-XSS-Payloads](https://github.com/terjanq/Tiny-XSS-Payloads): A collection of tiny XSS Payloads that can be used in different contexts.
diff --git a/pwnd.md b/pwnd.md
@@ -121,6 +121,8 @@
 - [Modlishka](https://github.com/drk1wi/Modlishka): Reverse Proxy. Phishing NG
 - [trape](https://github.com/jofpin/trape): People tracker on the Internet: OSINT analysis and research tool
 - [HiddenEye](https://github.com/DarkSecDevelopers/HiddenEye): Modern Phishing Tool With Advanced Functionality And Multiple Tunnelling Services
+- [assetfinder](https://github.com/tomnomnom/assetfinder): Find domains and subdomains related to a given domain
+- [waybackurls](https://github.com/tomnomnom/waybackurls): Fetch all the URLs that the Wayback Machine knows about for a domain
 
 # Use cases
 

diff --git a/pwnd.md b/pwnd.md
@@ -1,6 +1,7 @@
 # Tools
 
 - [Metaspoit](https://www.metasploit.com/): Penetration testing software
+- [GhostShell](https://github.com/ReddyyZ/GhostShell): Malware indetectable, with AV bypass techniques, anti-disassembly, etc.
 - [BeEF](http://beefproject.com/): The Browser Exploitation Framework
 - [PTF](https://github.com/trustedsec/ptf): Penetration Testers Framework
 - [Bettercap](https://bettercap.org): MITM framework

diff --git a/pwnd.md b/pwnd.md
@@ -119,6 +119,7 @@
 - [evilginx2](https://github.com/kgretzky/evilginx2): mitm attack framework used for phishing login credentials
 - [Modlishka](https://github.com/drk1wi/Modlishka): Reverse Proxy. Phishing NG
 - [trape](https://github.com/jofpin/trape): People tracker on the Internet: OSINT analysis and research tool
+- [HiddenEye](https://github.com/DarkSecDevelopers/HiddenEye): Modern Phishing Tool With Advanced Functionality And Multiple Tunnelling Services
 
 # Use cases
 

diff --git a/pwnd.md b/pwnd.md
@@ -117,6 +117,7 @@
 - [sandmap](https://github.com/trimstray/sandmap): tool supporting network and system reconnaissance using the massive Nmap engine
 - [gitrob](https://github.com/michenriksen/gitrob): Reconnaissance tool for GitHub organizations
 - [evilginx2](https://github.com/kgretzky/evilginx2): mitm attack framework used for phishing login credentials
+- [Modlishka](https://github.com/drk1wi/Modlishka): Reverse Proxy. Phishing NG
 - [trape](https://github.com/jofpin/trape): People tracker on the Internet: OSINT analysis and research tool
 
 # Use cases

diff --git a/pwnd.md b/pwnd.md
@@ -117,6 +117,7 @@
 - [sandmap](https://github.com/trimstray/sandmap): tool supporting network and system reconnaissance using the massive Nmap engine
 - [gitrob](https://github.com/michenriksen/gitrob): Reconnaissance tool for GitHub organizations
 - [evilginx2](https://github.com/kgretzky/evilginx2): mitm attack framework used for phishing login credentials
+- [trape](https://github.com/jofpin/trape): People tracker on the Internet: OSINT analysis and research tool
 
 # Use cases
 

diff --git a/pwnd.md b/pwnd.md
@@ -116,6 +116,7 @@
 - [pyfiscan](https://github.com/fgeek/pyfiscan): Free web-application vulnerability and version scanner
 - [sandmap](https://github.com/trimstray/sandmap): tool supporting network and system reconnaissance using the massive Nmap engine
 - [gitrob](https://github.com/michenriksen/gitrob): Reconnaissance tool for GitHub organizations
+- [evilginx2](https://github.com/kgretzky/evilginx2): mitm attack framework used for phishing login credentials
 
 # Use cases
 

diff --git a/pwnd.md b/pwnd.md
@@ -149,6 +149,7 @@
 # Misc
 
 - [Collection of CSP bypasses](http://sebastian-lekies.de/csp/bypasses.php)
+- [GTFOBins](https://gtfobins.github.io/): Curated list of Unix binaries that can be exploited by an attacker to bypass local security restrictions
 
 # Other lists
 

diff --git a/pwnd.md b/pwnd.md
@@ -114,7 +114,8 @@
 - [wifite2](https://github.com/derv82/wifite2): Rewrite of the popular wireless network auditor, "wifite", for auditing wireless networks
 - [Diggy](https://github.com/s0md3v/Diggy): Extract endpoints from apk files
 - [pyfiscan](https://github.com/fgeek/pyfiscan): Free web-application vulnerability and version scanner
-
+- [sandmap](https://github.com/trimstray/sandmap): tool supporting network and system reconnaissance using the massive Nmap engine
+- [gitrob](https://github.com/michenriksen/gitrob): Reconnaissance tool for GitHub organizations
 
 # Use cases
 

diff --git a/pwnd.md b/pwnd.md
@@ -112,6 +112,9 @@
 - [emkei.cz](https://emkei.cz/): Free online fake mailer with attachments, encryption, HTML editor and advanced settings…
 - [probequest](https://github.com/SkypLabs/probequest): Toolkit for Playing with Wi-Fi Probe Requests
 - [wifite2](https://github.com/derv82/wifite2): Rewrite of the popular wireless network auditor, "wifite", for auditing wireless networks
+- [Diggy](https://github.com/s0md3v/Diggy): Extract endpoints from apk files
+- [pyfiscan](https://github.com/fgeek/pyfiscan): Free web-application vulnerability and version scanner
+
 
 # Use cases
 

diff --git a/pwnd.md b/pwnd.md
@@ -109,6 +109,9 @@
 - [usbdetective](https://usbdetective.com/): application for identifying, investigating, and reporting on USB storage devices that have been connected to a Windows system
 - [Galileo](https://github.com/m4ll0k/Galileo): Web Application Audit Framework
 - [XSStrike](https://github.com/s0md3v/XSStrike): XSS Scanner equipped with powerful fuzzing engine & intelligent payload generator
+- [emkei.cz](https://emkei.cz/): Free online fake mailer with attachments, encryption, HTML editor and advanced settings…
+- [probequest](https://github.com/SkypLabs/probequest): Toolkit for Playing with Wi-Fi Probe Requests
+- [wifite2](https://github.com/derv82/wifite2): Rewrite of the popular wireless network auditor, "wifite", for auditing wireless networks
 
 # Use cases
 

diff --git a/pwnd.md b/pwnd.md
@@ -108,6 +108,7 @@
 - [crt.sh](https://crt.sh/): Certificate Search (eg. [%.cambridgeanalytica.org](https://crt.sh/?q=%25.cambridgeanalytica.org))
 - [usbdetective](https://usbdetective.com/): application for identifying, investigating, and reporting on USB storage devices that have been connected to a Windows system
 - [Galileo](https://github.com/m4ll0k/Galileo): Web Application Audit Framework
+- [XSStrike](https://github.com/s0md3v/XSStrike): XSS Scanner equipped with powerful fuzzing engine & intelligent payload generator
 
 # Use cases
 

diff --git a/pwnd.md b/pwnd.md
@@ -107,6 +107,7 @@
 - [evilgrade](https://github.com/infobyte/evilgrade): take advantage of poor upgrade implementations by injecting fake updates
 - [crt.sh](https://crt.sh/): Certificate Search (eg. [%.cambridgeanalytica.org](https://crt.sh/?q=%25.cambridgeanalytica.org))
 - [usbdetective](https://usbdetective.com/): application for identifying, investigating, and reporting on USB storage devices that have been connected to a Windows system
+- [Galileo](https://github.com/m4ll0k/Galileo): Web Application Audit Framework
 
 # Use cases
 

diff --git a/pwnd.md b/pwnd.md
@@ -106,6 +106,7 @@
 - [autosploit](https://www.helpnetsecurity.com/2018/02/01/autosploit/): Automated mass exploitation of remote hosts using Shodan and Metasploit
 - [evilgrade](https://github.com/infobyte/evilgrade): take advantage of poor upgrade implementations by injecting fake updates
 - [crt.sh](https://crt.sh/): Certificate Search (eg. [%.cambridgeanalytica.org](https://crt.sh/?q=%25.cambridgeanalytica.org))
+- [usbdetective](https://usbdetective.com/): application for identifying, investigating, and reporting on USB storage devices that have been connected to a Windows system
 
 # Use cases
 

diff --git a/pwnd.md b/pwnd.md
@@ -105,6 +105,7 @@
 - [ctfr](https://github.com/UnaPibaGeek/ctfr): Abusing Certificate Transparency logs for getting HTTPS websites subdomains.
 - [autosploit](https://www.helpnetsecurity.com/2018/02/01/autosploit/): Automated mass exploitation of remote hosts using Shodan and Metasploit
 - [evilgrade](https://github.com/infobyte/evilgrade): take advantage of poor upgrade implementations by injecting fake updates
+- [crt.sh](https://crt.sh/): Certificate Search (eg. [%.cambridgeanalytica.org](https://crt.sh/?q=%25.cambridgeanalytica.org))
 
 # Use cases
 

diff --git a/pwnd.md b/pwnd.md
@@ -104,7 +104,7 @@
 - [ezsploit](https://github.com/rand0m1ze/ezsploit): Linux bash script automation for metasploit
 - [ctfr](https://github.com/UnaPibaGeek/ctfr): Abusing Certificate Transparency logs for getting HTTPS websites subdomains.
 - [autosploit](https://www.helpnetsecurity.com/2018/02/01/autosploit/): Automated mass exploitation of remote hosts using Shodan and Metasploit
-
+- [evilgrade](https://github.com/infobyte/evilgrade): take advantage of poor upgrade implementations by injecting fake updates
 
 # Use cases
 

diff --git a/pwnd.md b/pwnd.md
@@ -101,6 +101,10 @@
 - [btlejuice](https://github.com/DigitalSecurity/btlejuice): BtleJuice Bluetooth Smart (LE) Man-in-the-Middle framework
 - [censys-subdomain-finder](https://github.com/christophetd/censys-subdomain-finder): Perform subdomain enumeration using the certificate transparency logs from Censys
 - [Striker](https://github.com/UltimateHackers/Striker): Striker is an offensive information and vulnerability scanner
+- [ezsploit](https://github.com/rand0m1ze/ezsploit): Linux bash script automation for metasploit
+- [ctfr](https://github.com/UnaPibaGeek/ctfr): Abusing Certificate Transparency logs for getting HTTPS websites subdomains.
+- [autosploit](https://www.helpnetsecurity.com/2018/02/01/autosploit/): Automated mass exploitation of remote hosts using Shodan and Metasploit
+
 
 # Use cases
 

diff --git a/pwnd.md b/pwnd.md
@@ -100,6 +100,7 @@
 - [Zeus-Scanner](https://github.com/Ekultek/Zeus-Scanner): Advanced reconnaissance utility
 - [btlejuice](https://github.com/DigitalSecurity/btlejuice): BtleJuice Bluetooth Smart (LE) Man-in-the-Middle framework
 - [censys-subdomain-finder](https://github.com/christophetd/censys-subdomain-finder): Perform subdomain enumeration using the certificate transparency logs from Censys
+- [Striker](https://github.com/UltimateHackers/Striker): Striker is an offensive information and vulnerability scanner
 
 # Use cases
 

diff --git a/pwnd.md b/pwnd.md
@@ -99,6 +99,7 @@
 - [routersploit](https://github.com/reverse-shell/routersploit): The Router Exploitation Framework
 - [Zeus-Scanner](https://github.com/Ekultek/Zeus-Scanner): Advanced reconnaissance utility
 - [btlejuice](https://github.com/DigitalSecurity/btlejuice): BtleJuice Bluetooth Smart (LE) Man-in-the-Middle framework
+- [censys-subdomain-finder](https://github.com/christophetd/censys-subdomain-finder): Perform subdomain enumeration using the certificate transparency logs from Censys
 
 # Use cases
 

diff --git a/pwnd.md b/pwnd.md
@@ -98,7 +98,7 @@
 - [InSpy](https://github.com/gojhonny/InSpy): A LinkedIn enumeration tool
 - [routersploit](https://github.com/reverse-shell/routersploit): The Router Exploitation Framework
 - [Zeus-Scanner](https://github.com/Ekultek/Zeus-Scanner): Advanced reconnaissance utility
-
+- [btlejuice](https://github.com/DigitalSecurity/btlejuice): BtleJuice Bluetooth Smart (LE) Man-in-the-Middle framework
 
 # Use cases
 

diff --git a/pwnd.md b/pwnd.md
@@ -94,6 +94,11 @@
 - [kernelpop](https://github.com/spencerdodd/kernelpop): kernel privilege escalation enumeration and exploitation framework ([kitsploit.com](http://www.kitploit.com/2017/11/kernelpop-kernel-privilege-escalation.html))
 - [subjack](https://github.com/haccer/subjack): Hostile Subdomain Takeover tool ([blog](https://cody.su/blog/hostile-subdomain-takeovers/))
 - [nmap-vulners](https://github.com/vulnersCom/nmap-vulners): NSE script based on Vulners.com API
+- [recon-ng](https://bitbucket.org/LaNMaSteR53/recon-ng/wiki/Home): full-featured Web Reconnaissance framework
+- [InSpy](https://github.com/gojhonny/InSpy): A LinkedIn enumeration tool
+- [routersploit](https://github.com/reverse-shell/routersploit): The Router Exploitation Framework
+- [Zeus-Scanner](https://github.com/Ekultek/Zeus-Scanner): Advanced reconnaissance utility
+
 
 # Use cases
 

diff --git a/pwnd.md b/pwnd.md
@@ -93,6 +93,7 @@
 - [cve-search](https://github.com/cve-search/cve-search): tool to perform local searches for known vulnerabilities
 - [kernelpop](https://github.com/spencerdodd/kernelpop): kernel privilege escalation enumeration and exploitation framework ([kitsploit.com](http://www.kitploit.com/2017/11/kernelpop-kernel-privilege-escalation.html))
 - [subjack](https://github.com/haccer/subjack): Hostile Subdomain Takeover tool ([blog](https://cody.su/blog/hostile-subdomain-takeovers/))
+- [nmap-vulners](https://github.com/vulnersCom/nmap-vulners): NSE script based on Vulners.com API
 
 # Use cases
 

diff --git a/pwnd.md b/pwnd.md
@@ -92,7 +92,7 @@
 - [AhMyth-Android-RAT](https://github.com/AhMyth/AhMyth-Android-RAT): Android Remote Administration Tool
 - [cve-search](https://github.com/cve-search/cve-search): tool to perform local searches for known vulnerabilities
 - [kernelpop](https://github.com/spencerdodd/kernelpop): kernel privilege escalation enumeration and exploitation framework ([kitsploit.com](http://www.kitploit.com/2017/11/kernelpop-kernel-privilege-escalation.html))
-- [subjack](https://github.com/haccer/subjack): https://github.com/haccer/subjack ([blog](https://cody.su/blog/hostile-subdomain-takeovers/))
+- [subjack](https://github.com/haccer/subjack): Hostile Subdomain Takeover tool ([blog](https://cody.su/blog/hostile-subdomain-takeovers/))
 
 # Use cases
 

diff --git a/pwnd.md b/pwnd.md
@@ -92,6 +92,7 @@
 - [AhMyth-Android-RAT](https://github.com/AhMyth/AhMyth-Android-RAT): Android Remote Administration Tool
 - [cve-search](https://github.com/cve-search/cve-search): tool to perform local searches for known vulnerabilities
 - [kernelpop](https://github.com/spencerdodd/kernelpop): kernel privilege escalation enumeration and exploitation framework ([kitsploit.com](http://www.kitploit.com/2017/11/kernelpop-kernel-privilege-escalation.html))
+- [subjack](https://github.com/haccer/subjack): https://github.com/haccer/subjack ([blog](https://cody.su/blog/hostile-subdomain-takeovers/))
 
 # Use cases
 

diff --git a/pwnd.md b/pwnd.md
@@ -91,6 +91,7 @@
 - [DET](https://github.com/sensepost/DET): Data Exfiltration Toolkit
 - [AhMyth-Android-RAT](https://github.com/AhMyth/AhMyth-Android-RAT): Android Remote Administration Tool
 - [cve-search](https://github.com/cve-search/cve-search): tool to perform local searches for known vulnerabilities
+- [kernelpop](https://github.com/spencerdodd/kernelpop): kernel privilege escalation enumeration and exploitation framework ([kitsploit.com](http://www.kitploit.com/2017/11/kernelpop-kernel-privilege-escalation.html))
 
 # Use cases
 

diff --git a/pwnd.md b/pwnd.md
@@ -89,6 +89,8 @@
 - [sshpry](https://github.com/nopernik/sshpry): Seamlessly spy on SSH session like it is your tty
 - [cameradar](https://github.com/EtixLabs/cameradar): Cameradar hacks its way into RTSP CCTV cameras
 - [DET](https://github.com/sensepost/DET): Data Exfiltration Toolkit
+- [AhMyth-Android-RAT](https://github.com/AhMyth/AhMyth-Android-RAT): Android Remote Administration Tool
+- [cve-search](https://github.com/cve-search/cve-search): tool to perform local searches for known vulnerabilities
 
 # Use cases
 

diff --git a/pwnd.md b/pwnd.md
@@ -88,6 +88,7 @@
 - [p0wnedShell](https://github.com/Cn33liz/p0wnedShell): PowerShell Runspace Post Exploitation Toolkit
 - [sshpry](https://github.com/nopernik/sshpry): Seamlessly spy on SSH session like it is your tty
 - [cameradar](https://github.com/EtixLabs/cameradar): Cameradar hacks its way into RTSP CCTV cameras
+- [DET](https://github.com/sensepost/DET): Data Exfiltration Toolkit
 
 # Use cases
 

diff --git a/pwnd.md b/pwnd.md
@@ -86,6 +86,8 @@
 - [PenBox](https://github.com/x3omdax/PenBox): Penetration Testing Framework - The Tool With All The Tools , The Hacker's Repo ([website](http://fsociety.tn/PenBox/))
 - [post-exploitation](https://github.com/mubix/post-exploitation): Post Exploitation Collection
 - [p0wnedShell](https://github.com/Cn33liz/p0wnedShell): PowerShell Runspace Post Exploitation Toolkit
+- [sshpry](https://github.com/nopernik/sshpry): Seamlessly spy on SSH session like it is your tty
+- [cameradar](https://github.com/EtixLabs/cameradar): Cameradar hacks its way into RTSP CCTV cameras
 
 # Use cases
 
@@ -130,4 +132,5 @@
 - [https://github.com/carpedm20/awesome-hacking](https://github.com/carpedm20/awesome-hacking)
 - [https://github.com/sobolevn/awesome-cryptography](https://github.com/sobolevn/awesome-cryptography)
 - [https://github.com/secfigo/Awesome-Fuzzing](https://github.com/secfigo/Awesome-Fuzzing)
+- [https://github.com/vitalysim/Awesome-Hacking-Resources](https://github.com/vitalysim/Awesome-Hacking-Resources)
 - [https://github.com/jivoi/awesome-osint](https://github.com/jivoi/awesome-osint)
diff --git a/pwnd.md b/pwnd.md
@@ -84,6 +84,8 @@
 - [XFLTReaT](https://github.com/earthquake/xfltreat/): Tunnelling Framework ([kitploit](http://www.kitploit.com/2017/09/xfltreat-tunnelling-framework.html?m=1))
 - [rudra](https://github.com/7h3rAm/rudra): Framework for exhaustive analysis of (PCAP and PE) files
 - [PenBox](https://github.com/x3omdax/PenBox): Penetration Testing Framework - The Tool With All The Tools , The Hacker's Repo ([website](http://fsociety.tn/PenBox/))
+- [post-exploitation](https://github.com/mubix/post-exploitation): Post Exploitation Collection
+- [p0wnedShell](https://github.com/Cn33liz/p0wnedShell): PowerShell Runspace Post Exploitation Toolkit
 
 # Use cases
 
@@ -127,4 +129,5 @@
 - [https://github.com/forter/security-101-for-saas-startups](https://github.com/forter/security-101-for-saas-startups)
 - [https://github.com/carpedm20/awesome-hacking](https://github.com/carpedm20/awesome-hacking)
 - [https://github.com/sobolevn/awesome-cryptography](https://github.com/sobolevn/awesome-cryptography)
-- [https://github.com/secfigo/Awesome-Fuzzing](https://github.com/secfigo/Awesome-Fuzzing)
+- [https://github.com/secfigo/Awesome-Fuzzing](https://github.com/secfigo/Awesome-Fuzzing)
+- [https://github.com/jivoi/awesome-osint](https://github.com/jivoi/awesome-osint)
diff --git a/pwnd.md b/pwnd.md
@@ -83,6 +83,7 @@
 - [SSRF Testing](https://github.com/cujanovic/SSRF-Testing/): https://github.com/cujanovic/SSRF-Testing/
 - [XFLTReaT](https://github.com/earthquake/xfltreat/): Tunnelling Framework ([kitploit](http://www.kitploit.com/2017/09/xfltreat-tunnelling-framework.html?m=1))
 - [rudra](https://github.com/7h3rAm/rudra): Framework for exhaustive analysis of (PCAP and PE) files
+- [PenBox](https://github.com/x3omdax/PenBox): Penetration Testing Framework - The Tool With All The Tools , The Hacker's Repo ([website](http://fsociety.tn/PenBox/))
 
 # Use cases