Pentest List

🚨 Pentest List Tool Spotlight 🚨 EnumEDRs Tool written in C which enumerates EDR's running on the system by enumerating current processes and loaded drivers. It loops through both of them and print if any defined EDR's are present. github.com/0xJs/EnumEDRs

When we launched PentestList v1 last year, I just wanted a simple place to find the best and newest infosec resources. Today, I’m releasing PentestList v2 🚀 After a year of feedback and some user growth, we’ve redesigned the experience and added a bunch of new features: ✅ User Dashboard ✅ Utilities (DNS/TLS checks, OSINT tools, etc) ✅ Connect (find others like you) Go take a look, if you want.. You might see some familiar faces @_JohnHammond @NahamSec @NetworkChuck @TomNomNom

PentestList v2, coming very soon...

Had one beta tester so far.. and I quote: "Yoooo that's awesome lol. I like this. More consolidated and better layout"

I released PentestList in mid 2024. The idea was good, it built some nice visitor statistics, but there was a lot that needed improving. Does anyone want to beta test PentestList v2?

Had @techspence's tweet bookedmarked for nearly a month😅. Just used it, along with some of my own thoughts and AIs suggestions to come up with a nice list to add to my internal pentest notes. Too big for one tweet so check replies😄

I always forget to delete 2FA tokens from my mobile app after I have finished a security assessment and the account has been deleted. I have so many tokens and I don't know which are still used and which are not😅So, I fixed that issue: github.com/MrTurvey/temp2…

You know what's annoying on security assessments? Web proxies and hardened machines (No USB, no SMB, etc) So, avoid that and use my new tool. It incorporates Cloudflared to ~hopefully~ bypass web proxies and allow you to get data out of the environment. github.com/MrTurvey/slips…

Do you need a VPN right now? Well, I made a tool. It uses AWS and @WireGuardVPN to give you a new IP address, in minutes. Simply copy the client config into your WireGuard app github.com/MrTurvey/FastW…

🚨 Pentest List Tool Spotlight 🚨 Secrets Ninja Secrets Ninja is an GUI tool for validating & investigating API keys discovered during pentesting & bug bounty hunting. Find it here: secrets.ninja/autopilot #bugbounty #appsec

🚨 Pentest List Tool Spotlight 🚨 proxyblob SOCKS5 proxy tool that uses Azure Blob Storage as a means of communication Find it here: github.com/quarkslab/prox…

🚨 Pentest List Tool Spotlight 🚨 CrossLinked LinkedIn enumeration tool to extract valid employee names from an organization through search engine scraping Find it here: github.com/m8sec/CrossLin…

🚨 Pentest List Tool Spotlight 🚨 evil-winrm-py Execute commands interactively on remote Windows machines using the WinRM protocol Find it here: github.com/adityatelange/…

🚨 Pentest List Tool Spotlight 🚨 RedTeamTP Automated deployment of red team infrastructure through GitHub Actions. It supports configurable C2 frameworks and phishing. Find it here: github.com/CultCornholio/…

🚨 Pentest List Tool Spotlight 🚨 PowerDodder A persistence utility for stealthily embedding commands into existing script files by leveraging files that are frequently accessed but rarely modified. Find it here: github.com/itaymigdal/Pow…

🚨 Pentest List Tool Spotlight 🚨 EntraFalcon PowerShell tool for assessing the security of Entra ID environments. Identify privileged objects, risky assignments, and potential misconfigurations. Find it here: github.com/CompassSecurit…

🚨 Pentest List Tool Spotlight 🚨 HExHTTP HExHTTP is a tool designed to perform tests on HTTP headers and analyze the results to identify vulnerabilities and interesting behaviours. Find it here: github.com/c0dejump/HExHT…

🚨 Pentest List Tool Spotlight 🚨 psudohash Generates millions of keyword-based password mutations in seconds. Find it here: github.com/t3l3machus/psu…

🚨 Pentest List Tool Spotlight 🚨 ADcheck Assess the security of your Active Directory with few or all privileges. Find it here: github.com/CobblePot59/AD… #redteam #blueteam #bugbounty

🚨 Pentest List Tool Spotlight 🚨 Coercer A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods. Find it here: github.com/p0dalirius/Coe… #redteam #blueteam #bugbounty