Collection of one-liners to bypass User Account Control (UAC) in Windows. These techniques exploit certain behavior in Windows applications to elevate privileges.

154 13 Updated Jan 7, 2025

AlessandroZ / LaZagne

Credentials recovery project

Python 10,653 2,120 Updated Sep 18, 2025

GhostPack / SharpDPAPI

SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.

C# 1,390 241 Updated Jun 27, 2024

skelsec / pypykatz

Mimikatz implementation in pure Python

Python 3,238 415 Updated Jan 2, 2026

login-securite / DonPAPI

Dumping DPAPI credz remotely

Python 1,317 156 Updated Mar 24, 2025

ihebski / DefaultCreds-cheat-sheet

One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password 🛡️

Python 6,404 754 Updated Dec 20, 2025

Hackplayers / evil-winrm

The ultimate WinRM shell for hacking/pentesting

Ruby 5,244 677 Updated Jan 9, 2026

Pennyw0rth / NetExec

The Network Execution Tool

Python 5,257 661 Updated Feb 12, 2026

fortra / impacket

Impacket is a collection of Python classes for working with network protocols.

Python 15,448 3,865 Updated Feb 9, 2026

galkan / crowbar

Crowbar is brute forcing tool that can be used during penetration tests. It is developed to support protocols that are not currently supported by thc-hydra and other popular brute forcing tools.

Python 1,491 319 Updated Dec 19, 2023

cddmp / enum4linux-ng

A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.

Python 1,526 141 Updated Dec 16, 2025

jenish-sojitra / JSAnalyzer

Python 1,047 170 Updated Jan 28, 2026

SpiderLabs / Responder

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…

Python 4,829 1,790 Updated Jun 15, 2020

MobSF / Mobile-Security-Framework-MobSF

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a…

JavaScript 20,389 3,592 Updated Feb 3, 2026

psypanda / hashID

Software to identify the different types of hashes -

Python 1,444 190 Updated Jun 20, 2022

BishopFox / unredacter

Never ever ever use pixelation as a redaction technique

TypeScript 8,216 798 Updated Mar 15, 2024

doyensec / inql

InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.

Kotlin 1,731 177 Updated Feb 12, 2026

dolevf / graphql-cop

Security Auditor Utility for GraphQL APIs

Python 599 85 Updated Nov 20, 2025

APIs-guru / graphql-voyager

🛰️ Represent any GraphQL API as an interactive graph

TypeScript 8,087 546 Updated Feb 2, 2026

nicholasaleks / graphql-threat-matrix

GraphQL threat framework used by security professionals to research security gaps in GraphQL implementations

348 35 Updated Jul 1, 2025

dolevf / graphw00f

graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.

Python 808 92 Updated Jun 9, 2025

urbanadventurer / username-anarchy

Username tools for penetration testing

Ruby 1,312 155 Updated Sep 20, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Saher Muhamed SaherMuhamed

Block or report SaherMuhamed

Stars

jpillora / chisel

ShutdownRepo / pywhisker

ly4k / Certipy

GhostPack / Rubeus

Arrexel / phpbash

Kevin-Robertson / Invoke-TheHash

huntergregal / mimipenguin

ohyicong / decrypt-chrome-passwords

blue0x1 / uac-bypass-oneliners