DefaultCreds-cheat-sheet VS Villain

What are some alternatives?

SecLists - SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

hoaxshell - A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.

my-wordlists - wordlists i use for testing security/security testing or whatever you want to call it

HavocNotion - A simple ExternalC2 POC for Havoc C2. Communicates over Notion using a custom python agent, handler and extc2 channel. Not operationally safe or stable, built as a PoC to showcase Havoc C2's modular C2 channel interface.

swaggerHole - A python3 script searching for secret on swaggerhub

Pentest-Notes - Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)

mssql-spider - Automated exploitation of MSSQL servers at scale

aizawa - Simple command-line webshell that executes commands via the HTTP request in order to avoid any WAF or IDS while bypassing disable_function.

mongoaudit - 🔥 A powerful MongoDB auditing and pentesting tool 🔥

PowerShell-Obfuscation-Bible - A collection of techniques, examples and a little bit of theory for manually obfuscating PowerShell scripts to achieve AV evasion, compiled for educational purposes. The contents of this repository are the result of personal research, including reading materials online and conducting trial-and-error attempts in labs and pentests.

powershell_commands - Personal sheet for PowerShell 🧢

uuid-loader - UUID based Shellcode loader for your favorite C2