Snopfsnopf USB password token
BulwarkAn organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.
Outisoutis is a custom Remote Administration Tool (RAT) or something like that. It was build to support various transport methods (like DNS) and platforms (like Powershell).
Nordvpn NetworkmanagerA CLI tool for automating the importing, securing and usage of NordVPN (and in the future, more) OpenVPN servers through NetworkManager.
Docbleach🚿 Sanitising your documents, one threat at a time. — Content Disarm & Reconstruction Software
SyswallWork in progress firewall for Linux syscalls, written in Rust
Fisy FuzzThis is the full file system fuzzing framework that I presented at the Hack in the Box 2020 Lockdown Edition conference in April.
CatnipCat-Nip Automated Basic Pentest Tool - Designed For Kali Linux
EmbedosEmbedOS - Embedded security testing virtual machine
ArchivefuzzHunt down the secrets from the WebArchives for Fun and Profit
JwtA JWT (JSON Web Token) Encoder & Decoder
PatrowldocsPatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Hacker ContainerContainer with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters
KarnSimplifying Seccomp enforcement in containerized or non-containerized apps
M4ngl3m3Common password pattern generator using strings list
Security ScriptsA collection of public offensive and defensive security related scripts for InfoSec students.
FugaciousOSSSM (awesome). Open source short-term secure messaging
Awesome Aws SecurityCurated list of links, references, books videos, tutorials (Free or Paid), Exploit, CTFs, Hacking Practices etc. which are related to AWS Security
ArlARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
PowershellarmouryA PowerShell armoury for penetration testers or other random security guys
SliverAdversary Simulation Framework
SquealerTelling tales on you for leaking secrets!
VsauditVOIP Security Audit Framework
Keylogger🔐 Open Source Python Keylogger Collection
GorshA Golang Reverse Shell w/ a Tmux-driven psuedo-C2 Interface
AttacksurfaceanalyzerAttack Surface Analyzer can help you analyze your operating system's security configuration for changes during software installation.
AmdhAndroid Mobile Device Hardening
Aws Securitygroup GrapherThis ansible role gets information from an AWS VPC and generate a graphical representation of security groups
Flask UnsignCommand line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.
Pentest NotesCollection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)
PattonThe clever vulnerability dependency finder
Envkey AppSecure, human-friendly, cross-platform secrets and config.
Vxscanpython3写的综合扫描工具,主要用来存活验证,敏感文件探测(目录扫描/js泄露接口/html注释泄露),WAF/CDN识别,端口扫描,指纹/服务识别,操作系统识别,POC扫描,SQL注入,绕过CDN,查询旁站等功能,主要用来甲方自测或乙方授权测试,请勿用来搞破坏。
ContentSecurity automation content in SCAP, OSCAL, Bash, Ansible, and other formats
Network Threats TaxonomyMachine Learning based Intrusion Detection Systems are difficult to evaluate due to a shortage of datasets representing accurately network traffic and their associated threats. In this project we attempt at solving this problem by presenting two taxonomies
Radio HackboxPoC tool to demonstrate vulnerabilities in wireless input devices
Nrf24 PlaysetSoftware tools for Nordic Semiconductor nRF24-based devices like wireless keyboards, mice, and presenters
NotrulerThe opposite of Ruler, provides blue teams with the ability to detect Ruler usage against Exchange.
Gscan本程序旨在为安全应急响应人员对Linux主机排查时提供便利,实现主机侧Checklist的自动全面化检测,根据检测结果自动数据聚合,进行黑客攻击路径溯源。
Viewfinderjs📷 ViewFinder - NodeJS product to make the browser into a web app. WTF RBI. CBII. Remote browser isolation, embeddable browserview, secure chrome saas. Licenses, managed, self-hosted. Like S2, WebGap, Bromium, Authentic8, Menlo Security and Broadcom, but open source with free live demos available now! Also, integrated RBI/CDR with CDR from https://github.com/dosyago/p2%2e
UrsadbTrigram database written in C++, suited for malware indexing
PurifyAll-in-one tool for managing vulnerability reports from AppSec pipelines
SenvFriends don't let friends leak secrets on their terminal window 🙈
GitgrabergitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...