RaptorWeb-based Source Code Vulnerability Scanner
ProwlerProwler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.
PolichombrCollaborative malware analysis framework
Ethereum ListsA repository for maintaining lists of things like malicious URLs, fake token addresses, and so forth. We love lists.
DotdotslashSearch for Directory Traversal Vulnerabilities
H2csmugglerHTTP Request Smuggling over HTTP/2 Cleartext (h2c)
BanditBandit is a tool designed to find common security issues in Python code.
RmiscoutRMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities
Cheatsheet GodPenetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
WsltoolsWeb Scan Lazy Tools - Python Package
SusanooA REST API security testing framework.
Traitor⬆️ ☠️ Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, polkit, docker socket
OsmedeusFully automated offensive security framework for reconnaissance and vulnerability scanning
CloudfruntA tool for identifying misconfigured CloudFront domains
SecurecodeboxsecureCodeBox (SCB) - continuous secure delivery out of the box
DgfraudA Deep Graph-based Toolbox for Fraud Detection
Certificates🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.
Recon My WayThis repository created for personal use and added tools from my latest blog post.
NerveNERVE Continuous Vulnerability Scanner
MqueryYARA malware query accelerator (web frontend)
Salt ScannerLinux vulnerability scanner based on Salt Open and Vulners audit API, with Slack notifications and JIRA integration
CertaintyAutomated cacert.pem management for PHP projects
KraneKubernetes RBAC static Analysis & visualisation tool
ElectriceyeContinuously monitor your AWS services for configurations that can lead to degradation of confidentiality, integrity or availability. All results will be sent to Security Hub for further aggregation and analysis.
Pocsuite3pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.
Social AnalyzerAPI, CLI & Web App for analyzing & finding a person's profile across +1000 social media \ websites (Detections are updated regularly by automated systems)
SpiderfootSpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
Scanners BoxA powerful hacker toolkit collected more than 10 categories of open source scanners from Github - 安全行业从业者自研开源扫描器合辑
Sn1perAttack Surface Management Platform | Sn1perSecurity LLC
SpyGenTrojan 🐍 (keylogger, take screenshots, open your webcam) 🔓
SoteriaPlugin to block compilation when unapproved dependencies are used or code styling does not comply.
MicrosoftWontFixListA list of vulnerabilities or design flaws that Microsoft does not intend to fix. Since the number is growing, I decided to make a list. This list covers only vulnerabilities that came up in July 2021 (and SpoolSample ;-))
OpenVAS-DockerA Docker Image For the Open Vulnerability Assessment Scanner (OpenVAS)
box-appServerThe Staff-Manager App Server for Enterprise Token Safe BOX
ShonyDanzaA customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan.
ss-authStupid Simple Authentication
he-toolkitThe Intel Homomorphic Encryption (HE) toolkit is the primordial vehicle for the continuous distribution of the Intel HE technological innovation to users. The toolkit has been designed with usability in mind and to make it easier for users to evaluate and deploy homomorphic encryption technology on the Intel platforms.
zeek-plugin-tdsZeek network security monitor plugin that enables parsing of the Tabular Data Stream (TDS) protocol
gtfoSearch for Unix binaries that can be exploited to bypass system security restrictions.
aws-enumeratorThe AWS Enumerator was created for service enumeration and info dumping for investigations of penetration testers during Black-Box testing. The tool is intended to speed up the process of Cloud review in case the security researcher compromised AWS Account Credentials.
SyntheticSunSyntheticSun is a defense-in-depth security automation and monitoring framework which utilizes threat intelligence, machine learning, managed AWS security services and, serverless technologies to continuously prevent, detect and respond to threats.
PandorasBoxSecurity tool to quickly audit Public Box files and folders.
rpl-attacksRPL attacks framework for simulating WSN with a malicious mote based on Contiki
envkeygoEnvKey's official Go client library
Raven-StormRaven-Storm is a powerful DDoS toolkit for penetration tests, including attacks for several protocols written in python. Takedown many connections using several exotic and classic protocols.
malidateA logging DNS and HTTP(S) server. Opensource alternative to some parts of the Burpsuite Collaborator server.
sedclisedcli and libsed library for NVMe Self-Encrypting Drives (SEDs) management
Security4DelphiEnables and use of the concept of security in your Delphi applications
moonwalkCover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps. 👻🐚
xssmapIntelligent XSS detection tool that uses human techniques for looking for reflected cross-site scripting (XSS) vulnerabilities
PcapVizVisualize network topologies and collect graph statistics based on pcap files
box-AuthorizerPKApp is used to start, stop and authorise approval flow of authorizer.