Cve Bin ToolThis tool scans for a number of common, vulnerable components (openssl, libpng, libxml2, expat and a few others) to let you know if your system includes common libraries with known vulnerabilities.
BrutedumBruteDum - Brute Force attacks SSH, FTP, Telnet, PostgreSQL, RDP, VNC with Hydra, Medusa and Ncrack
Aws Secure Environment AcceleratorThe AWS Secure Environment Accelerator is a tool designed to help deploy and operate secure multi-account, multi-region AWS environments on an ongoing basis. The power of the solution is the configuration file which enables the completely automated deployment of customizable architectures within AWS without changing a single line of code.
Bookmarks🔖 +4.3K awesome resources for geeks and software crafters 🍺
DirstalkModern alternative to dirbuster/dirb
Rudder ServerPrivacy and Security focused Segment-alternative, in Golang and React
Can I Take Over Xyz"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
BcryptA Java standalone implementation of the bcrypt password hash function. Based on the Blowfish cipher it is the default password hash algorithm for OpenBSD and other systems including some Linux distributions. Includes a CLI Tool.
DragoA flexible configuration manager for Wireguard networks
KaflA fuzzer for full VM kernel/driver targets
Pi.alertWIFI / LAN intruder detector. Check the devices connected and alert you with unknown devices. It also warns of the disconnection of "always connected" devices
Beego AuthzBeego's RBAC & ABAC Authorization middleware based on Casbin
ScannerlThe modular distributed fingerprinting engine
TechnicalnoteRepository to store what we have studied. 📖 We want everyone to get a job through TechnicalNote.
PandwarfPandwaRF: RF analysis tool with a sub-1 GHz wireless transceiver controlled by a smartphone or
Poc In Github📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
Ladon大型内网渗透扫描器&Cobalt Strike,Ladon8.9内置120个模块,包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2,密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem,Poc/Exploit,支持Cobalt Strike 3.X-4.0
Aws ReconMulti-threaded AWS inventory collection tool with a focus on security-relevant resources and metadata.
Ssm EnvExpand env variables from AWS Parameter Store
Chain ReactorChain Reactor is an open source framework for composing executables that simulate adversary behaviors and techniques on Linux endpoints.
WhispersIdentify hardcoded secrets and dangerous behaviours
OsiamMIT licensed Open Source Identity and Access Management implementing OAuth 2.0 and SCIMv2.
Moqui FrameworkUse Moqui Framework to build enterprise applications based on Java. It includes tools for databases (relational, graph, document), local and web services, web and other UI with screens and forms, security, file/resource access, scripts, templates, l10n, caching, logging, search, rules, workflow, multi-instance, and integration.
InspecInSpec: Auditing and Testing Framework
LnkupGenerates malicious LNK file payloads for data exfiltration
SksSecurity Knowledge Structure(安全知识汇总)
SmartproxyHTTP(S) Rotating Residential proxies - Code examples & General information
LimitrrLight NodeJS rate limiting and response delaying using Redis - including Express middleware.
Fwd🚂 The little forwarder that could
WstgThe Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
MifareclassictoolAn Android NFC app for reading, writing, analyzing, etc. MIFARE Classic RFID tags.
Swc RegistrySmart Contract Weakness Classification and Test Cases
KafelA language and library for specifying syscall filtering policies.
Qsfuzzqsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.
LibreauthLibreAuth is a collection of tools for user authentication.
ManualeA fully manual Let's Encrypt/ACME client
Vm2Advanced vm/sandbox for Node.js
Mad MetasploitMetasploit custom modules, plugins, resource script and.. awesome metasploit collection
Sensitive🔐Sensitive log tool for java, based on java annotation. (基于注解的 java 日志脱敏框架,更加优雅的日志打印)
U2f ZeroU2F USB token optimized for physical security, affordability, and style
FdsploitFile Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
RichelieuList of the most common French passwords
Password exposed🔒 Password Exposed Helper Function - Check if a password has been exposed in a data breach.