securitytools

a collection of GitHub projects used for various security tasks - collected as submodules within this repository.

projects

this readme is dynamically generated based upon the github description field for the associated repo

authentication

• authentication/SAML2Spray Python Script for SAML2 Authentication Passwordspray

• authentication/teleport Certificate authority and access plane for SSH, Kubernetes, web apps, databases and desktops

reconnaisance

• reconnaisance/Sudomy Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

• reconnaisance/AttackSurfaceMapper AttackSurfaceMapper is a tool that aims to automate the reconnaissance process.

• reconnaisance/fav-up IP lookup by favicon using Shodan

• reconnaisance/github-dorks Find leaked secrets via github search

• reconnaisance/fierce A DNS reconnaissance tool for locating non-contiguous IP space.

• reconnaisance/Backlink-dorks google dork for search top backlink

• reconnaisance/recon-ng Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources.

• reconnaisance/gau Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.

• reconnaisance/dnsrecon DNS Enumeration Script

• reconnaisance/cloud_enum Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.

• reconnaisance/HostHunter HostHunter a recon tool for discovering hostnames using OSINT techniques.

• reconnaisance/Ashok Ashok is a OSINT Recon Tool , a.k.a 😍 Swiss Army knife .

• reconnaisance/SubDomainizer A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.

email

• email/espoofer An email spoofing testing tool that aims to bypass SPF/DKIM/DMARC and forge DKIM signatures.🍻

• email/miteru An experimental phishing kit detection tool

• email/PhishMailer Generate Professional Phishing Emails Fast And Easy

• email/checkdmarc A parser for SPF and DMARC DNS records

scanners

• scanners/watchdog Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.

• scanners/masscan TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

• scanners/faraday Collaborative Penetration Test and Vulnerability Management Platform

• scanners/StalkPhish StalkPhish - The Phishing kits stalker, harvesting phishing kits for investigations.

• scanners/trivy Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues and hard-coded secrets

• scanners/killshot A Penetration Testing Framework, Information gathering tool & Website Vulnerability Scanner

• scanners/Striker Striker is an offensive information and vulnerability scanner.

• scanners/RustScan 🤖 The Modern Port Scanner 🤖

mobile

• mobile/MobileApp-Pentest-Cheatsheet The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.

• mobile/awesome-mobile-security An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

• mobile/SMSSpoof Spoof who an SMS is from using an SMS API

• mobile/objection 📱 objection - runtime mobile exploration

• mobile/iLEAPP iOS Logs, Events, And Plist Parser

• mobile/RE-iOS-Apps A completely free, open source and online course about Reverse Engineering iOS Applications.

• mobile/owasp-mstg The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).

• mobile/osx-and-ios-security-awesome OSX and iOS related security tools

• mobile/ssl-kill-switch2 Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and macOS applications.

• mobile/Mobile-Security-Framework-MobSF Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

• mobile/andriller 📱 Andriller - is software utility with a collection of forensic tools for smartphones. It performs read-only, forensically sound, non-destructive acquisition from Android devices.

analysis

• analysis/awesome-reversing A curated list of awesome reversing resources

• analysis/Cyber-Search-Shortcuts Browser Shortcuts for Cyber Security Related Online Services

• analysis/cyberchef-recipes A list of cyber-chef recipes and curated links

• analysis/CAPEv2 Malware Configuration And Payload Extraction

• analysis/munin Online hash checker for Virustotal and other services

• analysis/DeepBlueCLI

• analysis/malwoverview Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, ThreatCrowd, Malware Bazaar, ThreatFox, Triage and it is able to scan Android devices against VT.

• analysis/radare2 UNIX-like reverse engineering framework and command-line toolset

• analysis/hstsparser A tool to parse Firefox and Chrome HSTS databases into forensic artifacts!

• analysis/fame FAME Automates Malware Evaluation

activedirectory

• activedirectory/BloodHound Six Degrees of Domain Admin

• activedirectory/SharpHound3 C# Data Collector for the BloodHound Project, Version 3

• activedirectory/ADFSpoof

vuln-identification

• vuln-identification/flan A pretty sweet vulnerability scanner

• vuln-identification/tsunami-security-scanner Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.

• vuln-identification/nmap-vulners NSE script based on Vulners.com API

microsoft&azure

• microsoft&azure/Sparrow Sparrow.ps1 was created by CISA's Cloud Forensics team to help detect possible compromised accounts and applications in the Azure/m365 environment.

• microsoft&azure/o365recon retrieve information via O365 and AzureAD with a valid cred

• microsoft&azure/CRT Contact: [email protected]

• microsoft&azure/SkyArk SkyArk helps to discover, assess and secure the most privileged entities in Azure and AWS

• microsoft&azure/azucar Security auditing tool for Azure environments

• microsoft&azure/Azure-Network-Security Resources for improving Customer Experience with Azure Network Security

• microsoft&azure/MicroBurst A collection of scripts for assessing Microsoft Azure security

• microsoft&azure/Sentinel-Queries Collection of KQL queries

• microsoft&azure/Cloud-Katana Unlocking Serverless Computing to Assess Security Controls

• microsoft&azure/BlobHunter Find exposed data in Azure with this public blob scanner

• microsoft&azure/Mandiant-Azure-AD-Investigator

• microsoft&azure/Stormspotter Azure Red Team tool for graphing Azure and Azure Active Directory objects

• microsoft&azure/AzureAD-Attack-Defense This publication is a collection of various common attack scenarios on Azure Active Directory and how they can be mitigated or detected.

• microsoft&azure/o365-attack-toolkit A toolkit to attack Office365

• microsoft&azure/o365creeper Python script that performs email address validation against Office 365 without submitting login attempts.

• microsoft&azure/msmailprobe Office 365 and Exchange Enumeration

• microsoft&azure/azure-policy Repository for Azure Resource Policy built-in definitions and samples

• microsoft&azure/AzurePenTestScope The following scripts and programs are to help security professionals scope their organizations Azure footprint prior to penetration testing.

• microsoft&azure/AzureADAssessment Tooling for assessing an Azure AD tenant state and configuration

• microsoft&azure/TokenTactics Azure JWT Token Manipulation Toolset

• microsoft&azure/cs-suite Cloud Security Suite - One stop tool for auditing the security posture of AWS/GCP/Azure infrastructure.

collections

• collections/regular-expression-cheat-sheet Regular Expression Cheat Sheet - PCRE

• collections/Infosec_Reference An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

• collections/the_cyber_plumbers_handbook Free copy of The Cyber Plumber's Handbook

• collections/RedTeam-OffensiveSecurity Tools & Interesting Things for RedTeam Ops

• collections/DefaultCreds-cheat-sheet One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

• collections/tools Security and Hacking Tools, Exploits, Proof of Concepts, Shellcodes, Scripts.

• collections/Red-Team-Infrastructure-Wiki Wiki to collect Red Team infrastructure hardening resources

• collections/macOS-Security-and-Privacy-Guide Guide to securing and improving privacy on macOS

• collections/Awesome-Vulnerability-Research 🦄 A curated list of the awesome resources about the Vulnerability Research

• collections/HackingTools Exhaustive list of hacking tools

• collections/msticpy Microsoft Threat Intelligence Security Tools

• collections/security Repository for various tools around security

• collections/the-book-of-secret-knowledge A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.

• collections/ctf-tools Some setup scripts for security research tools.

• collections/SecurityShepherd Web and mobile application security training platform

• collections/security-cheatsheets 🔒 A collection of cheatsheets for various infosec tools and topics.

• collections/blackhat-arsenal-tools Official Black Hat Arsenal Security Tools Repository

• collections/pentest-wiki PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.

• collections/OSINT Collections of tools and methods created to aid in OSINT collection

• collections/awesome-devsecops An authoritative list of awesome devsecops tools with the help from community experiments and contributions.

testing

• testing/PEASS-ng PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

• testing/DeTTECT Detect Tactics, Techniques & Combat Threats

• testing/joystick Joystick is a tool that gives you the ability to transform the ATT&CK Evaluations data into concise views that brings forward the nuances in the results.

• testing/all-about-apikey Detailed information about API key / OAuth token (Description, Request, Response, Regex, Example)

• testing/atomic-red-team Small and highly portable detection tests based on MITRE's ATT&CK.

• testing/caldera Automated Adversary Emulation Platform

socials

• socials/TweetFeed Collecting IOCs posted on Twitter

• socials/sherlock 🔎 Hunt down social media accounts by username across social networks

• socials/CrossLinked LinkedIn enumeration tool to extract valid employee names from an organization through search engine scraping

• socials/Discord-History-Tracker Desktop app & browser script that saves Discord chat history into a file, and an offline viewer that displays the file.

• socials/get-discord-bots-tokens-with-google Google dorks to easily get some Discord bots tokens

• socials/socialscan Python library and CLI for accurately querying username and email usage on online platforms

• socials/awesome-social-engineering A curated list of awesome social engineering resources.

• socials/AMITT AMITT (Adversarial Misinformation and Influence Tactics and Techniques) framework for describing disinformation incidents. Includes TTPs and countermeasures.

• socials/Telepathy Public release of Telepathy, an OSINT toolkit for investigating Telegram chats.

• socials/holehe holehe allows you to check if the mail is used on different sites like twitter, instagram and will retrieve information on sites with the forgotten password function.

• socials/NameSpi Scrape LinkedIn, ZoomInfo, USStaff, and Hunter.io for usernames and employees.

• socials/OSINT-Discord-resources Some OSINT Discord resources

internet-scale-research

• internet-scale-research/httprobe Take a list of domains and probe for working HTTP and HTTPS servers

• internet-scale-research/Hunting-New-Registered-Domains Hunting Newly Registered Domains

• internet-scale-research/nuclei Fast and customizable vulnerability scanner based on simple YAML based DSL.

• internet-scale-research/aquatone A Tool for Domain Flyovers

• internet-scale-research/phishing_catcher Phishing catcher using Certstream

• internet-scale-research/opensquat Detection of phishing domains and domain squatting. Supports permutations such as homograph attack, typosquatting and bitsquatting.

• internet-scale-research/EyeWitness EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

networking

• networking/IPRotate_Burp_Extension Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.

• networking/justniffer Justniffer Just A Network TCP Packet Sniffer .Justniffer is a network protocol analyzer that captures network traffic and produces logs in a customized way, can emulate Apache web server log files, track response times and extract all "intercepted" files from the HTTP traffic

• networking/clash A rule-based tunnel in Go.

• networking/dnscrypt-proxy dnscrypt-proxy 2 - A flexible DNS proxy, with support for encrypted DNS protocols.

• networking/cloud-ranges A list of cloud ranges from different providers.

• networking/mubeng An incredibly fast proxy checker & IP rotator with ease.

• networking/nebula A scalable overlay networking tool with a focus on performance, simplicity and security

• networking/Raven-Storm Raven-Storm is a powerful DDoS toolkit for penetration tests, including attacks for several protocols written in python. Takedown many connections using several exotic and classic protocols.

• networking/mitmengine A MITM (monster-in-the-middle) detection tool. Used to build MALCOLM:

• networking/snort3 Snort++

• networking/AutoRecon AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.

• networking/microsocks tiny, portable SOCKS5 server with very moderate resource usage

• networking/wifijammer Continuously jam all wifi clients/routers

• networking/CloudFlair 🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.

• networking/rita Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.

• networking/Tunna Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP. It can be used to bypass network restrictions in fully firewalled environments.

• networking/bettercap The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.

• networking/pwnat The only tool and technique to punch holes through firewalls/NATs where both clients and server can be behind separate NATs without any 3rd party involvement. Pwnat uses a newly developed technique, exploiting a property of NAT translation tables, with no 3rd party, port forwarding, DMZ, router administrative requirements, STUN/TURN/UPnP/ICE, or spoofing required.

• networking/pulledpork Pulled Pork for Snort and Suricata rule management (from Google code)

• networking/Responder Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.

• networking/aircrack-ng WiFi security auditing tools suite

• networking/awesome-shodan-queries 🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

macOS

• macOS/macOS-enterprise-privileges For Mac users in an Enterprise environment, this app gives the User control over administration of their machine by elevating their level of access to Administrator privileges on macOS. Users can set the time frame using Preferences to perform specific tasks such as install or remove an application.

devops

• devops/Fenrir Simple Bash IOC Scanner

• devops/auditd Best Practice Auditd Configuration

• devops/osquery SQL powered operating system instrumentation, monitoring, and analytics.

• devops/wraith Uncover forgotten secrets and bring them back to life, haunting security and operations teams.

• devops/axiom The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!

• devops/credential-digger A Github scanning tool that identifies hardcoded credentials while filtering the false positive data through machine learning models 🔒

• devops/dog A command-line DNS client.

media

• media/exiftool ExifTool meta information reader/writer

• media/unredacter Never ever ever use pixelation as a redaction technique

• media/go-exif A very complete, highly tested, standards-driven (but customizable) EXIF reader/writer lovingly written in Go.

cloud

• cloud/stratus-red-team ☁️ ⚡ Granular, Actionable Adversary Emulation for the Cloud

• cloud/festin FestIn - S3 Bucket Weakness Discovery

• cloud/CloudPentestCheatsheets This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage cloud providers.

• cloud/ScoutSuite Multi-Cloud Security Auditing Tool

websites

• websites/awesome-api-security A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.

• websites/weird_proxies Reverse proxies cheatsheet

• websites/nginxconfig.io ⚙️ NGINX config generator on steroids 💉

• websites/CMSeeK CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and over 180 other CMSs

• websites/w3af w3af: web application attack and audit framework, the open source web vulnerability scanner.

• websites/AwesomeXSS Awesome XSS stuff

• websites/dirsearch Web path scanner

• websites/ffuf Fast web fuzzer written in Go

• websites/slowloris Low bandwidth DoS tool. Slowloris rewrite in Python.

• websites/payloads Git All the Payloads! A collection of web attack payloads.

• websites/PayloadsAllTheThings A list of useful payloads and bypass for Web Application Security and Pentest/CTF

• websites/awesome-web-security 🐶 A curated list of Web Security materials and resources.

• websites/sqlmap Automatic SQL injection and database takeover tool

• websites/H5SC HTML5 Security Cheatsheet - A collection of HTML5 related XSS attack vectors

sdr

• sdr/gps-sdr-sim Software-Defined GPS Signal Simulator

• sdr/gqrx Software defined radio receiver powered by GNU Radio and Qt.

• sdr/RFSec-ToolKit RFSec-ToolKit is a collection of Radio Frequency Communication Protocol Hacktools.无线通信协议相关的工具集，可借助SDR硬件+相关工具对无线通信进行研究。Collect with ♥ by HackSmith

• sdr/urh Universal Radio Hacker: Investigate Wireless Protocols Like A Boss

• sdr/gnuradio GNU Radio – the Free and Open Software Radio Ecosystem

• sdr/CubicSDR Cross-Platform Software-Defined Radio Application

• sdr/srsRAN Open source SDR 4G/5G software suite from Software Radio Systems (SRS)

containers

• containers/dockerfiles Various Dockerfiles I use on the desktop and on servers.

• containers/dockerscan Docker security analysis & hacking tools

• containers/docker-bench-security The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production.

• containers/docker-cheat-sheet Docker Cheat Sheet

osint

• osint/awesome-osint 😱 A curated list of amazingly awesome OSINT

• osint/oxdork Google dorking tool

• osint/uDork uDork is a script written in Bash Scripting that uses advanced Google search techniques to obtain sensitive information in files or directories, find IoT devices, detect versions of web applications, and so on.

• osint/mitaka A browser extension for OSINT search

• osint/waybackpack Download the entire Wayback Machine archive for a given URL.

• osint/metabigor Intelligence tool but without API key

• osint/Scrummage The Ultimate OSINT and Threat Hunting Framework

• osint/metagoofil Search Google and download specific file types

• osint/dorkScanner A typical search engine dork scanner scrapes search engines with dorks that you provide in order to find vulnerable URLs.

• osint/OSINT Collections of tools and methods created to aid in OSINT collection

• osint/spiderfoot SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

• osint/reconspider 🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.

assets

• assets/streamalert StreamAlert is a serverless, realtime data analysis framework which empowers you to ingest, analyze, and alert on data from any environment, using datasources and alerting logic you define.

• assets/netdata Real-time performance monitoring, done right! https://www.netdata.cloud

• assets/archerysec Centralize Vulnerability Assessment and Management for DevSecOps Team

• assets/snipe-it A free open source IT asset/license management system

blueteam

• blueteam/detection-rules Rules for Elastic Security's detection engine

• blueteam/sigma Generic Signature Format for SIEM Systems

• blueteam/chronicle-detection-rules Collection of YARA-L 2.0 sample rules for the Chronicle Detection API

• blueteam/FalconFriday Bi-weekly hunting queries

incidents

• incidents/Loki Loki - Simple IOC and Incident Response Scanner

• incidents/Aurora-Incident-Response Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders

• incidents/alerting-detection-strategy-framework A framework for developing alerting and detection strategies for incident response.

industrial

• industrial/ICS_IoT_Shodan_Dorks

• industrial/isf ISF(Industrial Control System Exploitation Framework)，a exploitation framework based on Python

• industrial/s7scan The tool for enumerating Siemens S7 PLCs through TCP/IP or LLC network

• industrial/ICS-Security-Tools Tools, tips, tricks, and more for exploring ICS Security.

blockchain

• blockchain/smart-contract-attack-vectors A collection of smart contract attack vectors along with prevention methods.

indicators

• indicators/yara-signator Automatic YARA rule generation for Malpedia

• indicators/ja3 JA3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way.

• indicators/misp-galaxy Clusters and elements to attach to MISP events or attributes (like threat actors)

• indicators/opencti Open Cyber Threat Intelligence Platform

• indicators/yara The pattern matching swiss knife

• indicators/python-iocextract Defanged Indicator of Compromise (IOC) Extractor.

• indicators/misp-warninglists Warning lists to inform users of MISP about potential false-positives or other information in indicators

• indicators/awesome-yara A curated list of awesome YARA rules, tools, and people.

• indicators/yarGen yarGen is a generator for YARA rules

• indicators/Yara-rules Collection of private Yara rules.

• indicators/jarm

• indicators/awesome-threat-intelligence A curated list of Awesome Threat Intelligence resources

• indicators/IoCs Sophos-originated indicators-of-compromise from published reports

• indicators/vti-dorks Awesome VirusTotal Intelligence Search Queries

forensics

• forensics/aa-tools Artifact analysis tools by JPCERT/CC Analysis Center

• forensics/ArtifactCollectionMatrix Forensic Artifact Collection Tool Matrix

• forensics/sleuthkit The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.

windows

• windows/evtx A Fast (and safe) parser for the Windows XML Event Log (EVTX) format

• windows/mimikatz A little tool to play with Windows security

• windows/RDPassSpray Python3 tool to perform password spraying using RDP

• windows/LiquidSnake LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript

• windows/ForgeCert "Golden" certificates

• windows/Certipy Tool for Active Directory Certificate Services enumeration and abuse

• windows/SysmonSearch Investigate suspicious activity by visualizing Sysmon's event log

• windows/SharpNoPSExec Get file less command execution for lateral movement.

• windows/nanodump A crappy LSASS dumper with no ASCII art

• windows/AttackSurfaceAnalyzer Attack Surface Analyzer can help you analyze your operating system's security configuration for changes during software installation.