Stowaway👻Stowaway -- Multi-hop Proxy Tool for pentesters
Stars: ✭ 500 (+19.33%)
LibdiffuzzCustom memory allocator that helps discover reads from uninitialized memory
Stars: ✭ 147 (-64.92%)
FireelffireELF - Fileless Linux Malware Framework
Stars: ✭ 435 (+3.82%)
HabuHacking Toolkit
Stars: ✭ 635 (+51.55%)
Bundler AuditPatch-level verification for Bundler
Stars: ✭ 2,393 (+471.12%)
GitgrabergitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
Stars: ✭ 1,164 (+177.8%)
Audit scriptsScripts to gather system configuration information for offline/remote auditing
Stars: ✭ 55 (-86.87%)
SuperSecure, Unified, Powerful and Extensible Rust Android Analyzer
Stars: ✭ 340 (-18.85%)
ResourcesA Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.
Stars: ✭ 62 (-85.2%)
DockleContainer Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
Stars: ✭ 1,713 (+308.83%)
Golang TlsSimple Golang HTTPS/TLS Examples
Stars: ✭ 857 (+104.53%)
MarsnakeSystem Optimizer and Monitoring, Security Auditing, Vulnerability scanner for Linux, macOS, and UNIX-based systems
Stars: ✭ 16 (-96.18%)
WsltoolsWeb Scan Lazy Tools - Python Package
Stars: ✭ 288 (-31.26%)
Cs SuiteCloud Security Suite - One stop tool for auditing the security posture of AWS/GCP/Azure infrastructure.
Stars: ✭ 815 (+94.51%)
NebulousadNebulousAD automated credential auditing tool.
Stars: ✭ 158 (-62.29%)
MicrosoftWontFixListA list of vulnerabilities or design flaws that Microsoft does not intend to fix. Since the number is growing, I decided to make a list. This list covers only vulnerabilities that came up in July 2021 (and SpoolSample ;-))
Stars: ✭ 854 (+103.82%)
Traitor⬆️ ☠️ Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, polkit, docker socket
Stars: ✭ 3,473 (+728.88%)
Impost3r👻Impost3r -- A linux password thief
Stars: ✭ 355 (-15.27%)
Badkarmanetwork reconnaissance toolkit
Stars: ✭ 353 (-15.75%)
SecuritymanageframworkSecurity Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.
Stars: ✭ 378 (-9.79%)
Bulletproof NodejsImplementation of a bulletproof node.js API 🛡️
Stars: ✭ 4,369 (+942.72%)
Advisory DbSecurity advisory database for Rust crates published through crates.io
Stars: ✭ 396 (-5.49%)
EventhusGo - CQRS / Event Sourcing made easy - Go
Stars: ✭ 350 (-16.47%)
SherloqAn open-source digital image forensic toolset
Stars: ✭ 349 (-16.71%)
Cobalt strike extension kitAttempting to be an all in one repo for others' userful aggressor scripts as well as things we've found useful during Red Team Operations.
Stars: ✭ 345 (-17.66%)
LadongoLadon Pentest Scanner framework 全平台LadonGo开源内网渗透扫描器框架,使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost,远程执行SSH/Winrm,密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis,端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机,端口扫描服务识别PortScan。
Stars: ✭ 366 (-12.65%)
Enum4linux NgA next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.
Stars: ✭ 349 (-16.71%)
WatchdogWatchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.
Stars: ✭ 345 (-17.66%)
SpruceA social networking platform made using Node.js and MongoDB
Stars: ✭ 399 (-4.77%)
Infosec referenceAn Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
Stars: ✭ 4,162 (+893.32%)
Docker Inbound AgentDocker image for a Jenkins agent which can connect to Jenkins using TCP or Websocket protocols
Stars: ✭ 342 (-18.38%)
DeeppurposeA Deep Learning Toolkit for DTI, Drug Property, PPI, DDI, Protein Function Prediction (Bioinformatics)
Stars: ✭ 342 (-18.38%)
Rustscan🤖 The Modern Port Scanner 🤖
Stars: ✭ 5,218 (+1145.35%)
SuitesparseThe official SuiteSparse library: a suite of sparse matrix algorithms authored or co-authored by Tim Davis, Texas A&M University
Stars: ✭ 344 (-17.9%)
HuskyciPerforming security tests inside your CI
Stars: ✭ 398 (-5.01%)
OffensivedlrToolbox containing research notes & PoC code for weaponizing .NET's DLR
Stars: ✭ 364 (-13.13%)
Syzkallersyzkaller is an unsupervised coverage-guided kernel fuzzer
Stars: ✭ 3,841 (+816.71%)
Suid3numA standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! ( ͡~ ͜ʖ ͡°)
Stars: ✭ 342 (-18.38%)
ToratToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication
Stars: ✭ 415 (-0.95%)
Forms AngularProbably the most opinionated framework in the world
Stars: ✭ 412 (-1.67%)
GorelicGoRelic is deprecated in favour of https://github.com/newrelic/go-agent
Stars: ✭ 391 (-6.68%)
AiodnsbrutePython 3.5+ DNS asynchronous brute force utility
Stars: ✭ 370 (-11.69%)
Meiam.system.NET 5 / .NET Core 3.1 WebAPI + Vue 2.0 + RBAC 企业级前后端分离权限框架
Stars: ✭ 340 (-18.85%)
HexagonHexagon is a microservices toolkit written in Kotlin. Its purpose is to ease the building of services (Web applications, APIs or queue consumers) that run inside a cloud platform.
Stars: ✭ 336 (-19.81%)
TlsfuzzerSSL and TLS protocol test suite and fuzzer
Stars: ✭ 335 (-20.05%)
ApplicationinspectorA source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.
Stars: ✭ 3,873 (+824.34%)
TtpsTactics, Techniques, and Procedures
Stars: ✭ 335 (-20.05%)
TbuiautotestGenerating UI test label automatically for iOS.
Stars: ✭ 333 (-20.53%)
SpicypassA light-weight password manager with a focus on simplicity and security
Stars: ✭ 367 (-12.41%)
Htrace.shMy simple Swiss Army knife for http/https troubleshooting and profiling.
Stars: ✭ 3,465 (+726.97%)
PacketwhisperPacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.
Stars: ✭ 405 (-3.34%)
Cerberus一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能
Stars: ✭ 389 (-7.16%)
Nodejs Api BoilerplateA boilerplate for kickstart your nodejs api project with JWT Auth and some new Techs :)
Stars: ✭ 364 (-13.13%)
Bumblebee.net core fast http and websocket gateway components
Stars: ✭ 329 (-21.48%)
Redteam ResearchCollection of PoC and offensive techniques used by the BlackArrow Red Team
Stars: ✭ 330 (-21.24%)