NIST-to-TechAn open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)
Stars: ✭ 61 (-97.07%)
GosintOSINT Swiss Army Knife
Stars: ✭ 401 (-80.71%)
GetaltnameExtract subdomains from SSL certificates in HTTPS sites.
Stars: ✭ 320 (-84.61%)
ronin-supportA support library for Ronin. Like activesupport, but for hacking!
Stars: ✭ 23 (-98.89%)
Defaultcreds Cheat SheetOne place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
Stars: ✭ 1,949 (-6.25%)
sx🖖 Fast, modern, easy-to-use network scanner
Stars: ✭ 1,267 (-39.06%)
BerserkerA list of useful payloads for Web Application Security and Pentest/CTF
Stars: ✭ 212 (-89.8%)
SnoopSnoop — инструмент разведки на основе открытых данных (OSINT world)
Stars: ✭ 886 (-57.38%)
WsmanagerWebshell Manager
Stars: ✭ 99 (-95.24%)
Rfd CheckerRFD Checker - security CLI tool to test Reflected File Download issues
Stars: ✭ 56 (-97.31%)
Pentesterspecialdict渗透测试人员专用精简化字典 Dictionary for penetration testers happy hacker
Stars: ✭ 391 (-81.19%)
Hacker ContainerContainer with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters
Stars: ✭ 105 (-94.95%)
HolyTipsA Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.
Stars: ✭ 1,210 (-41.8%)
1earnffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
Stars: ✭ 3,715 (+78.69%)
volana🌒 Shell command obfuscation to avoid detection systems
Stars: ✭ 38 (-98.17%)
DorknetSelenium powered Python script to automate searching for vulnerable web apps.
Stars: ✭ 256 (-87.69%)
PyParser-CVEMulti source CVE/exploit parser.
Stars: ✭ 25 (-98.8%)
ChashellChashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks.
Stars: ✭ 742 (-64.31%)
Dumpsterfire"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Stars: ✭ 775 (-62.72%)
leaky-pathsA collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
Stars: ✭ 507 (-75.61%)
WordlistsInfosec Wordlists
Stars: ✭ 271 (-86.96%)
CloakifyCloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Stars: ✭ 1,136 (-45.36%)
DirsearchWeb path scanner
Stars: ✭ 7,246 (+248.53%)
IosMost usable tools for iOS penetration testing
Stars: ✭ 563 (-72.92%)
HershellHershell is a simple TCP reverse shell written in Go.
Stars: ✭ 442 (-78.74%)
VuldashVulnerability Dashboard
Stars: ✭ 16 (-99.23%)
AsnlookupLeverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.
Stars: ✭ 163 (-92.16%)
WinappdbgWinAppDbg Debugger
Stars: ✭ 338 (-83.74%)
tugareconPentest: Subdomains enumeration tool for penetration testers.
Stars: ✭ 142 (-93.17%)
SpiderfootSpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
Stars: ✭ 6,882 (+231.02%)
haiti🔑 Hash type identifier (CLI & lib)
Stars: ✭ 287 (-86.2%)
rejigTurn your VPS into an attack box
Stars: ✭ 33 (-98.41%)
juumla🦁 Juumla is a python tool created to identify Joomla version, scan for vulnerabilities and search for config or backup files.
Stars: ✭ 107 (-94.85%)
flydnsRelated subdomains finder
Stars: ✭ 29 (-98.61%)
aquatoneA Tool for Domain Flyovers
Stars: ✭ 43 (-97.93%)
PentestingMisc. Public Reports of Penetration Testing and Security Audits.
Stars: ✭ 24 (-98.85%)
Awesome InfosecA curated list of awesome infosec courses and training resources.
Stars: ✭ 3,779 (+81.77%)
Awesome Security GistsA collection of various GitHub gists for hackers, pentesters and security researchers
Stars: ✭ 701 (-66.28%)
PwndocPentest Report Generator
Stars: ✭ 417 (-79.94%)
Dictionary Of PentestingDictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。
Stars: ✭ 492 (-76.33%)
ReconftwreconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Stars: ✭ 974 (-53.15%)
Pythonfuzzcoverage guided fuzz testing for python
Stars: ✭ 175 (-91.58%)
FuzzitCLI to integrate continuous fuzzing with Fuzzit
Stars: ✭ 220 (-89.42%)
RaccoonA high performance offensive security tool for reconnaissance and vulnerability scanning
Stars: ✭ 2,312 (+11.21%)
KleeflSeeding fuzzers with symbolic execution
Stars: ✭ 172 (-91.73%)
Fuzzcheck RsStructure-aware, in-process, coverage-guided, evolutionary fuzzing engine for Rust functions.
Stars: ✭ 247 (-88.12%)
UafuzzUAFuzz: Binary-level Directed Fuzzing for Use-After-Free Vulnerabilities
Stars: ✭ 217 (-89.56%)
FuzzfactoryDomain-Specific Fuzzing with Waypoints
Stars: ✭ 167 (-91.97%)
MorphAn open source fuzzing framework for fun.
Stars: ✭ 166 (-92.02%)
JfsConstraint solver based on coverage-guided fuzzing
Stars: ✭ 215 (-89.66%)
FuzzinatorFuzzinator Random Testing Framework
Stars: ✭ 164 (-92.11%)
GrammarinatorANTLR v4 grammar-based test generator
Stars: ✭ 162 (-92.21%)
MyJWTA cli for cracking, testing vulnerabilities on Json Web Token(JWT)
Stars: ✭ 92 (-95.57%)
QasanQASan is a custom QEMU 3.1.1 that detects memory errors in the guest using AddressSanitizer.
Stars: ✭ 246 (-88.17%)
RapidRapid is a Go library for property-based testing that supports state machine ("stateful" or "model-based") testing and fully automatic test case minimization ("shrinking")
Stars: ✭ 213 (-89.75%)