834 Open source projects that are alternatives of or similar to Awesome Sec Talks

🎯 PHP / ASP - Shell Backdoor List 🎯

A collection of all the data i could extract from 1 billion leaked credentials from internet.

IP Tools To quickly get information about IP Address's, Web Pages and DNS records.

Dorothy is a tool to test security monitoring and detection for Okta environments

HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

A Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries by disassembling and analyzing the compiled python byte-code(.pyc) files across all python versions (including Python 3.10.*)

Web Application Security Scanner Framework

This repository is used to store answers when resolving ctf challanges, how i came to that answer and the line of thought used to reach it.

⬆️ ☠️ Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, polkit, docker socket

Writeups of CTF challenges

ATT&CK实操

A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.

AWS Serverless Security

XSS in pastebin.com and reddit.com via unsanitized markdown output

☎️ Original open source call flooder using Twilio's API.

Complete Listing and Usage of Tools used for Ethical Hacking

A list of all the Angular Communities around the world

Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]

A simple python script which can check HTTP status of branch of URLs/Subdomains and grab URLs/Subdomain title

Python API wrapper for haveibeenpwned.com (API v3)

Community Workflow for the Osmedeus Engine that describes basic reconnaissance methodology for you to build your own

LLMNR/NBNS/mDNS Spoofing Detection Toolkit

Windows post-exploitation tools, resources, techniques and commands to use during post-exploitation phase of penetration test. Contributions are appreciated. Enjoy!

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

😈 Jenkins RCE PoC. From unauthenticated user to remote code execution, it's a hacker's dream!

Nuclei templates for K8S security scanning

Audit your public Google Drive files.

Quine Museum

渗透测试☞经验/思路/总结/想法/笔记

Curated list of conferences and CFPs that interest me

The iCTF Framework, presented by Shellphish!

Declarative penetration testing orchestration framework

Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.

A concise, directive, specific, flexible, and free incident response plan template

Mercure is a tool for security managers who want to train their colleague to phishing.

Feature-rich Post Exploitation Framework with Network Pivoting capabilities.

Vulnerability assessment and penetration testing automation and reporting platform for teams.

Quack Toolkit is a set of tools to provide denial of service attacks. Quack Toolkit includes SMS attack tool, HTTP attack tool and many other attack tools.

Tool Information Gathering Write By Python.

Hacker101 CTF Writeup

List of my talks and workshops: security engineering, applied cryptography, secure software development

A Deliberately Insecure Web Application

sub domain wild card filtering tool

Linux privilege escalation checks (systemd, dbus, socket fun, etc)

Git folder digger, I'm sure it's worthwhile stuff.

Threat Hunting queries for various attacks

DEPRECATED, wifipumpkin3 -> https://github.com/P0cL4bs/wifipumpkin3

一款信息泄漏利用工具，适用于.git/.svn源代码泄漏和.DS_Store泄漏

Python bindings for Yeti's API

A collection of resources I'm using while working toward the OSCP

locate and attack Lync/Skype for Business

SEC分布式资产扫描系统

Subcert is an subdomain enumeration tool, that finds all the subdomains from certificate transparency logs.

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

StalkPhish - The Phishing kits stalker, harvesting phishing kits for investigations.

PyConES 2019 conferences, attachments and related stuff

A simple tool that aims to efficiently and quickly parse the outputs of web scraping tools like gau

(deprecated) Android application vulnerability analysis and Android pentest tool