Xunfeng巡风是一款适用于企业内网的漏洞快速应急,巡航扫描系统。
Stars: ✭ 3,131 (+9387.88%)
PhishapiComprehensive Web Based Phishing Suite for Rapid Deployment and Real-Time Alerting!
Stars: ✭ 272 (+724.24%)
awesome-api-securityA collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.
Stars: ✭ 2,079 (+6200%)
Awesome Security GistsA collection of various GitHub gists for hackers, pentesters and security researchers
Stars: ✭ 701 (+2024.24%)
Application Security Engineer Interview QuestionsSome of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
Stars: ✭ 267 (+709.09%)
CloudbruteAwesome cloud enumerator
Stars: ✭ 268 (+712.12%)
PwnshopExploit Development, Reverse Engineering & Cryptography
Stars: ✭ 167 (+406.06%)
StalkphishStalkPhish - The Phishing kits stalker, harvesting phishing kits for investigations.
Stars: ✭ 256 (+675.76%)
targetsA collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.
Stars: ✭ 85 (+157.58%)
RenginereNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…
Stars: ✭ 3,439 (+10321.21%)
AsnlookupLeverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.
Stars: ✭ 163 (+393.94%)
Open-source-tools-for-CTIPublic Repository of Open Source Tools for Cyber Threat Intelligence Analysts and Researchers
Stars: ✭ 91 (+175.76%)
pentest-reportsCollection of penetration test reports and pentest report templates. Published by the the best security companies in the world.
Stars: ✭ 111 (+236.36%)
remote-code-execution-sampleDemonstrate how usage of the Java Security Manager can prevent Remote Code Execution (RCE) exploits.
Stars: ✭ 18 (-45.45%)
Python HoneypotOWASP Honeypot, Automated Deception Framework.
Stars: ✭ 160 (+384.85%)
nozzlrNozzlr is a bruteforce framework, trully modular and script-friendly
Stars: ✭ 60 (+81.82%)
APAC-MeetupsA community contributed consolidated list of InfoSec meetups in the Asia Pacific region.
Stars: ✭ 52 (+57.58%)
LinkfinderA python script that finds endpoints in JavaScript files
Stars: ✭ 2,268 (+6772.73%)
Pwdb-PublicA collection of all the data i could extract from 1 billion leaked credentials from internet.
Stars: ✭ 2,529 (+7563.64%)
polscanZero-setup SSH-based scanner with extensive visualizations for Debian server inventory, policy compliance and vulnerabilities
Stars: ✭ 57 (+72.73%)
dorothyDorothy is a tool to test security monitoring and detection for Okta environments
Stars: ✭ 85 (+157.58%)
UrlcrazyGenerate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage.
Stars: ✭ 150 (+354.55%)
BashfuscatorA fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.
Stars: ✭ 690 (+1990.91%)
Ehoney安全、快捷、高交互、企业级的蜜罐管理系统,护网;支持多种协议蜜罐、蜜签、诱饵等功能。A safe, fast, highly interactive and enterprise level honeypot management system, supports multiple protocol honeypots, honeytokens, baits and other functions.
Stars: ✭ 1,051 (+3084.85%)
DomainedMulti Tool Subdomain Enumeration
Stars: ✭ 688 (+1984.85%)
Cyber-SecurityThis repository is used to store answers when resolving ctf challanges, how i came to that answer and the line of thought used to reach it.
Stars: ✭ 42 (+27.27%)
Amitt frameworkRepo replaced by cogsec-collaborative/AMITT
Stars: ✭ 152 (+360.61%)
MalwlessTest Blue Team detections without running any attack.
Stars: ✭ 215 (+551.52%)
CypherothAutomated, extensible toolset that runs cypher queries against Bloodhound's Neo4j backend and saves output to spreadsheets.
Stars: ✭ 179 (+442.42%)
Proof Of ConceptsA little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.
Stars: ✭ 148 (+348.48%)
Windows hardeningWindows Hardening settings and configurations
Stars: ✭ 148 (+348.48%)
FlerkenA Solution For Cross-Platform Obfuscated Commands Detection presented on CIS2019 China. 动静态Bash/CMD/PowerShell命令混淆检测框架 - CIS 2019大会
Stars: ✭ 133 (+303.03%)
WincmdfuWindows one line commands that make life easier, shortcuts and command line fu.
Stars: ✭ 145 (+339.39%)
Deploy DeceptionA PowerShell module to deploy active directory decoy objects.
Stars: ✭ 109 (+230.3%)
BinsnitchDetect silent (unwanted) changes to files on your system
Stars: ✭ 144 (+336.36%)
MalwarepersistencescriptsA collection of scripts I've written to help red and blue teams with malware persistence techniques.
Stars: ✭ 103 (+212.12%)
VindicateToolLLMNR/NBNS/mDNS Spoofing Detection Toolkit
Stars: ✭ 40 (+21.21%)
ThreathuntThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.
Stars: ✭ 92 (+178.79%)
AutosetupAuto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.
Stars: ✭ 140 (+324.24%)
Hacker ezinesA collection of electronic hacker magazines carefully curated over the years from multiple sources
Stars: ✭ 72 (+118.18%)
rustpadMulti-threaded Padding Oracle attacks against any service. Written in Rust.
Stars: ✭ 75 (+127.27%)
TheharvesterE-mails, subdomains and names Harvester - OSINT
Stars: ✭ 6,175 (+18612.12%)
Repo SupervisorScan your code for security misconfiguration, search for passwords and secrets. 🔍
Stars: ✭ 482 (+1360.61%)
GorsairGorsair hacks its way into remote docker containers that expose their APIs
Stars: ✭ 678 (+1954.55%)
sgCheckupsgCheckup generates nmap output based on scanning your AWS Security Groups for unexpected open ports.
Stars: ✭ 77 (+133.33%)
ctf-writeupsWriteups of CTF challenges
Stars: ✭ 19 (-42.42%)
TweetFeedCollecting IOCs posted on Twitter
Stars: ✭ 181 (+448.48%)
T1tl3A simple python script which can check HTTP status of branch of URLs/Subdomains and grab URLs/Subdomain title
Stars: ✭ 14 (-57.58%)
Damn-Vulnerable-BankDamn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.
Stars: ✭ 379 (+1048.48%)
ggtfobinsGet GTFOBins info about a given exploit from the command line
Stars: ✭ 27 (-18.18%)
challengesSecurity challenges and CTFs created by the Penultimate team.
Stars: ✭ 13 (-60.61%)
evtx-hunterevtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.
Stars: ✭ 122 (+269.7%)
DirsearchWeb path scanner
Stars: ✭ 7,246 (+21857.58%)