AirmasterUse ExpiredDomains.net and BlueCoat to find useful domains for red team.
Stars: ✭ 150 (-94.65%)
Vulscanvulscan 扫描系统:最新的poc&exp漏洞扫描,redis未授权、敏感文件、java反序列化、tomcat命令执行及各种未授权扫描等...
Stars: ✭ 486 (-82.66%)
GorshA Golang Reverse Shell w/ a Tmux-driven psuedo-C2 Interface
Stars: ✭ 97 (-96.54%)
DronesploitDrone pentesting framework console
Stars: ✭ 473 (-83.12%)
RevshellgenReverse shell generator written in Python 3.
Stars: ✭ 190 (-93.22%)
AutosploitAutomated Mass Exploiter
Stars: ✭ 4,500 (+60.6%)
AttacksurfaceanalyzerAttack Surface Analyzer can help you analyze your operating system's security configuration for changes during software installation.
Stars: ✭ 1,341 (-52.14%)
TracyA tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.
Stars: ✭ 464 (-83.44%)
Ssti Payloads🎯 Server Side Template Injection Payloads
Stars: ✭ 150 (-94.65%)
Awesome Test AutomationA curated list of awesome test automation frameworks, tools, libraries, and software for different programming languages. Sponsored by http://sdclabs.com
Stars: ✭ 4,712 (+68.17%)
G ScoutGoogle Cloud Platform Security Tool
Stars: ✭ 210 (-92.51%)
Nndefacctsnnposter's alternate fingerprint dataset for Nmap script http-default-accounts
Stars: ✭ 180 (-93.58%)
IotsharkIotShark - Monitoring and Analyzing IoT Traffic
Stars: ✭ 69 (-97.54%)
Grapefruit(WIP) Runtime Application Instruments for iOS. Previously Passionfruit
Stars: ✭ 235 (-91.61%)
SpoofcheckSimple script that checks a domain for email protections
Stars: ✭ 437 (-84.4%)
Github DorksFind leaked secrets via github search
Stars: ✭ 1,332 (-52.46%)
Cookie crimesRead local Chrome cookies without root or decrypting
Stars: ✭ 434 (-84.51%)
GosecGolang security checker
Stars: ✭ 5,694 (+103.21%)
Password LeakA library to check for compromised passwords
Stars: ✭ 92 (-96.72%)
AppmonDocumentation:
Stars: ✭ 1,157 (-58.71%)
PgenCommand-line passphrase generator
Stars: ✭ 68 (-97.57%)
NfcgateAn NFC research toolkit application for Android
Stars: ✭ 425 (-84.83%)
Unwebpack SourcemapExtract uncompiled, uncompressed SPA code from Webpack source maps.
Stars: ✭ 176 (-93.72%)
EncpipeThe dum^H^H^Hsimplest encryption tool in the world.
Stars: ✭ 135 (-95.18%)
Cloud Security AuditA command line security audit tool for Amazon Web Services
Stars: ✭ 68 (-97.57%)
EyeballerConvolutional neural network for analyzing pentest screenshots
Stars: ✭ 416 (-85.15%)
ApisecuritybestpracticesResources to help you keep secrets (API keys, database credentials, certificates, ...) out of source code and remediate the issue in case of a leaked API key. Made available by GitGuardian.
Stars: ✭ 1,745 (-37.72%)
ZaproxyThe OWASP ZAP core project
Stars: ✭ 9,078 (+223.98%)
Mix audit🕵️♀️ MixAudit provides a mix deps.audit task to scan a project Mix dependencies for known Elixir security vulnerabilities
Stars: ✭ 146 (-94.79%)
ArchstrikeAn Arch Linux repository for security professionals and enthusiasts. Done the Arch Way and optimized for i686, x86_64, ARMv6, ARMv7 and ARMv8.
Stars: ✭ 401 (-85.69%)
AdhritAndroid Security Suite for in-depth reconnaissance and static bytecode analysis based on Ghera benchmarks.
Stars: ✭ 399 (-85.76%)
KnaryA simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support
Stars: ✭ 187 (-93.33%)
Envkey AppSecure, human-friendly, cross-platform secrets and config.
Stars: ✭ 83 (-97.04%)
ProgpilotA static analysis tool for security
Stars: ✭ 226 (-91.93%)
CloakifyCloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Stars: ✭ 1,136 (-59.46%)
DufflebagSearch exposed EBS volumes for secrets
Stars: ✭ 177 (-93.68%)
Nodejsscannodejsscan is a static security code scanner for Node.js applications.
Stars: ✭ 1,874 (-33.12%)
Kube ScoreKubernetes object analysis with recommendations for improved reliability and security
Stars: ✭ 1,128 (-59.74%)
Cerberus一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能
Stars: ✭ 389 (-86.12%)
AnsibleplaybooksA collection of Ansible Playbooks that configure Kali to use Fish & install a number of tools
Stars: ✭ 143 (-94.9%)
Envizonnetwork visualization & vulnerability management/reporting
Stars: ✭ 382 (-86.37%)
Keynuker🔐💥 KeyNuker - nuke AWS keys accidentally leaked to Github
Stars: ✭ 82 (-97.07%)
PyupA tool to update your project's dependencies on GitHub. Runs on pyup.io, comes with a command line interface.
Stars: ✭ 379 (-86.47%)
Pentesting CookbookA set of recipes useful in pentesting and red teaming scenarios
Stars: ✭ 82 (-97.07%)
BbrAn open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.
Stars: ✭ 142 (-94.93%)
Fhe Toolkit LinuxIBM Fully Homomorphic Encryption Toolkit For Linux. This toolkit is a Linux based Docker container that demonstrates computing on encrypted data without decrypting it! The toolkit ships with two demos including a fully encrypted Machine Learning inference with a Neural Network and a Privacy-Preserving key-value search.
Stars: ✭ 1,123 (-59.92%)
MetaforgeAn OSINT Metadata analyzing tool that filters through tags and creates reports
Stars: ✭ 63 (-97.75%)
Intrec PackIntelligence and Reconnaissance Package/Bundle installer.
Stars: ✭ 177 (-93.68%)
O365sprayUsername enumeration and password spraying tool aimed at Microsoft O365.
Stars: ✭ 133 (-95.25%)
VulmapVulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能
Stars: ✭ 1,079 (-61.49%)
Nimscan🚀 Fast Port Scanner 🚀
Stars: ✭ 134 (-95.22%)
JaelesThe Swiss Army knife for automated Web Application Testing
Stars: ✭ 1,073 (-61.71%)