Awesome Cobaltstrikecobaltstrike的相关资源汇总 / List of Awesome CobaltStrike Resources
Stars: ✭ 1,157 (+368.42%)
YarYar is a tool for plunderin' organizations, users and/or repositories.
Stars: ✭ 174 (-29.55%)
FaradayFaraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.
Stars: ✭ 3,198 (+1194.74%)
Awsenvawsenv is intended as a local credential store for people using more than one AWS account at the same time
Stars: ✭ 67 (-72.87%)
PhishapiComprehensive Web Based Phishing Suite for Rapid Deployment and Real-Time Alerting!
Stars: ✭ 272 (+10.12%)
Cr3dov3rKnow the dangers of credential reuse attacks.
Stars: ✭ 1,700 (+588.26%)
WordlistsInfosec Wordlists
Stars: ✭ 271 (+9.72%)
Dr0p1t FrameworkA framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks
Stars: ✭ 1,132 (+358.3%)
Fudgec2FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.
Stars: ✭ 191 (-22.67%)
LinkfinderA python script that finds endpoints in JavaScript files
Stars: ✭ 2,268 (+818.22%)
Resource filesmosquito - Automating reconnaissance and brute force attacks
Stars: ✭ 95 (-61.54%)
Upash🔒Unified API for password hashing algorithms
Stars: ✭ 484 (+95.95%)
My TalksList of my talks and workshops: security engineering, applied cryptography, secure software development
Stars: ✭ 261 (+5.67%)
ResourcesA Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.
Stars: ✭ 62 (-74.9%)
DorknetSelenium powered Python script to automate searching for vulnerable web apps.
Stars: ✭ 256 (+3.64%)
LyricpassPassword wordlist generator using song lyrics for targeted bruteforce audits / attacks. Useful for penetration testing or security research.
Stars: ✭ 58 (-76.52%)
MicrosoftWontFixListA list of vulnerabilities or design flaws that Microsoft does not intend to fix. Since the number is growing, I decided to make a list. This list covers only vulnerabilities that came up in July 2021 (and SpoolSample ;-))
Stars: ✭ 854 (+245.75%)
driftwoodPrivate key usage verification
Stars: ✭ 262 (+6.07%)
JaelesThe Swiss Army knife for automated Web Application Testing
Stars: ✭ 1,073 (+334.41%)
ReconnessReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.
Stars: ✭ 131 (-46.96%)
ReversePowerShellFunctions that can be used to gain Reverse Shells with PowerShell
Stars: ✭ 48 (-80.57%)
FleetA flexible control server for osquery fleets
Stars: ✭ 1,068 (+332.39%)
gtfoSearch for Unix binaries that can be exploited to bypass system security restrictions.
Stars: ✭ 88 (-64.37%)
DoxycannonA poorman's proxycannon and botnet, using docker, ovpn files, and a dante socks5 proxy
Stars: ✭ 216 (-12.55%)
Threat-Intel-Slack-BotInteractive Threat Intelligence Bot that leverages serverless framework, AWS/GCP, and Slack
Stars: ✭ 26 (-89.47%)
BackdorosbackdorOS is an in-memory OS written in Python 2.7 with a built-in in-memory filesystem, hooks for open() calls and imports, Python REPL etc.
Stars: ✭ 50 (-79.76%)
windows-Credential-Provider-libraryThis repository will be updated with all the examples and links that I can find with relevant knowledge & information about CP in MS Windows vista up to version 10.
Stars: ✭ 122 (-50.61%)
ImpulsiveDLLHijackC# based tool which automates the process of discovering and exploiting DLL Hijacks in target binaries. The Hijacked paths discovered can later be weaponized during Red Team Operations to evade EDR's.
Stars: ✭ 258 (+4.45%)
Remote Desktop CachingThis tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.
Stars: ✭ 171 (-30.77%)
APAC-MeetupsA community contributed consolidated list of InfoSec meetups in the Asia Pacific region.
Stars: ✭ 52 (-78.95%)
SpectreA simple phishing tool that can phish almost any website
Stars: ✭ 57 (-76.92%)
Awesome Mobile SecurityAn effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
Stars: ✭ 1,837 (+643.72%)
webextensionDetect secrets in your request/response using secretlint.
Stars: ✭ 40 (-83.81%)
Legal Bug Bounty#legalbugbounty project — creating safe harbors on bug bounty programs and vulnerability disclosure programs. Authored by Amit Elazari.
Stars: ✭ 42 (-83%)
Repo SupervisorScan your code for security misconfiguration, search for passwords and secrets. 🔍
Stars: ✭ 482 (+95.14%)
S3scannerScan for open AWS S3 buckets and dump the contents
Stars: ✭ 1,319 (+434.01%)
Gtfobins.github.ioGTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
Stars: ✭ 6,030 (+2341.3%)
FatherLD_PRELOAD rootkit
Stars: ✭ 59 (-76.11%)
CredsEncrypted & plain text credentials for multiple environments
Stars: ✭ 38 (-84.62%)
Cfn Secret ProviderA CloudFormation custom resource provider for deploying secrets and keys
Stars: ✭ 125 (-49.39%)
MalcomMalcom - Malware Communications Analyzer
Stars: ✭ 988 (+300%)
Search That Hash🔎Searches Hash APIs to crack your hash quickly🔎 If hash is not found, automatically pipes into HashCat⚡
Stars: ✭ 466 (+88.66%)
DiscordGoDiscord C2 for Redteam....Need a better name
Stars: ✭ 55 (-77.73%)
Community ThreatsThe GitHub of Adversary Emulation Plans in JSON. Share SCYTHE threats with the community. #ThreatThursday adversary emulation plans are shared here.
Stars: ✭ 169 (-31.58%)
Powershell Red TeamCollection of PowerShell functions a Red Teamer may use to collect data from a machine
Stars: ✭ 155 (-37.25%)
RpcheckuprpCheckup is an AWS resource policy security checkup tool that identifies public, external account access, intra-org account access, and private resources.
Stars: ✭ 91 (-63.16%)
Go ShellcodeLoad shellcode into a new process
Stars: ✭ 456 (+84.62%)
PlumhoundBloodhound for Blue and Purple Teams
Stars: ✭ 452 (+83%)
Cvebase.comcvebase is a community-driven vulnerability data platform to discover the world's top security researchers and their latest disclosed vulnerabilities & PoCs
Stars: ✭ 88 (-64.37%)
OctopusOpen source pre-operation C2 server based on python and powershell
Stars: ✭ 449 (+81.78%)
PowerzurePowerShell framework to assess Azure security
Stars: ✭ 450 (+82.19%)
Pentest ChainsawScrapes Router Passwords From http://www.routerpasswords.com ,more then +300 product
Stars: ✭ 36 (-85.43%)
Oprah ProxyGenerate credentials for Opera's "browser VPN"
Stars: ✭ 245 (-0.81%)