ResourcesA Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.
Stars: ✭ 62 (+67.57%)
FaradayFaraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.
Stars: ✭ 3,198 (+8543.24%)
Sbt Dependency CheckSBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈
Stars: ✭ 187 (+405.41%)
ApicheckThe DevSecOps toolset for REST APIs
Stars: ✭ 184 (+397.3%)
HabuHacking Toolkit
Stars: ✭ 635 (+1616.22%)
KubestrikerA Blazing fast Security Auditing tool for Kubernetes
Stars: ✭ 213 (+475.68%)
TaipanWeb application vulnerability scanner
Stars: ✭ 359 (+870.27%)
Kube Scankube-scan: Octarine k8s cluster risk assessment tool
Stars: ✭ 566 (+1429.73%)
CrithitTakes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Stars: ✭ 182 (+391.89%)
Security ToolsCollection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.
Stars: ✭ 509 (+1275.68%)
ThreagileAgile Threat Modeling Toolkit
Stars: ✭ 162 (+337.84%)
PurifyAll-in-one tool for managing vulnerability reports from AppSec pipelines
Stars: ✭ 72 (+94.59%)
SherlockThis script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)
Stars: ✭ 36 (-2.7%)
Application Security Engineer Interview QuestionsSome of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
Stars: ✭ 267 (+621.62%)
Awesome Sec TalksA collected list of awesome security talks
Stars: ✭ 3,411 (+9118.92%)
ProwlerProwler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.
Stars: ✭ 4,561 (+12227.03%)
Ctf Writeups PublicWriteups for infosec Capture the Flag events by team Galaxians
Stars: ✭ 331 (+794.59%)
It BooksIT, Programming & Computer science books
Stars: ✭ 356 (+862.16%)
Technical WhitepapersCollection of IT whitepapers, presentations, pdfs; hacking, web app security, db, reverse engineering and more; EN/PL.
Stars: ✭ 359 (+870.27%)
ThreatmapperIdentify vulnerabilities in running containers, images, hosts and repositories
Stars: ✭ 361 (+875.68%)
Ansible For KubernetesAnsible and Kubernetes examples from Ansible for Kubernetes Book
Stars: ✭ 389 (+951.35%)
ArchstrikeAn Arch Linux repository for security professionals and enthusiasts. Done the Arch Way and optimized for i686, x86_64, ARMv6, ARMv7 and ARMv8.
Stars: ✭ 401 (+983.78%)
QuackQuack Toolkit is a set of tools to provide denial of service attacks. Quack Toolkit includes SMS attack tool, HTTP attack tool and many other attack tools.
Stars: ✭ 305 (+724.32%)
My LinksKnowledge seeks no man
Stars: ✭ 311 (+740.54%)
Badkarmanetwork reconnaissance toolkit
Stars: ✭ 353 (+854.05%)
Devops RoadmapDevOps methodology & roadmap for a devops developer in 2019. Interesting books to learn new technologies.
Stars: ✭ 349 (+843.24%)
W5Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台,无需编写代码的安全自动化,使用 SOAR 可以让团队工作更加高效
Stars: ✭ 367 (+891.89%)
ApkurlgrepExtract endpoints from APK files
Stars: ✭ 405 (+994.59%)
Dradis CeDradis Framework: Colllaboration and reporting for IT Security teams
Stars: ✭ 443 (+1097.3%)
Xunfeng巡风是一款适用于企业内网的漏洞快速应急,巡航扫描系统。
Stars: ✭ 3,131 (+8362.16%)
Docker practiceLearn and understand Docker technologies, with real DevOps practice!
Stars: ✭ 19,768 (+53327.03%)
SecuritymanageframworkSecurity Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.
Stars: ✭ 378 (+921.62%)
NmapIdiomatic nmap library for go developers
Stars: ✭ 391 (+956.76%)
Infosec referenceAn Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
Stars: ✭ 4,162 (+11148.65%)
PwndocPentest Report Generator
Stars: ✭ 417 (+1027.03%)
HellraiserVulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.
Stars: ✭ 413 (+1016.22%)
Search That Hash🔎Searches Hash APIs to crack your hash quickly🔎 If hash is not found, automatically pipes into HashCat⚡
Stars: ✭ 466 (+1159.46%)
SecurecodeboxsecureCodeBox (SCB) - continuous secure delivery out of the box
Stars: ✭ 279 (+654.05%)
NishangNishang - Offensive PowerShell for red team, penetration testing and offensive security.
Stars: ✭ 5,943 (+15962.16%)
Name That Hash🔗 Don't know what type of hash it is? Name That Hash will name that hash type! 🤖 Identify MD5, SHA256 and 3000+ other hashes ☄ Comes with a neat web app 🔥
Stars: ✭ 540 (+1359.46%)
Red Teaming ToolkitThis repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
Stars: ✭ 5,615 (+15075.68%)
Passphrase WordlistPassphrase wordlist and hashcat rules for offline cracking of long, complex passwords
Stars: ✭ 556 (+1402.7%)
DvwaDamn Vulnerable Web Application (DVWA)
Stars: ✭ 5,727 (+15378.38%)
Jok3rJok3r v3 BETA 2 - Network and Web Pentest Automation Framework
Stars: ✭ 645 (+1643.24%)
Penetration Testing ToolsA collection of more than 140+ tools, scripts, cheatsheets and other loots that I have developed over years for Red Teaming/Pentesting/IT Security audits purposes. Most of them came handy on at least one of my real-world engagements.
Stars: ✭ 614 (+1559.46%)
DirsearchWeb path scanner
Stars: ✭ 7,246 (+19483.78%)
DiamorphineLKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)
Stars: ✭ 725 (+1859.46%)
TrapePeople tracker on the Internet: OSINT analysis and research tool by Jose Pino
Stars: ✭ 6,753 (+18151.35%)
Dumpsterfire"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Stars: ✭ 775 (+1994.59%)
GithubGitHub 漫游指南- a Chinese ebook on how to build a good project on Github. Explore the users' behavior. Find some thing interest.
Stars: ✭ 7,168 (+19272.97%)