2308 Open source projects that are alternatives of or similar to Holisticinfosec For Webdevelopers Fascicle0

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

🔐 Docker Container for Penetration Testing & Security

The DevSecOps toolset for REST APIs

Hacking Toolkit

A Blazing fast Security Auditing tool for Kubernetes

Web application vulnerability scanner

🎯 XML External Entity (XXE) Injection Payload List

kube-scan: Octarine k8s cluster risk assessment tool

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

Agile Threat Modeling Toolkit

All-in-one tool for managing vulnerability reports from AppSec pipelines

This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

A collected list of awesome security talks

Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.

Writeups for infosec Capture the Flag events by team Galaxians

IT, Programming & Computer science books

📕 국내 개발 도서 리스트

Collection of IT whitepapers, presentations, pdfs; hacking, web app security, db, reverse engineering and more; EN/PL.

Identify vulnerabilities in running containers, images, hosts and repositories

《数据结构（Python语言描述）》"Fundamentals of Python:Data Structures" 电子书和配套代码

Ansible and Kubernetes examples from Ansible for Kubernetes Book

An Arch Linux repository for security professionals and enthusiasts. Done the Arch Way and optimized for i686, x86_64, ARMv6, ARMv7 and ARMv8.

Quack Toolkit is a set of tools to provide denial of service attacks. Quack Toolkit includes SMS attack tool, HTTP attack tool and many other attack tools.

Azure DevOps Extension for Azure CLI

Knowledge seeks no man

🎯 PHP / ASP - Shell Backdoor List 🎯

network reconnaissance toolkit

DevOps methodology & roadmap for a devops developer in 2019. Interesting books to learn new technologies.

Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台，无需编写代码的安全自动化，使用 SOAR 可以让团队工作更加高效

Extract endpoints from APK files

Dradis Framework: Colllaboration and reporting for IT Security teams

Ansible for DevOps examples.

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

Learn and understand Docker technologies, with real DevOps practice!

Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.

Idiomatic nmap library for go developers

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

Pentest Report Generator

Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.

🔎Searches Hash APIs to crack your hash quickly🔎 If hash is not found, automatically pipes into HashCat⚡

secureCodeBox (SCB) - continuous secure delivery out of the box

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

🔗 Don't know what type of hash it is? Name That Hash will name that hash type! 🤖 Identify MD5, SHA256 and 3000+ other hashes ☄ Comes with a neat web app 🔥

做redteam时使用，修改自Ridter的https://github.com/Ridter/Intranet_Penetration_Tips

This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.

Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

Damn Vulnerable Web Application (DVWA)

Code repository for Node.js Design Patterns Second Edition, published by Packt

Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework

🎯 SQL Injection Payload List

A collection of more than 140+ tools, scripts, cheatsheets and other loots that I have developed over years for Red Teaming/Pentesting/IT Security audits purposes. Most of them came handy on at least one of my real-world engagements.

Web path scanner

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

People tracker on the Internet: OSINT analysis and research tool by Jose Pino

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

GitHub 漫游指南- a Chinese ebook on how to build a good project on Github. Explore the users' behavior. Find some thing interest.