Terraform Aws Secure BaselineTerraform module to set up your AWS account with the secure baseline configuration based on CIS Amazon Web Services Foundations and AWS Foundational Security Best Practices.
Stars: ✭ 596 (+177.21%)
Flask UnsignCommand line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.
Stars: ✭ 90 (-58.14%)
MonkeyInfection Monkey - An automated pentest tool
Stars: ✭ 5,572 (+2491.63%)
ReconnoitreA security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
Stars: ✭ 1,824 (+748.37%)
IosMost usable tools for iOS penetration testing
Stars: ✭ 563 (+161.86%)
Pentest NotesCollection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)
Stars: ✭ 89 (-58.6%)
CyphonOpen source incident management and response platform.
Stars: ✭ 543 (+152.56%)
Jsprimea javascript static security analysis tool
Stars: ✭ 556 (+158.6%)
SkyarkSkyArk helps to discover, assess and secure the most privileged entities in Azure and AWS
Stars: ✭ 526 (+144.65%)
ApisecuritybestpracticesResources to help you keep secrets (API keys, database credentials, certificates, ...) out of source code and remediate the issue in case of a leaked API key. Made available by GitGuardian.
Stars: ✭ 1,745 (+711.63%)
Npq🎖safely* install packages with npm or yarn by auditing them as part of your install process
Stars: ✭ 513 (+138.6%)
Vxscanpython3写的综合扫描工具,主要用来存活验证,敏感文件探测(目录扫描/js泄露接口/html注释泄露),WAF/CDN识别,端口扫描,指纹/服务识别,操作系统识别,POC扫描,SQL注入,绕过CDN,查询旁站等功能,主要用来甲方自测或乙方授权测试,请勿用来搞破坏。
Stars: ✭ 1,244 (+478.6%)
SmogcloudFind cloud assets that no one wants exposed 🔎 ☁️
Stars: ✭ 168 (-21.86%)
Stowaway👻Stowaway -- Multi-hop Proxy Tool for pentesters
Stars: ✭ 500 (+132.56%)
Pentesting CookbookA set of recipes useful in pentesting and red teaming scenarios
Stars: ✭ 82 (-61.86%)
O365sprayUsername enumeration and password spraying tool aimed at Microsoft O365.
Stars: ✭ 133 (-38.14%)
DronesploitDrone pentesting framework console
Stars: ✭ 473 (+120%)
ContentSecurity automation content in SCAP, OSCAL, Bash, Ansible, and other formats
Stars: ✭ 1,219 (+466.98%)
AutosploitAutomated Mass Exploiter
Stars: ✭ 4,500 (+1993.02%)
RevshellgenReverse shell generator written in Python 3.
Stars: ✭ 190 (-11.63%)
TracyA tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.
Stars: ✭ 464 (+115.81%)
Radio HackboxPoC tool to demonstrate vulnerabilities in wireless input devices
Stars: ✭ 74 (-65.58%)
SalusSecurity scanner coordinator
Stars: ✭ 441 (+105.12%)
GsilGitHub Sensitive Information Leakage(GitHub敏感信息泄露监控)
Stars: ✭ 1,764 (+720.47%)
SpoofcheckSimple script that checks a domain for email protections
Stars: ✭ 437 (+103.26%)
Nrf24 PlaysetSoftware tools for Nordic Semiconductor nRF24-based devices like wireless keyboards, mice, and presenters
Stars: ✭ 73 (-66.05%)
Cookie crimesRead local Chrome cookies without root or decrypting
Stars: ✭ 434 (+101.86%)
Rastrea2rCollecting & Hunting for IOCs with gusto and style
Stars: ✭ 169 (-21.4%)
GosecGolang security checker
Stars: ✭ 5,694 (+2548.37%)
Ioc ExplorerExplore Indicators of Compromise Automatically
Stars: ✭ 73 (-66.05%)
Appinfoscanner一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具,可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如:Title、Domain、CDN、指纹信息、状态信息等。
Stars: ✭ 424 (+97.21%)
JwtxploiterA tool to test security of json web token
Stars: ✭ 130 (-39.53%)
ChroniclePublic append-only ledger microservice built with Slim Framework
Stars: ✭ 429 (+99.53%)
SteadyAnalyses your Java and Python applications for open-source dependencies with known vulnerabilities, using both static analysis and testing to determine code context and usage for greater accuracy. https://eclipse.github.io/steady/
Stars: ✭ 423 (+96.74%)
FdsploitFile Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
Stars: ✭ 199 (-7.44%)
0xsp Mongoosea unique framework for cybersecurity simulation and red teaming operations, windows auditing for newer vulnerabilities, misconfigurations and privilege escalations attacks, replicate the tactics and techniques of an advanced adversary in a network.
Stars: ✭ 419 (+94.88%)
Viewfinderjs📷 ViewFinder - NodeJS product to make the browser into a web app. WTF RBI. CBII. Remote browser isolation, embeddable browserview, secure chrome saas. Licenses, managed, self-hosted. Like S2, WebGap, Bromium, Authentic8, Menlo Security and Broadcom, but open source with free live demos available now! Also, integrated RBI/CDR with CDR from https://github.com/dosyago/p2%2e
Stars: ✭ 1,175 (+446.51%)
EyeballerConvolutional neural network for analyzing pentest screenshots
Stars: ✭ 416 (+93.49%)
Awesome Mobile SecurityAn effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
Stars: ✭ 1,837 (+754.42%)
HellraiserVulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.
Stars: ✭ 413 (+92.09%)
PurifyAll-in-one tool for managing vulnerability reports from AppSec pipelines
Stars: ✭ 72 (-66.51%)
TelemetrysourcererEnumerate and disable common sources of telemetry used by AV/EDR.
Stars: ✭ 400 (+86.05%)
AndroidlibraryAndroid library to reveal or obfuscate strings and assets at runtime
Stars: ✭ 162 (-24.65%)
HuskyciPerforming security tests inside your CI
Stars: ✭ 398 (+85.12%)
SenvFriends don't let friends leak secrets on their terminal window 🙈
Stars: ✭ 71 (-66.98%)
Cerberus一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能
Stars: ✭ 389 (+80.93%)
SwiftnessA note-taking macOS app for penetration-testers.
Stars: ✭ 124 (-42.33%)
Vulny Code Static AnalysisPython script to detect vulnerabilities inside PHP source code using static analysis, based on regex
Stars: ✭ 207 (-3.72%)
Zbn安全编排与自动化响应平台
Stars: ✭ 201 (-6.51%)
Fudgec2FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.
Stars: ✭ 191 (-11.16%)
Tools TbhmTools of "The Bug Hunters Methodology V2 by @jhaddix"
Stars: ✭ 171 (-20.47%)
EncpipeThe dum^H^H^Hsimplest encryption tool in the world.
Stars: ✭ 135 (-37.21%)
PattonThe clever vulnerability dependency finder
Stars: ✭ 87 (-59.53%)
BlackmambaC2/post-exploitation framework
Stars: ✭ 544 (+153.02%)