GitgotSemi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.
Stars: ✭ 964 (+624.81%)
ApplicationinspectorA source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.
Stars: ✭ 3,873 (+2812.03%)
Flask UnsignCommand line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.
Stars: ✭ 90 (-32.33%)
Cerberus一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能
Stars: ✭ 389 (+192.48%)
XrayguiBuild A GUI For Xray,给Xray造一个GUI控制端。
Stars: ✭ 30 (-77.44%)
Nordvpn NetworkmanagerA CLI tool for automating the importing, securing and usage of NordVPN (and in the future, more) OpenVPN servers through NetworkManager.
Stars: ✭ 111 (-16.54%)
Bypass Firewalls By Dns HistoryFirewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.
Stars: ✭ 739 (+455.64%)
Fwanalyzera tool to analyze filesystem images for security
Stars: ✭ 382 (+187.22%)
CanaryCanary: Input Detection and Response
Stars: ✭ 29 (-78.2%)
PyupA tool to update your project's dependencies on GitHub. Runs on pyup.io, comes with a command line interface.
Stars: ✭ 379 (+184.96%)
Cve 2019 0604cve-2019-0604 SharePoint RCE exploit
Stars: ✭ 91 (-31.58%)
Zeek Plugin EnipZeek network security monitor plugin that enables parsing of the Ethernet/IP and Common Industrial Protocol standards
Stars: ✭ 27 (-79.7%)
Rustscan🤖 The Modern Port Scanner 🤖
Stars: ✭ 5,218 (+3823.31%)
AutoenumAutomatic Service Enumeration Script
Stars: ✭ 134 (+0.75%)
SipcheckSIPCheck is a tool that watch the authentication of users of Asterisk and bans automatically if some user (or bot) try to register o make calls using wrong passwords.
Stars: ✭ 20 (-84.96%)
W5Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台,无需编写代码的安全自动化,使用 SOAR 可以让团队工作更加高效
Stars: ✭ 367 (+175.94%)
Trackray溯光 (TrackRay) 3 beta⚡渗透测试框架(资产扫描|指纹识别|暴力破解|网页爬虫|端口扫描|漏洞扫描|代码审计|AWVS|NMAP|Metasploit|SQLMap)
Stars: ✭ 1,295 (+873.68%)
K8toolsK8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)
Stars: ✭ 4,173 (+3037.59%)
FilterbypassBrowser's XSS Filter Bypass Cheat Sheet
Stars: ✭ 884 (+564.66%)
UnsignRemove code signatures from OSX Mach-O binaries (note: unsigned binaries cannot currently be re-codesign'ed. Patches welcome!)
Stars: ✭ 362 (+172.18%)
SyswallWork in progress firewall for Linux syscalls, written in Rust
Stars: ✭ 110 (-17.29%)
ThreatmapperIdentify vulnerabilities in running containers, images, hosts and repositories
Stars: ✭ 361 (+171.43%)
TaipanWeb application vulnerability scanner
Stars: ✭ 359 (+169.92%)
Pentest NotesCollection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)
Stars: ✭ 89 (-33.08%)
BluespawnAn Active Defense and EDR software to empower Blue Teams
Stars: ✭ 737 (+454.14%)
KatanaA Python Tool For google Hacking
Stars: ✭ 355 (+166.92%)
PurplecloudAn Infrastructure as Code (IaC) deployment of a small Active Directory pentest lab in the cloud. The deployment simulates a semi-realistic corporate enterprise Active Directory with a DC and endpoints. Purple team goals include blue team detection capabilities and R&D for detection engineering new approaches.
Stars: ✭ 122 (-8.27%)
Impost3r👻Impost3r -- A linux password thief
Stars: ✭ 355 (+166.92%)
Golang TlsSimple Golang HTTPS/TLS Examples
Stars: ✭ 857 (+544.36%)
Dnsbrutea fast domain brute tool
Stars: ✭ 352 (+164.66%)
PattonThe clever vulnerability dependency finder
Stars: ✭ 87 (-34.59%)
PatrowldocsPatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Stars: ✭ 105 (-21.05%)
Ioc ExplorerExplore Indicators of Compromise Automatically
Stars: ✭ 73 (-45.11%)
Pwn jenkinsNotes about attacking Jenkins servers
Stars: ✭ 841 (+532.33%)
SuperSecure, Unified, Powerful and Extensible Rust Android Analyzer
Stars: ✭ 340 (+155.64%)
VulrecVulnerability Recurrence:漏洞复现记录
Stars: ✭ 109 (-18.05%)
Dotenv sekretsSeamlessly encrypt/decrypt/edit your rails Dotenv files with the help of the Sekrets gem
Stars: ✭ 25 (-81.2%)
Ssh Mitmssh mitm server for security audits supporting public key authentication, session hijacking and file manipulation
Stars: ✭ 335 (+151.88%)
GtfoSearch gtfobins and lolbas files from your terminal
Stars: ✭ 336 (+152.63%)
CspThe Cyber Security Platform MeliCERTes is part of the European Strategy for Cyber Security. MeliCERTes is a network for establishing confidence and trust among the national Computer Security Incident Response Teams (CSIRTs) of the Member States and for promoting swift and effective operational cooperation.
Stars: ✭ 23 (-82.71%)
Black Hat RustApplied offensive security with Rust - Early access - https://academy.kerkour.com/black-hat-rust?coupon=GITHUB
Stars: ✭ 331 (+148.87%)
Awesome InfosecA curated list of awesome infosec courses and training resources.
Stars: ✭ 3,779 (+2741.35%)
KauditAlcide Kubernetes Audit Log Analyzer - Alcide kAudit
Stars: ✭ 23 (-82.71%)
Envkey AppSecure, human-friendly, cross-platform secrets and config.
Stars: ✭ 83 (-37.59%)
NotrulerThe opposite of Ruler, provides blue teams with the ability to detect Ruler usage against Exchange.
Stars: ✭ 72 (-45.86%)
BrakemanA static analysis security vulnerability scanner for Ruby on Rails applications
Stars: ✭ 6,281 (+4622.56%)
NosqliNoSql Injection CLI tool, for finding vulnerable websites using MongoDB.
Stars: ✭ 120 (-9.77%)
ExploitpackExploit Pack -The next generation exploit framework
Stars: ✭ 728 (+447.37%)
InqlInQL - A Burp Extension for GraphQL Security Testing
Stars: ✭ 715 (+437.59%)
Fail2banDaemon to ban hosts that cause multiple authentication errors
Stars: ✭ 6,677 (+4920.3%)
Cloudflair🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.
Stars: ✭ 1,176 (+784.21%)