Awesome Shodan Queries🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
Stars: ✭ 2,758 (+7561.11%)
ChangemeA default credential scanner.
Stars: ✭ 928 (+2477.78%)
Doublepulsar Detection ScriptA python2 script for sweeping a network to find windows systems compromised with the DOUBLEPULSAR implant.
Stars: ✭ 977 (+2613.89%)
WsltoolsWeb Scan Lazy Tools - Python Package
Stars: ✭ 288 (+700%)
CheckmyhttpsWe propose a user-friendly add-on that allows you to check if your encrypted web traffic (SSL/TLS) towards secured Internet servers (HTTPS) is not intercepted (being listened to).
Stars: ✭ 35 (-2.78%)
Security ScriptsA collection of security related Python and Bash shell scripts. Analyze hosts on generic security vulnerabilities. Wrapper around popular tools like nmap (portscanner), nikto (webscanner) and testssl.sh (SSL/TLS scanner)
Stars: ✭ 188 (+422.22%)
Golang TlsSimple Golang HTTPS/TLS Examples
Stars: ✭ 857 (+2280.56%)
IsthislegitDashboard to collect, analyze, and respond to reported phishing emails.
Stars: ✭ 251 (+597.22%)
Rapidscan🆕 The Multi-Tool Web Vulnerability Scanner.
Stars: ✭ 775 (+2052.78%)
Deimosc2DeimosC2 is a Golang command and control framework for post-exploitation.
Stars: ✭ 423 (+1075%)
EvilscanNodeJS Simple Network Scanner
Stars: ✭ 428 (+1088.89%)
PatrowlenginesPatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Stars: ✭ 162 (+350%)
MinesweeperA Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Stars: ✭ 162 (+350%)
CrithitTakes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Stars: ✭ 182 (+405.56%)
SmogcloudFind cloud assets that no one wants exposed 🔎 ☁️
Stars: ✭ 168 (+366.67%)
KubestrikerA Blazing fast Security Auditing tool for Kubernetes
Stars: ✭ 213 (+491.67%)
CobraSource Code Security Audit (源代码安全审计)
Stars: ✭ 2,802 (+7683.33%)
Traitor⬆️ ☠️ Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, polkit, docker socket
Stars: ✭ 3,473 (+9547.22%)
Ladon大型内网渗透扫描器&Cobalt Strike,Ladon8.9内置120个模块,包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2,密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem,Poc/Exploit,支持Cobalt Strike 3.X-4.0
Stars: ✭ 2,911 (+7986.11%)
TaipanWeb application vulnerability scanner
Stars: ✭ 359 (+897.22%)
PatrowlmanagerPatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
Stars: ✭ 363 (+908.33%)
Dumpsterfire"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Stars: ✭ 775 (+2052.78%)
Race The WebTests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.
Stars: ✭ 385 (+969.44%)
IosMost usable tools for iOS penetration testing
Stars: ✭ 563 (+1463.89%)
Kube Scankube-scan: Octarine k8s cluster risk assessment tool
Stars: ✭ 566 (+1472.22%)
SpiderfootSpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
Stars: ✭ 6,882 (+19016.67%)
NetpwnTool made to automate tasks of pentesting.
Stars: ✭ 152 (+322.22%)
ReconnoitreA security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
Stars: ✭ 1,824 (+4966.67%)
XattackerX Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter
Stars: ✭ 897 (+2391.67%)
GsilGitHub Sensitive Information Leakage(GitHub敏感信息泄露监控)
Stars: ✭ 1,764 (+4800%)
StegcloakHide secrets with invisible characters in plain text securely using passwords 🧙🏻♂️⭐
Stars: ✭ 2,379 (+6508.33%)
Vulny Code Static AnalysisPython script to detect vulnerabilities inside PHP source code using static analysis, based on regex
Stars: ✭ 207 (+475%)
PbscanFaster and more efficient stateless SYN scanner and banner grabber due to userland TCP/IP stack usage.
Stars: ✭ 122 (+238.89%)
CameradarCameradar hacks its way into RTSP videosurveillance cameras
Stars: ✭ 2,775 (+7608.33%)
InsiderStatic Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).
Stars: ✭ 216 (+500%)
RenginereNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…
Stars: ✭ 3,439 (+9452.78%)
Salt ScannerLinux vulnerability scanner based on Salt Open and Vulners audit API, with Slack notifications and JIRA integration
Stars: ✭ 261 (+625%)
KraneKubernetes RBAC static Analysis & visualisation tool
Stars: ✭ 254 (+605.56%)
BanditBandit is a tool designed to find common security issues in Python code.
Stars: ✭ 3,763 (+10352.78%)
NosqliNoSql Injection CLI tool, for finding vulnerable websites using MongoDB.
Stars: ✭ 120 (+233.33%)
OssaOpen-Source Security Architecture | 开源安全架构
Stars: ✭ 796 (+2111.11%)
SuperSecure, Unified, Powerful and Extensible Rust Android Analyzer
Stars: ✭ 340 (+844.44%)
EsdEnumeration sub domains(枚举子域名)
Stars: ✭ 785 (+2080.56%)
ApplicationinspectorA source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.
Stars: ✭ 3,873 (+10658.33%)
BurpaBurp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).
Stars: ✭ 427 (+1086.11%)
Jsprimea javascript static security analysis tool
Stars: ✭ 556 (+1444.44%)
YasuoA ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network
Stars: ✭ 517 (+1336.11%)
Security ToolsCollection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.
Stars: ✭ 509 (+1313.89%)
PatrowldocsPatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Stars: ✭ 105 (+191.67%)
Backfuzzprotocol fuzzing toolkit
Stars: ✭ 106 (+194.44%)
H2csmugglerHTTP Request Smuggling over HTTP/2 Cleartext (h2c)
Stars: ✭ 292 (+711.11%)
SalusSecurity scanner coordinator
Stars: ✭ 441 (+1125%)
InqlInQL - A Burp Extension for GraphQL Security Testing
Stars: ✭ 715 (+1886.11%)
GitgotSemi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.
Stars: ✭ 964 (+2577.78%)