Jok3rJok3r v3 BETA 2 - Network and Web Pentest Automation Framework
Stars: ✭ 645 (-8.77%)
PhanPhan is a static analyzer for PHP. Phan prefers to avoid false-positives and attempts to prove incorrectness rather than correctness.
Stars: ✭ 5,194 (+634.65%)
SalusSecurity scanner coordinator
Stars: ✭ 441 (-37.62%)
SpoofcheckSimple script that checks a domain for email protections
Stars: ✭ 437 (-38.19%)
Kube Scankube-scan: Octarine k8s cluster risk assessment tool
Stars: ✭ 566 (-19.94%)
Cookie crimesRead local Chrome cookies without root or decrypting
Stars: ✭ 434 (-38.61%)
RedcloudAutomated Red Team Infrastructure deployement using Docker
Stars: ✭ 551 (-22.07%)
BurpaBurp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).
Stars: ✭ 427 (-39.6%)
IosMost usable tools for iOS penetration testing
Stars: ✭ 563 (-20.37%)
MetabigorIntelligence tool but without API key
Stars: ✭ 424 (-40.03%)
Standard🌟 JavaScript Style Guide, with linter & automatic code fixer
Stars: ✭ 26,433 (+3638.76%)
EvilscanNodeJS Simple Network Scanner
Stars: ✭ 428 (-39.46%)
Jsprimea javascript static security analysis tool
Stars: ✭ 556 (-21.36%)
SouffleSoufflé is a variant of Datalog for tool designers crafting analyses in Horn clauses. Soufflé synthesizes a native parallel C++ program from a logic specification.
Stars: ✭ 426 (-39.75%)
Security Code ScanVulnerability Patterns Detector for C# and VB.NET
Stars: ✭ 550 (-22.21%)
Sentinel AttackTools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
Stars: ✭ 676 (-4.38%)
SteadyAnalyses your Java and Python applications for open-source dependencies with known vulnerabilities, using both static analysis and testing to determine code context and usage for greater accuracy. https://eclipse.github.io/steady/
Stars: ✭ 423 (-40.17%)
Security ListPenetrum LLC opensource security tool list.
Stars: ✭ 619 (-12.45%)
PayloadsallthethingsA list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 32,909 (+4554.74%)
Deimosc2DeimosC2 is a Golang command and control framework for post-exploitation.
Stars: ✭ 423 (-40.17%)
Preallocprealloc is a Go static analysis tool to find slice declarations that could potentially be preallocated.
Stars: ✭ 419 (-40.74%)
Pep8speaksA GitHub app to automatically review Python code style over Pull Requests
Stars: ✭ 546 (-22.77%)
0xsp Mongoosea unique framework for cybersecurity simulation and red teaming operations, windows auditing for newer vulnerabilities, misconfigurations and privilege escalations attacks, replicate the tactics and techniques of an advanced adversary in a network.
Stars: ✭ 419 (-40.74%)
OtsecaOpen source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.
Stars: ✭ 416 (-41.16%)
Embaemba - An analyzer for Linux-based firmware of embedded devices.
Stars: ✭ 607 (-14.14%)
BlackmambaC2/post-exploitation framework
Stars: ✭ 544 (-23.06%)
EyeballerConvolutional neural network for analyzing pentest screenshots
Stars: ✭ 416 (-41.16%)
CyphonOpen source incident management and response platform.
Stars: ✭ 543 (-23.2%)
Xss Listener🕷️ XSS Listener is a penetration tool for easy to steal data with various XSS.
Stars: ✭ 414 (-41.44%)
HellraiserVulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.
Stars: ✭ 413 (-41.58%)
R0akr0ak ("roak") is the Ring 0 Army Knife -- A Command Line Utility To Read/Write/Execute Ring Zero on for Windows 10 Systems
Stars: ✭ 698 (-1.27%)
DomainedMulti Tool Subdomain Enumeration
Stars: ✭ 688 (-2.69%)
SwiftnessxA cross-platform note-taking & target-tracking app for penetration testers.
Stars: ✭ 673 (-4.81%)
SuboverA Powerful Subdomain Takeover Tool
Stars: ✭ 607 (-14.14%)
BigbountyreconBigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
Stars: ✭ 541 (-23.48%)
PacketwhisperPacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.
Stars: ✭ 405 (-42.72%)
Php Parser🌿 NodeJS PHP Parser - extract AST or tokens (PHP5 and PHP7)
Stars: ✭ 400 (-43.42%)
SipviciousSIPVicious OSS is a set of security tools that can be used to audit SIP based VoIP systems.
Stars: ✭ 541 (-23.48%)
TelemetrysourcererEnumerate and disable common sources of telemetry used by AV/EDR.
Stars: ✭ 400 (-43.42%)
Assessment MindsetSecurity Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.
Stars: ✭ 608 (-14%)
Learn365This repo is about @harshbothra_ 365 days of learning Tweet & Mindmap collection
Stars: ✭ 525 (-25.74%)
HuskyciPerforming security tests inside your CI
Stars: ✭ 398 (-43.71%)
Top25 ParameterFor basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙
Stars: ✭ 388 (-45.12%)
SkyarkSkyArk helps to discover, assess and secure the most privileged entities in Azure and AWS
Stars: ✭ 526 (-25.6%)
WalaT.J. Watson Libraries for Analysis
Stars: ✭ 395 (-44.13%)
DnsgenGenerates combination of domain names from the provided input.
Stars: ✭ 389 (-44.98%)
Articles Translator📚Translate the distinct technical blogs. Please star or watch. Welcome to join me.
Stars: ✭ 606 (-14.29%)
Phpcs Security Auditphpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code
Stars: ✭ 525 (-25.74%)
ApplicationinspectorA source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.
Stars: ✭ 3,873 (+447.81%)
Cerberus一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能
Stars: ✭ 389 (-44.98%)
Race The WebTests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.
Stars: ✭ 385 (-45.54%)
EngineDroidefense: Advance Android Malware Analysis Framework
Stars: ✭ 386 (-45.4%)
Npq🎖safely* install packages with npm or yarn by auditing them as part of your install process
Stars: ✭ 513 (-27.44%)