Burp ExporterExporter is a Burp Suite extension to copy a request to the clipboard as multiple programming languages functions.
Stars: ✭ 122 (-27.81%)
EggshelliOS/macOS/Linux Remote Administration Tool
Stars: ✭ 1,286 (+660.95%)
BrakemanA static analysis security vulnerability scanner for Ruby on Rails applications
Stars: ✭ 6,281 (+3616.57%)
Eyes.shLet's you perform domain/IP information gathering... in BASH! Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?"
Stars: ✭ 89 (-47.34%)
DiamorphineLKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)
Stars: ✭ 725 (+328.99%)
InqlInQL - A Burp Extension for GraphQL Security Testing
Stars: ✭ 715 (+323.08%)
Burpsuite XkeysA Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.
Stars: ✭ 144 (-14.79%)
Ssrf TestingSSRF (Server Side Request Forgery) testing resources
Stars: ✭ 1,718 (+916.57%)
Pentest NotesCollection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)
Stars: ✭ 89 (-47.34%)
Fail2banDaemon to ban hosts that cause multiple authentication errors
Stars: ✭ 6,677 (+3850.89%)
Envkey AppSecure, human-friendly, cross-platform secrets and config.
Stars: ✭ 83 (-50.89%)
Sentinel AttackTools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
Stars: ✭ 676 (+300%)
Privacy RespectingCurated List of Privacy Respecting Services and Software
Stars: ✭ 1,663 (+884.02%)
SpiderfootSpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
Stars: ✭ 6,882 (+3972.19%)
GitmailsAn information gathering tool to collect git commit emails in version control host services
Stars: ✭ 142 (-15.98%)
Sysmon ModularA repository of sysmon configuration modules
Stars: ✭ 1,229 (+627.22%)
NosqliNoSql Injection CLI tool, for finding vulnerable websites using MongoDB.
Stars: ✭ 120 (-28.99%)
Security ListPenetrum LLC opensource security tool list.
Stars: ✭ 619 (+266.27%)
ContentSecurity automation content in SCAP, OSCAL, Bash, Ansible, and other formats
Stars: ✭ 1,219 (+621.3%)
Embaemba - An analyzer for Linux-based firmware of embedded devices.
Stars: ✭ 607 (+259.17%)
DnsbinThe request.bin of DNS request
Stars: ✭ 157 (-7.1%)
Git HoundReconnaissance tool for GitHub code search. Finds exposed API keys using pattern matching, commit history searching, and a unique result scoring system.
Stars: ✭ 602 (+256.21%)
Ldap searchPython3 script to perform LDAP queries and enumerate users, groups, and computers from Windows Domains. Ldap_Search can also perform brute force/password spraying to identify valid accounts via LDAP.
Stars: ✭ 78 (-53.85%)
Terraform Aws Secure BaselineTerraform module to set up your AWS account with the secure baseline configuration based on CIS Amazon Web Services Foundations and AWS Foundational Security Best Practices.
Stars: ✭ 596 (+252.66%)
MonkeyInfection Monkey - An automated pentest tool
Stars: ✭ 5,572 (+3197.04%)
IosMost usable tools for iOS penetration testing
Stars: ✭ 563 (+233.14%)
BbrAn open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.
Stars: ✭ 142 (-15.98%)
Jsprimea javascript static security analysis tool
Stars: ✭ 556 (+228.99%)
SojoboA binary analysis framework
Stars: ✭ 116 (-31.36%)
BigbountyreconBigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
Stars: ✭ 541 (+220.12%)
NotrulerThe opposite of Ruler, provides blue teams with the ability to detect Ruler usage against Exchange.
Stars: ✭ 72 (-57.4%)
SkyarkSkyArk helps to discover, assess and secure the most privileged entities in Azure and AWS
Stars: ✭ 526 (+211.24%)
MinesweeperA Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Stars: ✭ 162 (-4.14%)
Dexcalibur[Official] Android reverse engineering tool focused on dynamic instrumentation automation. Powered by Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform.
Stars: ✭ 512 (+202.96%)
Cloudflair🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.
Stars: ✭ 1,176 (+595.86%)
Dns DiscoveryDNS-Discovery is a multithreaded subdomain bruteforcer.
Stars: ✭ 114 (-32.54%)
Viewfinderjs📷 ViewFinder - NodeJS product to make the browser into a web app. WTF RBI. CBII. Remote browser isolation, embeddable browserview, secure chrome saas. Licenses, managed, self-hosted. Like S2, WebGap, Bromium, Authentic8, Menlo Security and Broadcom, but open source with free live demos available now! Also, integrated RBI/CDR with CDR from https://github.com/dosyago/p2%2e
Stars: ✭ 1,175 (+595.27%)
PattonThe clever vulnerability dependency finder
Stars: ✭ 87 (-48.52%)
Gg ShieldDetect secret in source code, scan your repo for leaks. Find secrets with GitGuardian and prevent leaked credentials. GitGuardian is an automated secrets detection & remediation service.
Stars: ✭ 708 (+318.93%)
WeirdaalWeirdAAL (AWS Attack Library)
Stars: ✭ 503 (+197.63%)
Netsec Ps ScriptsCollection of PowerShell network security scripts for system administrators.
Stars: ✭ 139 (-17.75%)
PurifyAll-in-one tool for managing vulnerability reports from AppSec pipelines
Stars: ✭ 72 (-57.4%)
Thc ArchiveAll releases of the security research group (a.k.a. hackers) The Hacker's Choice
Stars: ✭ 474 (+180.47%)
Bag Of HoldingAn application to assist in the organization and prioritization of software security activities.
Stars: ✭ 114 (-32.54%)
StacoanStaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.
Stars: ✭ 707 (+318.34%)
In Spectre MeltdownThis tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in
Stars: ✭ 86 (-49.11%)
HardeningHardening Ubuntu. Systemd edition.
Stars: ✭ 705 (+317.16%)
R0akr0ak ("roak") is the Ring 0 Army Knife -- A Command Line Utility To Read/Write/Execute Ring Zero on for Windows 10 Systems
Stars: ✭ 698 (+313.02%)
Lockdoor Framework🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
Stars: ✭ 677 (+300.59%)
ServerscanServerScan一款使用Golang开发的高并发网络扫描、服务探测工具。
Stars: ✭ 674 (+298.82%)
SenvFriends don't let friends leak secrets on their terminal window 🙈
Stars: ✭ 71 (-57.99%)