安全工具汇总
engine: Droidefense: Advance Android Malware Analysis Framework
react-cool-starter: 😎 🐣 A starter boilerplate for a universal web app with the best development experience and a focus on performance and best practices.
howtheysre: A curated collection of publicly available resources on how technology and tech-savvy organizations around the world practice Site Reliability Engineering (SRE)
1earn: ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
pocassist: 全新的漏洞测试框架,支持poc在线编辑、运行、批量测试。使用文档:
how-to-secure-anything: How to systematically secure anything: a repository about security engineering
wireguard-manager: ✔️ wireguard-manager enables you to create and manage your own vpn under a minute.
my-arsenal-of-aws-security-tools: List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
occlude: C++ TLS 1.3 library
easy-wg-quick: Creates Wireguard configuration for hub and peers with ease
cap-std: Capability-oriented version of the Rust standard library
hardentools: Hardentools simply reduces the attack surface on Microsoft Windows computers by disabling low-hanging fruit risky features.
DVWA: Damn Vulnerable Web Application (DVWA)
user.js: user.js -- Firefox configuration hardening
Crypto-NFT-Drainer: 🌊 ALL ETH + ERC20 TOKENS + ALL NFTS DRAINER
jsh.php: Terminal like php shell (PHP web terminal emulator)
JoomlaCVE20168869: Exploit for Joomla 3.4.4 - 3.6.4 (CVE-2016-8869 and CVE-2016-8870)
pwn-writeups: CTF pwn problem writeup
nacs: 事件驱动的渗透测试扫描器 Event-driven pentest scanner
FUDforum-XSS-RCE: FUDForum 3.0.9 - XSS / Remote Code Execution (CVE-2019-18873, CVE-2019-18839)
photovision_tv_function_unlocker: Photovision TV 202HW 機能制限解除ツールです。
traitor: ⬆️ ☠️ 🔥 Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
bugradar: Advanced external automation on bug bounty programs by running the best set of tools to perform scanning and finding out vulnerabilities.
netelf: Run executables from memory, over the network, on Windows, Linux, OpenVMS... routers... spaceships... toasters etc.
karton-config-extractor: Static configuration extractor for the Karton framework
laravel-littlegatekeeper: Protect pages from access with a universal username/password
expcamera: Exploit Netwave and GoAhead IP Camera
aiodnsbrute: Python 3.5+ DNS asynchronous brute force utility
BruteSploit: BruteSploit is a collection of method for automated Generate, Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation,combine,transform and permutation some words or file text :p
docker-workspaces: Protecting my data and client's data, by running day-to-day apps inside Docker containers
OWASP-Web-Checklist: OWASP Web Application Security Testing Checklist
osv.net: A .NET library for Open Source Vulnerabilities (OSV) schema and API client.
CVE-2021-3560: Script en python sobre la vulnerabilidad CVE-2021-3560
sylkie: IPv6 address spoofing with the Neighbor Discovery Protocol
ReadWriteDriver: A kernel driver for reading and writing memory
TwoFactorAuth: PHP library for Two Factor Authentication (TFA / 2FA)
Network_Security_Spring_2018: Network Security Spring 2018 Lectured by S.P. Shieh @CS NCTU Taiwan
uptux: Linux privilege escalation checks (systemd, dbus, socket fun, etc)
edoardottt: Hey! I'm edoardottt! 🏴☠️👹
vulncontrol: Python script for monitoring www.cvedetails.com vulnerabilities database
dotdotpwn: DotDotPwn - The Directory Traversal Fuzzer
CVE-2021-40101: Survey XSS combined with CSRF leads to Admin Account Takeover in Concrete5 8.5.4
termlock: TermLock is a shell script to lock your terminal. It traps signals and interrupts to block Ctrl+C , Ctrl+\ , Ctrl+Z , Ctrl+D, uses a hashed password and can log failed attempts. You may alias it as termlock or lock .
nagiosxi_rce-to-root: Nagios XI 5.5.6 Remote Code Execution and Privilege Escalation
ballcat: 😸一个快速开发脚手架,快速搭建企业级后台管理系统,并提供多种便捷starter进行功能扩展。主要功能包括前后台用户分离,菜单权限,数据权限,定时任务,访问日志,操作日志,异常日志,统一异常处理,XSS过滤,SQL防注入,国际化 等多种功能
poc-list: PoC List
docker_explorer: Scan DockerHub images that match a keyword to find secrets.
Keylogger-email: Esse é um programa que nós permite monitorar o teclado e tudo que for digitado. Todos os dados serão colocados em arquivo e enviados para um e-mail no horário no qual defini-lo.
Vulnerability_scanner
spring-boot: spring-boot 项目实践总结
personal-security-checklist: 🔒 A curated checklist of 300+ tips for protecting digital security and privacy in 2022
Ciphey: ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
Password_Strength: C++ program to check the strength of your password.
FuYao-Go: 自动化进行目标资产探测和安全漏洞扫描|适用于赏金活动、SRC活动、大规模使用、大范围使用|通过使用被动在线资源来发现网站的有效子域|通过强大且灵活的模板,模拟各种安全漏洞检查!Automate target asset detection and security vulnerability scanning | Suitable for bounty campaigns, SRC campaigns, mass usage, mass usage | Discover valid subdomains of websites by using passive online resources | Simulate various Security Vulnerability Check
cfn_nag: Linting tool for CloudFormation templates
docker-cloudsploit: dockerized-cloudsplot, CloudSploit is a security and configuration scanner that can detect hundreds of threats in your AWS account. Don't let a single misstep compromise your entire infrastructure.
Am-I-affected-by-Meltdown: Meltdown Exploit / Proof-of-concept / checks whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a.k.a MELTDOWN.
wargame: H@ck wargame with Django
top-attack-techniques: Top ATT&CK Techniques provides defenders with a systematic approach to prioritizing ATT&CK techniques.
Kuiper: Digital Forensics Investigation Platform
hashview-old: A web front-end for password cracking and analytics
dependency-confusion-exploit: a demonstration of how the dependency-confusion attack with npm works
HackingNews: O co chodzi w #hackingnews? W skrócie: wrzucam linki do ciekawych stron, które napotkam na swojej drodze. :)
Typhoon-Vulnerable-VM: Typhoon Vulnerable VM is a virtual machine bundled with several vulnerabilities that provides a laboratory environment for researchers looking into enhancing their skills in the field of Cyber Security.
Wifi-Hacking: Cyber Security Tool For Hacking Wireless Connections Using Built-In Kali Tools. Supports All Securities (WEP, WPS, WPA, WPA2/TKIP/IES)
KeyKatcher: KeyKatcher is a keylogger that records keystrokes made on a computer and sends to the E-Mail.
Mass-Shell-upload: Mass exploiter shell upload scanner tool
Epimetheus: Receive notifications/alerts on the most recent disclosed CVE's.
hacking-with-python: You guessed well, genius !! This tool is intended for the initiation to ethical hacking with python
jerseyctf-2022-challenges: JerseyCTF 2022
fuzzbench: FuzzBench - Fuzzer benchmarking as a service.
EzScript: Cyberpatriot born Windows hardening script. It serves as a way to get to baseline and can help specialists further secure the machine.
PentestTools: Awesome Pentest Tools Collection
Drupalgeddon2: Exploit for Drupal v7.x + v8.x (Drupalgeddon 2 / CVE-2018-7600 / SA-CORE-2018-002)
the-book-of-secret-knowledge: A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
beelzebub: A secure honeypot framework, extremely easy to configure by yaml 🚀
w2vcluster: word2vec & k-means cluster
jok3r: Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework
fpvs: Fast Python Vulnerability Scanner
NukeJndiLookupFromLog4j: Selection of ways to remove JndiLookup in now obsolete Minecraft versions, or versions that still have log4j < 2.10 and is unable to use -Dlog4j2.formatMsgNoLookups=true
hash-generator-: contains a bruteforcer wifi hacker an batch to exe converter contains a n verity of usefull tools in python and can be converted to exe by using pyinstaller
Ethical-Hacking: Repository for the challenges code of the M. Sc. course in Ethical Hacking
PacketWhisper: PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.
jfscan: JF⚡can - Super fast port scanning & service discovery using Masscan and Nmap. Scan large networks with Masscan and use Nmap's scripting abilities to discover information about services. Generate report.
vuln-web-apps: A curated list of vulnerable web applications.
SpoolSploit: A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.
Hemera: O Hemera é um Software voltado para o desenvolvimento de Phishings. Seu intuito é auxiliar nos estudos de segurança digital.
IntelOwl-ng: IntelOwl's Web Interface. Built with Angular 10.
latte: ☕ Latte: the safest & truly intuitive templates for PHP. Engine for those who want the most secure PHP sites.
Hacker-Playbook-Utility: A Python3 powered bash script written to slightly automate the tool installation process of the Hacker Playbook Book (http://thehackerplaybook.com).
iskan: Kubernetes Native, Runtime Container Image Scanning
CVE-2021-33766: ProxyToken (CVE-2021-33766) : An Authentication Bypass in Microsoft Exchange Server POC exploit
memrepl: Memory inspection REPL interface
omega: From Wordpress admin to pty automatically!
is-password-pwned: Check password against pwnedpasswords.com using k-anonimity model
psudohash: Password list generator that focuses on keywords mutated by commonly used password creation patterns
sinker: Sinker is a Python tool to automate the execution of dockerized container scanning security tools merging their findings into one report.
BHR_Labs: Black Hat Ruby book | Lab files | Buy the book https://www.amazon.com/dp/B08JHSF6GT
UnSAFE_Bank: Vulnerable Banking Suite
usbguard: USBGuard is a software framework for implementing USB device authorization policies (what kind of USB devices are authorized) as well as method of use policies (how a USB device may interact with the system)
exploit-CVE-2021-22204: Exploit for CVE-2021-22204 (ExifTool) - Arbitrary Code Execution
yara-parser: Tools for parsing rulesets using the exact grammar as YARA. Written in Go.
h4cker: This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.
TwitterX: Keeping Twitter for macOS alive with code injection
365: OSINT, Threat Hunting, Network and Web Recon, Discovery, Enumeration, Vulnerability Mapping, Exploitation, Reporting
hershell: Multiplatform reverse shell generator
HackVault: A container repository for my public web hacks!
Impost3r: 👻Impost3r -- A linux password thief
PoshDellDBUtil: It scans all computer in a given OU for the vulnerable dbutil_2_3.sys file and remove it.
wallet-tracker: Detect real scammers with Wallet-Tracker CLI from anywhere.
pod-lab: Programy z przedmiotu Podstawy Ochrony Danych.
capillary: Capillary is a library to simplify the sending of end-to-end encrypted push messages from Java-based application servers to Android clients.
Cloak: Cloak can backdoor any python script with some tricks.
h2csmuggler: HTTP Request Smuggling over HTTP/2 Cleartext (h2c)
tugarecon: Pentest: Subdomains enumeration tool for penetration testers.
DomainCAT: Domain Connectivity Analysis Tools to analyze aggregate connectivity patterns across a set of domains during security investigations
pingcastle: PingCastle - Get Active Directory Security at 80% in 20% of the time
SSLtest: SSL check through SSL Labs API
Penetration_Testing_POC: 渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
cloudfrunt: A tool for identifying misconfigured CloudFront domains
xsscan: A simple script to detect unescaped characters in a web application for e.g. Cross Site Scripting (XSS) attacks.
wikiprot: Repositorio de documentación y referencias relativas al mundo de la ciberseguridad, creado y mantenido por la Comunidad de ProtAAPP
Learn-Web-Hacking: Study Notes For Web Hacking / Web安全学习笔记
cs5331: NUS CS5331 Web Security
Struts2-045-Exp-CSharp: Development with C# WinForm. Just for study and programming excercises.
HikPwn: HikPwn, a simple scanner for Hikvision devices with basic vulnerability scanning capabilities written in Python 3.8.
tangalanga: Tangalanga: the Zoom conference scanner hacking tool
KeystrokeDynamicsSpoofer: A keystroke biometric spoofer created to test the strength of the strength of various keystoke dynamic based authentication systems
AutoPWN-Suite: AutoPWN Suite is a project for scanning vulnerabilities and exploiting systems automatically.
wikau: "What i know about you" é um site que demonstra tudo o que posso saber de você com um simples site com Javascript.
adguard-ps4-usersguide: 'Users Guide' via the help of AdGuard Home
taketv: TakeTV permite descubrir dispositivos de red DLNA/UPnP y ayuda a reproducir archivos multimedia en los televisores inteligentes desde nuestra terminal en Linux.
Open-Source-Security-Guide: Open Source Security Guide
CentosAuth: A .NET Authentication System written in C# & PHP
Markopy: Markov Model libraries, optimized for cracking-focused password generations.
CVE-2020-1337: CVE-2020-1337 a bypass of (PrintDemon) CVE-2020-1048’s patch
resolvers: The most exhaustive list of reliable DNS resolvers.
skf-flask: Security Knowledge Framework (SKF) Python Flask / Angular project
THC-Archive: All releases of the security research group (a.k.a. hackers) The Hacker's Choice
scan-action: Inline Image Scan Github Action
sf-ip-noipv6: sf-ip-noipv6 extension disables IPv6 connectivity at various levels..
VulnHub: Code and material from VulnHub. VulnHub provides materials allowing anyone to gain practical hands-on experience with digital security, computer applications and network administration tasks.
Oblivion: Data leak checker & OSINT Tool
felix: Project Calico's per-host agent Felix, responsible for programming routes and security policy.
MD5_Hash_crack: Hashed MD5(message digest algorithm 5) passwords are cracked to reveal the real keylog.
SecTools: List of tools for SecDevOps, vulnerability analysis, network scanning
NTS_LAB1-2-3_CYBER: CYBER - LAB 1-2-3 - S1 - NTS - EPITA
bugbounty-cheatsheet: A list of interesting payloads, tips and tricks for bug bounty hunters.
CVE-List-Public-Exploits: Exploits for various CVEs
SAP_vulnerabilities: DoS PoC's for SAP products
checkmyhttps: We propose a user-friendly add-on that allows you to check if your encrypted web traffic (SSL/TLS) towards secured Internet servers (HTTPS) is not intercepted (being listened to).
r3con: Multi-functional Web Recon & Vulnerability Scanner Tool
Tomcat-webshell-application: A webshell application and interactive shell for pentesting Apache Tomcat servers.
nfcgate: An NFC research toolkit application for Android
CamHell: Ingenic T10 IP camera crawler
imap-honey: IMAP or SMTP honeypot written in Golang
ipmiPwner: Exploit to dump ipmi hashes
drozer-modules
Cypher-MINITOOL: Cypher-Multitool is a 'Hacking' Multitool written by me in Batch, don't steal the source code :). It's a MINI version of it, the MEGA version is coming out soon...
docker-rekall: Rekall Dockerfile
ssh-mitm: ssh mitm server for security audits supporting public key authentication, session hijacking and file manipulation
exploit-CVE-2016-10033: PHPMailer < 5.2.18 Remote Code Execution exploit and vulnerable container
django-DefectDojo: DefectDojo is a DevSecOps and vulnerability management tool.
Mega-Bot: [NEW] : Mega Bot ☣ Scanner & Auto Exploiter
EnVisen: ROP gadget finder and analysis in pure Javascript
keycloak-scanner: Keycloak security scanner
Pentest-Tools-Framework: Pentest Tools Framework is a database of exploits, Scanners and tools for penetration testing. Pentest is a powerful framework includes a lot of tools for beginners. You can explore kernel vulnerabilities, network vulnerabilities
bouncer: Eloquent roles and abilities.
RedTeam-Physical-Tools: Red Team Toolkit - A curated list of tools that are commonly used in the field for Physical Security, Red Teaming, and Tactical Covert Entry.
using-nmap: A small cheat sheet to using some of the most common nmap flags and setups I use when probing a network.
AdversarialAttack-PHM
jwt-transform: Transform your real jwt token into fake jwt token.
CVE-2020-7200: CVE-2020-7200: HPE Systems Insight Manager (SIM) RCE PoC
StaCoAn: StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.
Hacking_Tools: Quelques outils pouvant aider dans le cadre de test d'intrusion
SEC-reports: utilizing the data avaliable at https://www.secrepo.com/ for security data analysis { the master has a web recon scanner that will also add a vulnerability scanner }
cloud-analytics: Cloud Analytics helps defenders detect attacks to their cloud infrastructure by developing behavioral analytics for cloud platforms as well as a blueprint for how others can create and use cloud analytics effectively.
awesome-mobile-security: An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
blazingfast-bypass: Blazingfast DDoS protection bypass vulnerability.
Hacking-Security-Ebooks: Top 100 Hacking & Security E-Books (Free Download)
usb-keylogger: Creating a crossplatform C++ undetectable usb autorunned keylogger for education purpose
klustair-cli: Scan all images in your Kubernetes cluster with Trivy and check your configuration with Kubeaudit
PT-GUI: Project PT-GUI for Deakin Capstone Hardhat Enterprises
hvmi: Hypervisor Memory Introspection Core Library
CyberSecurityRSS: CyberSecurityRSS: 优秀的网络安全知识来源 / A collection of cybersecurity rss to make you better!
ddos: Best DDoS Attack Script With 36 Plus Methods
sub3suite: a free, open source, cross platform Intelligence gathering tool.
coding-companion: 😃 An artificial companion for coders 😃
npm-initial-access: Easy to extend initial access scenario to help with EDR testing on Linux and Mac
AgnerSecurity: Uma ferramenta WEB de segurança open source de redes de computadores com Nmap, honeypot, vulnerabilidade de equipamentos de rede etc.
h-infect: H-INFECT is a tool to create a virus for android, windows, and macOS.
alternative-frontends: 🔐🌐 Privacy-respecting web frontends for popular services
Google-Maps-API-Scanner: Check if the leaked Google-Maps API key is vulnerable or not.
FDIA-PdM: False Data Injection Attacks in Internet of Things and Deep Learning enabled Predictive Analytics
exploit-phpldapadmin-remote-dump: phpldapadmin remote exploit and vulnerable container !
BUSCO-PROGRAMADOR: Hola a todos, soy nuevo aquí. Estoy buscando un perfil que pueda simpatizar con esta idea escrita. Queremos crear una plataforma desde cero y que se convierta en un monstruo de la era digital. Si tú sabes cómo lograrlo y tienes la ambición. Contáctame.
chezmoi: Manage your dotfiles across multiple diverse machines, securely.
goflood: A connection flood attack application written in Go
enumy: Linux post exploitation privilege escalation enumeration
SharpStrike: A Post exploitation tool written in C# uses either CIM or WMI to query remote systems.
exploit-MS09-050: Microsoft Windows 7 SMB2.0 Remote Blue Screen of Death
DivineLogger: Keylogger builder written in C#
python-tuf: Python reference implementation of The Update Framework (TUF)
bbr: An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.
V-Achilles: Achilles is a tool that shows a visualization (i.e., using dependency graphs) of both direct and indirect dependencies that are affected by software vulnerability attacks.
ipt_geofence: Geographical host protection for Linux
badblood: SonicWall SMA-100 Unauth RCE Exploit (CVE-2021-20038)
4K-Botnet: A simple and easy to use JS Botnet
Github-Monitor: Github Sensitive Information Leakage Monitor(Github信息泄漏监控系统)
sysmon: Sysmon and wazuh integration with Sigma sysmon rules [updated]
savagedetector: Information Gathering and Vulnerability Scanner Tool
DFW1N-OSINT: Australian Open Source Intelligence Gathering Resources, Australias Largest Open Source Intelligence Repository for Cyber Professionals and Ethical Hackers
Discord-Token-Cracker: Simple and fast discord token cracker
ntlmscan: scan for NTLM directories
breachcheck: Checks if entered password appears in the HaveIBeenPwned dataset of leaked passwords. Uses k-Anonymity to avoid exposing the password to HIBP servers.
Chromium-based-XSS-Taint-Tracking: Cyclops 是一款具有 XSS 检测功能的浏览器
ADMMutate: Classic code from 1999+ I am fairly sure this is the first public polymorphic shellcode ever (best IMHO and others http://ids.cs.columbia.edu/sites/default/files/ccs07poly.pdf :) If I ever port this to 64 or implement a few other suggestions (sorry I lost ppc code version contributed) it will be orders of magnitude more difficult to spot, so I hope nobody uses signatures for anything (virus / malware scanners included).
CAN_Hacking: Getting into Opel (Vauxhall) Astra J CAN Messages
steved3.github.io: SteveD3's personal journal for things that really don't fit on social media.
jwt-helper: JWT Helper Tool 4 Pentests.
trailscraper: A command-line tool to get valuable information out of AWS CloudTrail
WebScanner
Awesome-RedTeam-Cheatsheet: Active Directory & Red-Team Cheat-Sheet in constant expansion.
Fortnite-Offsets: These are the Fortnite Chapter 3 Seison 2 Newest Offsets.
zeek-plugin-s7comm: Zeek network security monitor plugin that enables parsing of the S7 protocol
cybersecurity-threat-detection: An ongoing & curated collection of awesome software best practices and remediation techniques, libraries and frameworks, E-books and videos, Technical guidelines and important resources about Threat Detection & Hunting.
DES: Data Encryption Standard c/c++
Zeebsploit: web scanner - exploitation - information gathering
aparoid: Static and dynamic Android application security analysis
botanalyse: botsonar analyse open api
satellite: easy-to-use payload hosting
k8s-security: Kubernetes security notes and best practices
pentesting_script: Laboratorio de pentesting con docker que nos permite descargar y desplegar aplicaciones web vulnerables para practicar pentesting en ellas
WPContentInjection: a quick n dirty poc for wp content injection vulnerability.
AutomatedHunter: Google Chrome Extension automates testing fundamental Web Problems via Chrome
Reverse-Engineering: A FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures.
jackhammer: Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.
awesome-web-hacking: A list of web application security
sdwannewhope: SD-WAN security and insecurity
offbyslash-django-dumper: A proof of concept to dump Django website's source code affected by NGINX's off-by-slash alias directive misconfiguration.
vulscan: vulscan 扫描系统:最新的poc&exp漏洞扫描,redis未授权、敏感文件、java反序列化、tomcat命令执行及各种未授权扫描等...
phpcs-security-audit: phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code
btc-hack: An automated bitcoin wallet generator that brute forces random wallet addresses by checking their balance in real-time using an online API .
dgad: DGA Detective - Hunt domains generated by Domain Generation Algorithms to identify malware traffic
wcs_scanner: Oracle WebCenter Sites Vulnerability Scanner
VAmPI: Vulnerable REST API with OWASP top 10 vulnerabilities for security testing
lunasec: LunaSec - Open Source AppSec platform that automatically notifies you the next time vulnerabilities like Log4Shell or node-ipc happen. Track your dependencies and builds in a centralized service. Get started in one-click via our GitHub App or host it yourself. https://github.com/apps/lunatrace-by-lunasec/
sashay: Sashay is an automatic installer for useful tools.
RE_Mal_Exploit_Tutorials: my reading list for reverse engineering malware & exploit development
Malware-Database: A large repository of malware samples with 2500+ malware samples & source codes for a variety of platforms by Cryptware.
grinder: 🔎 Python framework to automatically discover and enumerate hosts from different back-end systems (Shodan, Censys)
fisy-fuzz: This is the full file system fuzzing framework that I presented at the Hack in the Box 2020 Lockdown Edition conference in April.
WEB-DOJO-SECURITY: Instalacion, configuracion y resulcion de las maquinas de la VM Web Dojo Security ( Web Pentesting ).
Cyber-News-Bot: A bot to retweet everything related to Cyber Security based on hashtag
shodanwave: Shodanwave is a tool for exploring and obtaining information from Netwave IP Camera.
hashpass: A simple password manager with a twist.
ViperMonkey: A VBA parser and emulation engine to analyze malicious macros.
Brute-Force-Login: Proof -Of-Concept Brute Force Login on a web-site with a good dictionary of words
Sherlock: This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)
bountycat: A WEB SECURITY TESTING AUTOMATION TOOL FOR HUMANS
krane: Kubernetes RBAC static analysis & visualisation tool
stethoscope: Personalized, user-focused recommendations for employee information security.
knowledgezero: KnowledgeZero is a place where we, @v-research, publish our research efforts, writing gentle introductions to our ideas but also sharing the hard-core scientific papers.
pen-test-automation: A framework for automating penetration testing using a plugin based architecture
AspNet.Security.OAuth.Okta: AspNet.Security.OAuth.Okta is library include collection of security middlewares to authorize users based on OAuth 2.0 and OpenId Connect protocol in your application.
CVE-2021-27928: Pasos a seguir para explotar la vulnerabilidad CVE-2021-27928
can-i-take-over-dns: "Can I take over DNS?" — a list of DNS providers and how to claim (sub)domains via missing hosted zones
awesome-malware: 💻
Minesweeper: A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
laravel-ban: Laravel Ban simplify blocking and banning Eloquent models.
CVE-2022-25262: PoC + vulnerability details for CVE-2022-25262 / JetBrains Hub single-click SAML response takeover
PrivEsc: A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.
MyOwnCheatSheet: Anotações pessoais relacionadas a pesquisas, estudos e vivências relacionadas à cybersecurity. Sendo constantemente atualizado e aberto a Pull requests caso queira adicionar algo.
Webshell-Sniper: 🔨 Manage your website via terminal
multizone-sdk-arm: MultiZone® Security TEE for Arm® Cortex®-M is the quick and safe way to add security and separation to any Cortex-M based device. MultiZone® software can retrofit existing designs. If you don’t have TrustZone®, or if you require finer granularity than one secure world, you can take advantage of high security separation without the need for hardware and software redesign, eliminating the complexity associated with managing a hybrid hardware/software security scheme.
sbt-dependency-check: SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈
Safari2000day
ThePhish: ThePhish: an automated phishing email analysis tool
pentest-wiki: PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.
SwiftnessX: A cross-platform note-taking & target-tracking app for penetration testers.
Helios: A Python based Web Application security scanner
Hacking-Resources: This repository contains some resources for ethical hackers penetration tester 😊 This may contain some files, tools, books, and links that need to be used for good purposes only. Do not do any illegal work using these sources.
WebMap: WebMap-Nmap Web Dashboard and Reporting
HolyTips: A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.
ICS-Security-Tools: Tools, tips, tricks, and more for exploring ICS Security.
Blue-Baron: Automate creating resilient, disposable, secure and agile monitoring infrastructure for Blue Teams.
python-gvm: Greenbone Vulnerability Management Python Library
seeyon-exploit: 致远OA漏洞检测
www-project-top-10-low-code-no-code-security-risks: OWASP No-Code Low-Code Security
Hawkeye: GitHub 泄露监控系统(GitHub Sensitive Information Leakage Monitor Spider)
Cryptonite: A ransomware created for Windows OS. It is easy to test in a safe environment before deploying it to the victims. Developed using Python
vulnscan: Tool for Advaneced Vulnerability Scanning using NMAP
HFSZap: Rejetto HTTP File Server (HFS) 2.3.x - Remote Command Execution for Windows
Offensive-Resources: A Huge Learning Resources with Labs For Offensive Security Players
WebPocket: Exploit management framework
Rafel-Rat: -------> RAFEL<------ Android Rat Written in Java With WebPanel For Controlling Victims...Hack Android Devices
vulmap: Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能
KeepNoteOSCP: KeepNote For OSCP Course
Un1kFiles: 适用于burpsuite渗透工具的多类型恶意文件代码、漏洞测试payload、脚本代码快速获取复制的在线辅助插件。
tweak-series: Repo for YouTube series
owasp-orizon: Owasp Orizon is a source code static analyzer tool designed to spot security issues in Java applications.
KeychainAccess: Simple Swift wrapper for Keychain that works on iOS, watchOS, tvOS and macOS.
NimScan: 🚀 Fast Port Scanner 🚀
FiercePhish: FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more.
Malware-Machine-Learning: Malware Machine Learning
Loki: The Dependency Confusion vulnerability scanner and autoexploitation tool to help identifying and mitigating supply chain attacks
awesome-api-security: A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.
nosqli: NoSql Injection CLI tool, for finding vulnerable websites using MongoDB.
F21ProInjector: Exploit the vulnerability to install arbitrary applications in k61v1 without ROOT
attack_to_veris: The principal objectives and outputs of this project are the creation and dissemination of an extension to the VERIS schema incorporating ATT&CK mappings and associated usage documentation.
aquatone: A Tool for Domain Flyovers
dorothy: Dorothy is a tool to test security monitoring and detection for Okta environments
oFx: 漏洞批量验证框架
Skaty: Scapy port for Kotlin (Proof of concept)
LogonTracer: Investigate malicious Windows logon by visualizing and analyzing Windows event log
rastrea2r: Collecting & Hunting for IOCs with gusto and style
DLL-INJECTOR: I created a dll injector I am going to Open source its Code. But remember one thing that is any one can use it only for Educational purpose .I again say do not use it to damage anyone's Computer.But one thing if you are using it for some good purpose like to help someone who really need help then I permit you to use it.
VulnerabilityManagement: This is a walkthrough of how I created A Virtual Machine environment using VMWare running Windows 10. I did this project to gain experience with Nessus Essentials and learn how to scan for vulnerabilities and remediate them. This project will showcase two of the main steps in the Vulnerability Management Lifecycle. I will be using Nessus Essentials to scan local VMs hosted on VMWare Workstation in order run credentialed scans to discover vulnerabilities, remediate some of the vulnerabilities, then perform a rescan to verify remediation.
radare2: UNIX-like reverse engineering framework and command-line toolset
Blooket-hack-scripts: A few Blooket hacks (Example: ChestX-ray, TokenHack). But it might not work...
JPGtoMalware: It embeds the executable file or payload inside the jpg file. The method the program uses isn't exactly called one of the steganography methods. For this reason, it does not cause any distortion in the JPG file. The JPG file size and payload do not have to be proportional.The JPG file is displayed normally in any viewing application or web application. It can bypass various security programs such as firewall, antivirus. If the file is examined in detail, it is easier to detect than steganography methods. However, since the payload in the JPG file is encrypted, it cannot be easily decrypted. It also uses the "garbage code insertion/dead-code insertion" method to prevent the payload from being caught by the antivirus at runtime.
ghost: 👻 RAT (Remote Access Trojan) - Silent Botnet - Full Remote Command-Line Access - Download & Execute Programs - Spread Virus' & Malware
Multithreaded-Mass-Web-Search: Scanner that scan IP ranges to find some text on the websites
sshesame: An easy to set up and use SSH honeypot, a fake SSH server that lets anyone in and logs their activity
linux-exploit-suggester: Linux privilege escalation auditing tool
xss-http-injector: XSS HTTP Inject0r is a proof of concept tool that shows how XSS (Cross Site Scripting) flags can be exploited easily. It is written in HTML + Javascript + PHP and released under GPLv3.
Umbrella_android: Open source Android, iOS and Web app for learning about and managing digital and physical security. From how to send a secure message to dealing with a kidnap. Umbrella has best practice guides in over 40 topics in multiple languages. Used daily by people working in high risk countries - journalists, activists, diplomats, business travelers etc.
how2exploit_binary: An in depth tutorial on how to do binary exploitation
XSSCon: XSSCon: Simple XSS Scanner tool
awesome-bbht: A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.
pwn--: pwn++ : my Windows & Linux pwn library to play with modern C++ - and yeah, it's pwn++, not pwn-- (toy lib, don't use in prod)
osint: Docker image for osint
cookie_crimes: Read local Chrome cookies without root or decrypting
CTF-Write-ups: Write-ups for CTF challenges.
vulnerablecode: A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/
ZimbraExploit: Zimbra邮件系统漏洞 XXE/RCE/SSRF/Upload GetShell Exploit 1. (CVE-2019-9621 Zimbra<8.8.11 XXE GetShell Exploit)
zip: A portable, simple zip library written in C
electronegativity: Electronegativity is a tool to identify misconfigurations and security anti-patterns in Electron applications.
CDMC2016: Cybersecurity Data Mining Competition 2016
SecurityArchitecture: Repository for the Open Security Reference Architecture
lambdacube-compiler: LambdaCube 3D is a Haskell-like purely functional language for GPU. Try it out:
featherduster: An automated, modular cryptanalysis tool; i.e., a Weapon of Math Destruction
Roblox: A Script For Roblox supported by krnl,trigon,synapse and uses synapse x undected funcs fast load with files and supports 8+ Games!
Sol-Typo: Solidity Type Casting Identifier tool.
turtle: MSFVenom Powershell Stager Encoder & Generator
osmedeus: A Workflow Engine for Offensive Security
External-Roblox-ESP: This is an external ESP for Roblox. It was made while I was learning to reverse Roblox's structures. This is just a base so it doesn't do anything fancy. Please ignore the ugly code.
H1ve: An Easy / Quick / Cheap Integrated Platform
vminspect: Tools for inspecting disk images
SecurityPlus-notes: Study notes for the CompTIA Security+ certification
Python-Random-Password-Generator: Python - Random Password Generator ( R.P.G. )
awesome-hacker-search-engines: A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red Team operations, Bug Bounty and more
monero: Monero: the secure, private, untraceable cryptocurrency
Samba_usermap_exploit: Easy to read Python script for exploiting Samba versions 3.0.20 through 3.0.25rc3
drill-network-functions: Networking functions for Apache Drill
awesome-websocket-security: Awesome information for WebSockets security research
email-nuker: this is a email bomber unlike other email bombers u don't need your gmail email id to use this
moria: Python library for interacting with in-memory C structures using data mined from binary DWARF debug info.
useful-utilities: Useful Unx / BSD / macOS utilities
SatanSword: 红队综合渗透框架
Cloakify: CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
CVE-2020-15227: CVE-2020-15227 checker
DccwBypassUAC: Windows 8.1 and 10 UAC bypass abusing WinSxS in "dccw.exe".
passworks: a learning lab that teaches the importance of password security! collab w/ ACM Cyber, jamie is a real MVP
FudgeC2: FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.
Knock: 🔑 Scan the entire internet for SSH and Telnet services. Then hack them.
changeme: A default credential scanner.
SubRosa: Basic tool to automate backdooring PE files
CVE-2022-22965-PoC: CVE-2022-22965 (Spring4Shell) Proof of Concept
Recsech: Recsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .
p4wnp1_payloads: Functional payloads for a P4wnP1 A.L.O.A. device.
awesome-ctf: A curated list of CTF frameworks, libraries, resources and softwares
windows_kernel_resources: Papers, blogposts, tutorials etc for learning about Windows kernel exploitation, internals and (r|b)ootkits
timesketch-cli: A dedicated repo to interact with the API of Timesketch
tracy: A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.
SubdomainTakeover: Small python or powershell script to look for potential subdomain takeover vulnerabilities via vulnerable Alias.
Telegram-subscriber-adder: run this script with ur chanal name and u will get subscriber
Visual-Basic-Scripts: Visual Basic Scripts Utilities. Fun, Automation, Fundamentals. With the help of these scripts, I develop lots of Exploits which I'm used for automation system tasks. these vb scripts I am also used for system security exploitation.
metasploit-windows-ud-shell: A metasploit module that allows users to generate undetected windows shells.
Behold3r: 👻Behold3r -- 收集指定网站的子域名,并可监控指定网站的子域名更新情况,发送变更报告至指定邮箱
scot: Sandia Cyber Omni Tracker (SCOT)
FenixSecure-VM: Backend logic implementation for Vulnerability Management System
Ctf_Or_LearningLabs: My thought processes as I'm working through the labs for portswigger and Hackthebox. It's just to keep account of what labs/ctf I've done. My blog will have certain cts that I did while doing my CEH. This will be all of the rest. Helps me keep account of my progress and methodology.
storage-collision-poc: A simple PoC to exploit storage collision in smart contracts
recon-pipeline: An automated target reconnaissance pipeline.
Computer-Science-Resources: A list of resources in different fields of Computer Science
b-ok-scraper: A b-ok.cc Simple Python Scraper
overflow: A command-line tool for exploiting stack-based buffer overflow vulnerabilities.
ochrona-cli: A command line tool for detecting vulnerabilities in Python dependencies and doing safe package installs
pocsuite3: pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.
phoenix: A tool for steganography of png files .
dns-rebind-toolkit: A front-end JavaScript toolkit for creating DNS rebinding attacks.
voucher: Enterprise-grade security solution for digital assets custody, using a cryptographically secure offline network.
sentey: Protect your Spigot server by blocking unknown BungeeCord and Velocity proxies and checking for invalid IP forwarding addresses.
Open_Source_Web-Vulnerability-Scanner-and-Patcher: A Open Source Web Vulnerability Scanner and Patcher
binaryalert: BinaryAlert: Serverless, Real-time & Retroactive Malware Detection.
dump-scripts: Downloads all scripts on an external page to a local directory, with support for automatic deobfuscation/prettifying.
OverRide: Binary Exploitation and Reverse-Engineering (from assembly into C)
w5: Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台,无需编写代码的安全自动化,使用 SOAR 可以让团队工作更加高效
PHP_imap_open_exploit: Bypassing disabled exec functions in PHP (c) CRLF
top-burpsuite-plugins-extensions
urllibDoS.py: A GET attack using the urllib package in Python 3. A simpler version of https://github.com/g-h-0-S-t/bs4DoSTool .
AutoTTP: Automated Tactics Techniques & Procedures
Kali-Linux-Ebooks: Top 20 Kali Linux Related E-books (Free Download)
owasp-threat-dragon-gitlab: OWASP Threat Dragon with Gitlab Integration
Browser-exploit
subdomain-scanner
ItLearnDir: This Directory is to provide all the information for learning resource in IT world.
cloudsplaining: Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.
deksterecon: Web Application recon automation
jenkins-cve-2016-0792: Exploit for Jenkins serialization vulnerability - CVE-2016-0792
Phoenix-CS02-CyberSecurity_Project: Cybersecurity Internship Project
awesome-cyber-security-university: 🎓 Because Education should be free. Contributions welcome! 🕵️
CEHv10-Notes: 📕 Both personal and public notes for EC-Council's CEHv10 312-50, because it's thousands of pages/slides of boredom, and a braindump to many
Newbie-Security-List: 网络安全学习资料,欢迎补充
secretnet_expl: LPE exploits for Secret Net and Secret Net Studio
Prismatica: Responsive Command and Control System
nmap_all_live_hosts: Shell Script Used to Discover Live Hosts in an IP Range, Kick-Off TCP & UDP Scans, and Scan w/ Good Balance of Time vs Accuracy
BruteX: Automatically brute force all services running on a target.
pi-timolo: Raspberry PI-TIMOLO ( PI-TImelapse, MOtion, LOwLight ) uses RPI picamera and OpenCV for Remote Headless Security Monitoring using Motion Tracking, Rclone Auto Sync files with remote storage services. Auto Twilight Transitions and Low Light Camera Settings. Panoramic images using PanTiltHat and More. This project is featured on GitHub Awesome software.
ctf-writeups: Capture The Flag competition challenge write-ups
bovine: Building Operational Visibility Into (n) Environments
termux-desktop-lxqt: Install a simple, fast and beautiful desktop in termux
nsjail: A light-weight process isolation tool, making use of Linux namespaces and seccomp-bpf syscall filters (with help of the kafel bpf language)
keylogger_with_python_3: Keylogger with python 3
springcore-0day-en: Everything I needed to understand what was going on with "Spring4Shell" - translated source materials, exploit, links to demo apps, and more.
safety: Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.
GithubMonitor: 根据关键字与 hosts 生成的关键词,利用 github 提供的 api,监控 git 泄漏。
Buffer_Overflow: Don't let buffer overflows overflow your mind
dependency-track: Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
cyber-incident-management: Notes on managing and coordinating the response to major cyber incidents
AttackToolKit: Open-source Exploiting Framework
osv-detector
GSIL: GitHub Sensitive Information Leakage(GitHub敏感信息泄露监控)
GooFuzz: GooFuzz is a tool to perform fuzzing with an OSINT approach, managing to enumerate directories, files, subdomains or parameters without leaving evidence on the target's server and by means of advanced Google searches (Google Dorking).
OpenSC: Open source smart card tools and middleware. PKCS#11/MiniDriver/Tokend
blackbird: An OSINT tool to search for accounts by username in social networks.
sbt-dependency-check-action: A Github Action to parse DependencyCheck JSON reports, print the found vulnerabilities and fail the build.
lynis: Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
kido: White hat hacking passwords using ML
tripwire-open-source: Open Source Tripwire®
SafeDeserializationHelpers: 👹 Fixes known BinaryFormatter deserialization vulnerabilities
recon-archy: Linkedin Tools (and maybe later other source) to reconstruct a company hierarchy from scraping relations and jobs title
sipvicious: SIPVicious OSS has been around since 2007 and is actively updated to help security teams, QA and developers test SIP-based VoIP systems and applications.
Bei-Gai-penetration-test-guide: 渗透测试文章,如果对你有帮助记得star,未完结更新中,将写到至少2022年
fosite: Extensible security first OAuth 2.0 and OpenID Connect SDK for Go.
trivy-docker-compose: Deployment-ready docker configuration and instructions to use Trivy on your infrastructure and CIs.
CVEScannerV2: Nmap script that searches for probable vulnerabilities based on services discovered in open ports.
CTFs: K- CTF writeups
git-hound: Reconnaissance tool for GitHub code search. Finds exposed API keys using pattern matching, commit history searching, and a unique result scoring system.
apache-ultimate-bad-bot-blocker: Apache Block Bad Bots, (Referer) Spam Referrer Blocker, Vulnerability Scanners, Malware, Adware, Ransomware, Malicious Sites, Wordpress Theme Detectors and Fail2Ban Jail for Repeat Offenders
TeleKiller: A Tools Session Hijacking And Stealer Local Passcode Telegram Windows
linux-compliance-manager: A tool for managing machines in the same network that are in compliance with the given security policies, generating vulnerabilities insights
AutoXploit: Fast exploitation based on metasploit.
HTBWriteups: Writeups of Hack The Box machines, Italian and English languages
myvpn-desktop: VPN server configuration software. Protocols: L2TP, PPTP, OpenVPN, WireGuard, Socks5, ShadowSocks (v2ray). | Providers: DigitalOcean, Linode, CryptoServers, Hetzner Cloud, Custom Server
RSA_Security_Token: A Security token system for (two-factor) authentication to Linux / Unix using an FPGA and a PAM-module. Either A: 72-bit or B: 512-bit RSA. Version A is air-gapped. Version B uses USB UART. BSD-3 licensed.
through_the_wire: CVE-2022-26134 Proof of Concept
Cyber-ML-DL-101: Repository of all notebooks used in workshop at NII.
cdnlookup: 一个使用 Edns-Client-Subnet(ECS) 遍历智能CDN节点IP地址的工具
ggshield: Detect secrets in source code, scan git repos, and use pre commit hooks to prevent API key leaks.
osint-brazuca: Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.
MS17010EXP: Ladon Moudle MS17010 Exploit for PowerShell
Ontario1024: A selection of my PC-based computer virus code samples from the early 90's. Don't worry. They don't bite... anymore...
bluenightingale: Building a unified strategy to create threat detection use-cases in the combat against cyber criminals - ADHYAYAM I [LOGS]
MSc-CyberSecurity-Sapienza: Master of Science in Cybersecurity, Sapienza University of Rome.
libfuzzer: Thin interface for libFuzzer, an in-process, coverage-guided, evolutionary fuzzing engine.
CVE-2017-0100: CVE-2017-0100、MS17-012、Eop
nuclei-templates: Community curated list of templates for the nuclei engine to find security vulnerabilities.
Golang_SCA: Golang SCA(Software Composition Analysis) 通过分析你的go.mod文件,协助你发现,Golang项目的依赖库是否存在漏洞
Flytrap: A TCP based honeyport written in Python. Once an attacker accesses the port this service is listening on, the attacker's IP is blocked by the local system and a notification is sent to the specified syslog server. Runs on both Windows and Linux.
awesome-pentest-tools: List of Security Archives Tools and software, generally for facilitate security & penetration research. Opening it up to everyone will facilitate a knowledge transfer. Hopefully the initial set will grow and expand.
pshape: Inspector-gadget (a.k.a. PSHAPE - Practical Support for Half-Automated Program Exploitation) is an open source tool which assists analysts in exploit development. It discovers gadgets, chains gadgets together, and ensures that side effects such as register dereferences do not crash the program.
captcha: Captcha for Laravel 5/6/7/8/9
go-cve-search: lightweight CVE search
TryHackMe_writeups: This repository contains a few of my writeups I made for the famous and addictive TryHackMe CTF (Capture The Flag) challenges.
R3Xploit: Exploit for Hacking Roblox, Support multiples Api
cryptomator: Multi-platform transparent client-side encryption of your files in the cloud
vulnscanner: vulnscanner is a web application source code vulnerability scanner. It could be used to detect if the target project contains any known vulnerabilities. One of the best ways we can do that is to help developers and security professionals improve the web application they are producing that everyone else relies on.
xssmap: Intelligent XSS detection tool that uses human techniques for looking for reflected cross-site scripting (XSS) vulnerabilities
hackertyper: "Hack" like a programmer in movies and games! Inspired by hackertyper.net
SyscallDumper: Dump system call codes, names, and offsets from Ntdll.dll
hardening-raspberry-pi: Notes and considerations on hardening a Raspberry Pi 4.
Sandman: A Target Tracking , NoteTaking , CheckLists and Data Management GUI App for Bug Hunter's and Pentesters.
scau: Source Code Analysis Utility
R3d-Buck3T: Penetration Testing, Vulnerability Assessment and Red Team Learning
talks: Files for any talks that I give
cve_searchsploit: Search an exploit in the local exploitdb database by its CVE
win-back-cat: A fully undetected, hidden, persistent, reverse netcat shell backdoor for Windows.
fstscan: Massive Vulnerability scanner
CTF-All-In-One: CTF竞赛权威指南
cmsPoc: CMS渗透测试框架-A CMS Exploit Framework
CodeArgos: A python module for red teams to support the continuous recon of JavaScript files and HTML script blocks in an active web application.
awesome-cryptocurrency-security: 😎 Curated list about cryptocurrency security (reverse / exploit / fuzz..)
rctf-scenario6: Robotics CTF scenario 6
VulnWeb: simple python program used to fetch admin panel of an website.
wildlogger: This is a keylogger that collects all the data and e-mail it in a set time with system information which includes device S/N and hardware specs, every button that pushed, screenshots, and copying processes.
hacl-rs: Rusty bindings for HACL, a formally verified cryptographic library written in F*.
dufflebag: Search exposed EBS volumes for secrets
awesome-incident-response: A curated list of tools for incident response
caldera: Automated Adversary Emulation Platform
Picocrypt: A very small, very simple, yet very secure encryption tool.
CVE-2021-27965: stack based buffer overflow in MsIo64.sys, Proof of Concept Local Privilege Escalation to nt authority/system
Safety-checklist: 🌴一些安全备忘清单
RanSim: Ransomware simulation script written in PowerShell. Useful for testing your defenses and backups against real ransomware-like activity in a controlled setting.
Facebook-tools: Version 1.0.0 - Comment bomber only
voters: Security voters are the most granular way of checking permissions (e.g. "can this specific user edit the given item?")
awacs-scanner: Fully automated cyber security scanner
BurpExtend: 基于Burp插件开发打造渗透测试自动化
csv-plus_vulnerability: 👻 [PoC] CSV+ 0.8.0 - Arbitrary Code Execution (CVE-2022-21241)
Shtreeba: VAC-proof 32bit DLL injector written in C++, using memory mapping and thread hijacking techniques
falco: Cloud Native Runtime Security
CVE-2018-11776-Python-PoC: Working Python test and PoC for CVE-2018-11776, includes Docker lab
PcapViz: Visualize network topologies and collect graph statistics based on pcap files
Prediction-DDoS: Questo progetto è stato sviluppato per il corso universitario Analisi dei dati per la sicurezza. Il progetto mira ad estrarre conoscenza dai dati per la classificazione di attacchi DDos seguendo le fasi di sviluppo del processo KDD.
hackable: A python flask app that is purposefully vulnerable to SQL injection and XSS attacks. To be used for demonstrating attacks
SQL_Injection_Payload: SQL Injection Payload List
whoishere.py: WIFI Client Detection - Identify people by assigning a name to a device performing a wireless probe request.
StackedTotemLimiter: A plugin that prevents stacked totems. Useful if you own a server that facilitates the crafting dupe, but don't want to deal with stacked totems.
OXIDTools: 200 TOOLS BY 0XID4FF0X FOR TERMUX
bleachbit: BleachBit system cleaner for Windows and Linux
recon-my-way: This repository created for personal use and added tools from my latest blog post.
searchport: Search ports in multiples hosts
lor-axe: 🪓 a multi-threaded, low-bandwidth HTTP DOS tool
gscript: framework to rapidly implement custom droppers for all three major operating systems
GVM-Deployment: Dockerised Greenbone Vulnerability Management components
ioc-explorer: Explore Indicators of Compromise Automatically
Name-That-Hash: 🔗 Don't know what type of hash it is? Name That Hash will name that hash type! 🤖 Identify MD5, SHA256 and 300+ other hashes ☄ Comes with a neat web app 🔥
AdministracionDeSistemasOperativos: Administración de sistemas Linux y Windows . Autor: Paulino Esteban Bermúdez R.
porkbind: 🐷 Nameserver security scanner (ARCHIVE)
ThinkPwn: Started as arbitrary System Management Mode code execution exploit for Lenovo ThinkPad model line, ended as exploit for industry-wide 0day vulnerability in machines of many vendors
Analyst-NoteBook: Python3 IP lookup tool with variety of features to enable easier and faster cybersecurity analysis.
sf-imap-storage: sf-imap-storage extension provides the central storage/backup part of the IMAP infrastructure.
AutoMacroBuilderForZAP: A OWASP ZAPROXY Add-on that allows testing of web application vulnerabilities by recording complex multi-step sequences. You can test applications that need to access pages in a specific order, such as shopping carts or registration of member information.
memory.dll: C# Hacking library for making PC game trainers.
android-security-awesome: A collection of android security related resources
fatbee: A low-interaction honeypot written by demonalex, i.e. Alex Huang.
Python-Pentest-ToolKit: Pentest ToolKit
FileVaultCracker: macOS FileVault cracking tool
aircrack-ng: WiFi security auditing tools suite
EvidenceWiki: All of my threat intel recommendations for aspiring Information Security Analyst. This section contains information about evidence at analyst's disposal IP, domain, email, hash, files.
weblogic_honeypot: WebLogic Honeypot is a low interaction honeypot to detect CVE-2017-10271 in the Oracle WebLogic Server component of Oracle Fusion Middleware. This is a Remote Code Execution vulnerability.
Webhook_Deleter: ✨ Un court code qui permet de Supprimer n'importe quel Webhook avec son lien en Python par moi, et en français.
Lockdoor-Framework: 🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
Awesome-Federated-Machine-Learning: Everything about federated learning, including research papers, books, codes, tutorials, videos and beyond
armory: A curated repository of the tools, scripts, resources and programs I use regularly for CTF, BB or other security work.
svscan: SuiteCRM Vulnerability Scanner
Zombie-DDoS: A tool to perform DDoS attack with control panel to control your crazy zombies : )
protools: 历经开发周期两年,并且应用过千万级别项目的工具箱
netscan2: active / passive network scanner
hisilicon-dvr-telnet: PoC materials for article https://habr.com/en/post/486856/
WebApplicationVulnerabilityScanners: Tested two web application vulnerability scanners and testing platforms for their effectiveness at detecting all known categories of SQL Injection (SQLi) and Cross-Site Scripting vulnerabilities (XSS).
ric9rdo.github.io: Just a random cybersecurity (b)log that I use as a personal database
SecNotes: cyber security notes for your consumption.
SAP_ransomware: Simple remote command execution exploit code for SAP GUI
gvm-libs: Greenbone Vulnerability Management Libraries
Layla: BETA: Layla - recon tool for bug bounty
Passwords: Final project for R course at Hult, conducting an analysis about whether cybersecurity is still a business problem, specifically about passwords.
CRLFsuite: The most powerful CRLF injection (HTTP Response Splitting) scanner.
cariddi: Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more
psploit: psploit - bash script for using PRET with a lot of IP addresses in the row.
k8s-harbor: Harbor in Kubernetes
network-threats-taxonomy: Machine Learning based Intrusion Detection Systems are difficult to evaluate due to a shortage of datasets representing accurately network traffic and their associated threats. In this project we attempt at solving this problem by presenting two taxonomies
targets: A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.
tartufo: Searches through git repositories for high entropy strings and secrets, digging deep into commit history
yakit: Cyber Security ALL-IN-ONE Platform
nuclipy: A simple template based vulnerability scanner in python (Inspired by ProjectDiscovery's Nuclei)
Nightingale: It's a Docker Environment for pentesting which having all the required tool for VAPT.
meltdown: This repository contains several applications, demonstrating the Meltdown bug.
jssdk-core: A Javascript Implementation of XQ Message SDK (V.2) which provides convenient access to the XQ Message API.
wire-transfer: Encode binary as English text over HTTP(s)
HARP: HARP is the instrument used by King david. HARP search engine is simillar to Google. HARP Search engine is invented in SLING P.L by wilmix jemin j.
Warberry3: WarBerryPi was built to be used as a hardware implant during red teaming scenarios where we want to obtain as much information as possible in a short period of time with being as stealthy as possible. The WarBerry python script is a collection of open source scanning tools put together to provide that functionality. These tools include nmap, crackmapexec, tcpdump, netdiscover and others typically found in Kali Linux.This project is forked from the original secgroundzero/warberry project and updated to be Python 3 compatible. The original author stopped maintaining the secgroundzero/warberry project in November 2019.
rengine: reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
CVE-2020-9283: Exploit for CVE-2020-9283 based on Go
zenbuster: Multi-threaded URL enumeration/brute-forcing tool in Python.
osint_stuff_tool_collection: A collection of several hundred online tools for OSINT
brakeman: A static analysis security vulnerability scanner for Ruby on Rails applications
jerseyctf-2021-challenges: JerseyCTF 2021
jfrog-docker-desktop-extension: 🐸 Scans any of your local Docker images for security vulnerabilities. 🐋
osquery: SQL powered operating system instrumentation, monitoring, and analytics.
CloseTheGapCybersecurity: Repository for the Close the Gap - Cybersecurity E-Book. A Book about transforming your theoretical programming Knowledge from University into real Life Python Projects
final-java-backend: n-tier java web api example spring boot, postgre sql, SOLID design
ExGen: Exploit generator for bug hunters
GVM-Docker: Greenbone Vulnerability Management Docker Image with OpenVAS
spiderfoot: SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
AntiDDOS-system: 🛡️⚔️ Protect your web app from DDOS attack or the Dead Ping + CAPTCHA VERIFICATION in one line!
gopwn: Golang CTF framework and exploit development module
heappy: A happy heap editor to support your exploitation process 🙂
shreddedmeat: shredded meat a vulnerability audit tools
jaam: Web Browser Security Framework
openvpn-gui: OpenVPN GUI is a graphical frontend for OpenVPN running on Windows 7 / 8 / 10. It creates an icon in the notification area from which you can control OpenVPN to start/stop your VPN tunnels, view the log and do other useful things.
exgdb: Extension for GDB
hackigniter: HackIgniter, PHP CodeIgniter Framework'ü üzerinde kodlanmış zafiyetli bir web uygulamasıdır. Uygulama üzerinde bulunan zafiyetler, sızma testi sırasında en çok tespit edilen zafiyetlere benzer olacak şekilde hazırlanmıştır.
0x03-ARM-32-Hacking-Float: ARM 32-bit Raspberry Pi Hacking Float example in Kali Linux.
ciscoasa_honeypot: A low interaction honeypot for the Cisco ASA component capable of detecting CVE-2018-0101, a DoS and remote code execution vulnerability.
evilkit: A Simple Backdoor ToolKit Using Rust
GIVINGSTORM: Infection vector that bypasses AV, IDS, and IPS. (For now...)
claircli: Command line tool to interact with Quay Clair
onionize: Script to create Onion Mirror for Clearnet site based on Enterprise Onion Toolkit
EmailAll: EmailAll is a powerful Email Collect tool — 一款强大的邮箱收集工具
ScanPro: ScanPro - NMap Scanning Scripts ~ Network Mapper
cve-2019-14326: Privilege escalation in Andy emulator
gitoops: all paths lead to clouds
crawleet: Web Recon & Exploitation Tool.
riceteacatpanda: repo with challenge material for riceteacatpanda (2020)
sarna: Security Assessment Report geNerated Automatically
Simple-Async-Port-Scanner: A simple asynchronous TCP/IP Connect Port Scanner in Python 3
heap-viewer: IDA Pro plugin to examine the glibc heap, focused on exploit development
vulture-base: Vulture 4 base system and bootstrap scripts
indocrack: All in one Indian Facebook Account Cloner [ 7/8/9/10 DIGIT ]
wsvuls: wsvuls - website vulnerability scanner detect issues [ outdated server software and insecure HTTP headers.]
thewhiteh4t.github.io: thewhiteh4t's Blog
hacker-roadmap: A collection of hacking tools, resources and references to practice ethical hacking.
can2RNET: This repo has code and documentation to control power-wheelchairs with R-Net electronics.
AIVPN: The AI VPN provides an security assessment of VPN clients' network traffic to identify cyber security threats.
MemWars
security-trust-settings-tools: 🔒 OS X Keychain Trust Settings Tools.
ctf-awesome-resources: A list of Capture The Flag (CTF) frameworks, libraries, resources and software for started/experienced CTF players 🚩
ppfuzz: A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀
reverse-shell: Reverse Shell as a Service
Puwr: Pivot your way deeper into networks by discovering hosts & ports, using a compromised machine via SSH
ElectricEye: Continuously monitor your AWS attack surface and evaluate services for configurations that can lead to degradation of confidentiality, integrity or availability. All results can be exported to Security Hub, JSON, CSV, Databases, and more for further aggregation and analysis.
echoCTF.RED: A platform to develop, run and administer CTF competitions. The online echoCTF.RED platform user interfaces and codebase
SpectrePoC: Proof of concept code for the Spectre CPU exploit.
OmegaPSToolkit: Totally in development! A toolkit that brings together penetration testing tools such as wireless tools, web tools, password cracking tools, etc.
awesome-dotnet-security: Awesome .NET Security Resources
CVE-2021-34429: POC for CVE-2021-34429 - Eclipse Jetty 11.0.5 Sensitive File Disclosure
purpura-csgo-sdk: small little public internal base/cheat i'm currently working on
sifter: Sifter - All purpose penetration testing op-center
cloudformation-guard: Guard offers a policy-as-code domain-specific language (DSL) to write rules and validate JSON- and YAML-formatted data such as CloudFormation Templates, K8s configurations, and Terraform JSON plans/configurations against those rules.
Backdoorcreator: Exploit toolkit
Ontology-Triones-Service-Node-security-checklist: Ontology Triones Service Node security checklist(本体北斗共识集群安全执行指南)
BTPS-SecPack: This repository contains a collection of PowerShell tools that can be utilized to protect and defend an environment based on the recommendations of multiple cyber security researchers at Microsoft. These tools were created with a small to medium size enterprise environment in mind as smaller organizations do not always have the type of funding available to overly spend on security. The goal of this project is to help add value to an smaller organizations security by creating more visibility for the average IT Administrator. Organizations with 1,000’s of devices may find that this entire suite does not apply to them.
jake: Check your Python environments for vulnerable Open Source packages with OSS Index or Sonatype Nexus Lifecycle.
zen-rails-security-checklist: Checklist of security precautions for Ruby on Rails applications.
Roblox-Dev: An awesome Roblox Exploit for Roblox
XSS-LOADER: Xss Payload Generator ~ Xss Scanner ~ Xss Dork Finder
information-security: A place where I can create, collect and share tooling, resources and knowledge about information security.
sleepy-puppy: Sleepy Puppy XSS Payload Management Framework
CVE-2021-3493: CVE-2021-3493 Ubuntu OverlayFS Local Privesc (Interactive Bash Shell & Execute Command Entered)
struts-scan: Python2编写的struts2漏洞全版本检测和利用工具
Amazing-Cybersec-Resources: Amazing Collection of Cyber Security resources (Books, Tutorials, Blogs, Podcasts, ...)
Valet: Valet lets you securely store data in the iOS, tvOS, or macOS Keychain without knowing a thing about how the Keychain works. It’s easy. We promise.
MicrosoftWontFixList: A list of vulnerabilities or design flaws that Microsoft does not intend to fix. Since the number is growing, I decided to make a list. This list covers only vulnerabilities that came up in July 2021 (and SpoolSample ;-))
reentrancy-attacks: A chronological and (hopefully) complete list of reentrancy attacks to date.
0x02-ARM-32-Hacking-Int: ARM 32-bit Raspberry Pi Hacking Int example in Kali Linux.
XAttacker: X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter
chain-bench: An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.
xira: xss vulnerability scanner and input fuzzing tool.
PoW-Shield: Project dedicated to fight Layer 7 DDoS with proof of work, featuring an additional WAF. Completed with full set of features and containerized for rapid and lightweight deployment.
CEH_v10_Dumps: Certified Ethical Hacker ( C|EH v.10 ) Dump
stegseek: ⚡ Worlds fastest steghide cracker, chewing through millions of passwords per second ⚡
Richkware: Framework for building Windows malware, written in C++
LROSecurity: This guide is intended as an introductory document for low-risk organizations interested in improving their cybersecurity practices. Produced by Citizen Clinic at UC Berkeley's Center for Long-Term Cybersecurity. An introduction to this guide, and an overview on how to use it, can be seen on TechSoup:
CVE-2022-0540-RCE: Atlassian Jira Seraph Authentication Bypass RCE(CVE-2022-0540)
vulnerability-scanner: A vulnerability detection scanner utility for Solidity smart contracts
xlogin: Lightweight, secure and login like console display manager for X
PyRedactKit: Python CLI tool to redact and un-redact sensitive data from text files. 🔐📝
OctopusWAF: OctopusWAF is a WAF( Web application firewall) with high performance, made in C language and use libevent.
CiscoExploit: Cisco Exploit (CVE-2019-1821 Cisco Prime Infrastructure Remote Code Execution/CVE-2019-1653/Cisco SNMP RCE/Dump Cisco RV320 Password)
faraday_agent_dispatcher: Faraday Agent Dispatcher launches any security tools and send results to Faradaysec Platform.
conti-pentester-guide-leak: Leaked pentesting manuals given to Conti ransomware crooks
Xonory: The Xonory Programming Language For Advanced Malware Development
CVE-2018-8120: CVE-2018-8120 Windows LPE exploit
MixewayFortifyScaRestApi: Mixeway Fortify SCA Rest API - custom build API that can execute source analyzer remotely via API Calls
Conti-Ransomware: Full source of the Conti Ransomware Including the missing Locker files from the original leak. I have fixed some of the errors intentionally introduced by the leaker to prevent the locker from being built. The Queue header file which implements a few linked list data structures that Conti uses for task scheduling in the Threadpool had several missing commas, there are still errors which I believe to be the result of a missing #ifdef pre-processsor macro in one of the header files but haven't had time to find it. Will be uploading English Translated Documentation In the future
wsltools: Web Scan Lazy Tools - Python Package
KubeArmor: Cloud-native Runtime Security Enforcement System
redis-exploit: an exploit to an open redis instance
penetration-script: 渗透测试脚本,为防忘记开设(垃圾桶)
WriteUps: Repository for writeups of ctf challenges
crithit: Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
dockerized-parrot: Dockerized version of Parrot GNU/Linux
Windows-Exploit-Suggester-2: A tool to recommend available exploits for Windows Operating Systems
Hikari: LLVM Obfuscator
XSS-Payload-without-Anything: XSS Payload without Anything.
STIX-Java: STIX 2.x Java Library
unsign: Remove code signatures from OSX Mach-O binaries (note: unsigned binaries cannot currently be re-codesign'ed. Patches welcome!)
advanced-censys-client: It's a censys client who able to you to scrape the censys API with multiple api keys. It will able to you to scrape more than 10k ips.
enum4linux-ng: A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.
wowInjector: PoC: Exploit 32-bit Thread Snapshot of WOW64 to Take Over $RIP & Inject & Bypass Antivirus HIPS (HITB 2021)
Phoenix-Framework: Phoenix Framework Project
repo-security-scanner: CLI tool that finds secrets accidentally committed to a git repo, eg passwords, private keys
lit-bb-hack-tools: Little Bug Bounty & Hacking Tools⚔️
road-to-hacking: ¿Quieres empezar en el mundo hacking? En esta revista te enseño a instalar Kali Linux desde cero y a manipular herramientas esenciales en el Hacking Ético.
tofu: Windows offline filesystem hacking tool for Linux
ZVulDrill: Web漏洞演练平台
Google-Chrome-Browser-Database-Hack: Google Chrome Database Cracking Hacking - Get username & passwords
burp-shell-fwd-lfi: A Burp Suite plugin/extension that offers a shell in Burp. Both useful for OS Command injection and LFI exploration
Monitor-pastebin-leaks: Script to monitor pastebin.com's public pastes for sensitive data leakage
tryhackme-ctf: TryHackMe CTFs writeups, notes, dratfs, scrabbles, files and solutions.
metta: An information security preparedness tool to do adversarial simulation.
FreeFire-Phishing: Free Fire Account Hack Phishing tool with Termux
Tscan: A simple port scanner (with option to print to file) written in C using GTK 3.0
RWCTF-FastStructureCache: My heavily commented analysis/reimplementation of the exploit for the FastStructureCache WebKit 1day Challenge from 2019's RealWorld CTF finals
Red-Team-Essentials: This repo will contain some basic pentest/RT commands.
Flask-HTTPAuth: Simple extension that provides Basic, Digest and Token HTTP authentication for Flask routes
jsbackdoor: Script que por medio de un XSS permite la ejecución remota de JavaScript utilizando un Socket Server. El script es muy simple y sencillo, especial para principiantes que deseen aprender más sobre Python y ataques del lado del cliente.
WireGuard-Guide: WireGuard Guide
tsharrk: 🦈 Tools to Make Analyses Using tshark Easier in R
rhizobia_J: JAVA安全SDK及编码规范
One-Lin3r: Gives you one-liners that aids in penetration testing operations, privilege escalation and more
angularjs-csti-scanner: Automated client-side template injection (sandbox escape/bypass) detection for AngularJS v1.x.
honeyshell: An SSH honeypot based on the libssh library written entirely in Go.
CIS-Ubuntu-20.04-Ansible: Ansible Role to Automate CIS v1.1.0 Ubuntu Linux 18.04 LTS, 20.04 LTS Remediation
liffier: tired of manually add dot-dot-slash to your possible path traversal? this short snippet will increment ../ on the URL.
TheThreatHuntLibrary: Library of threat hunts to get any user started!
alarmo: Easy to use alarm system integration for Home Assistant
KernelForge: A library to develop kernel level Windows payloads for post HVCI era
polymorphic_compression_malware: Warning, this is malware. Don't do something stupid with it
GDA-android-reversing-Tool: GDA is a new fast and powerful decompiler in C++(working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leaking detection, vulnerability detection, path solving, packer identification, variable tracking, deobfuscation, python&java scripts, device memory extraction, data decryption, and encryption, etc.
InfiniDrive: A project that leverages Google Drive's API and "0 size file" rules for native Docs for unlimited storage space. - A SteelHacks 2019 Project
sipcheck: SIPCheck is a tool that watch the authentication of users of Asterisk and bans automatically if some user (or bot) try to register o make calls using wrong passwords.
Awesome-Honeypot: Cowrie Honeypot with Elasticsearch
Keye: Keye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will make a request to these URLs and try to detect changes based on their response's body length.
WebInfraScanner: A vulnerability scanner designed for remote web server. Uses nmap and whatweb extensively
linux-russian-roulette: Like Russian roulette, but for your kernel.
WMAT: WMAT is automatic tool for testing webmail accounts. Support SSL pages, have automatic generator for default passwords. XML driven patterns. Included on Backtrack Linux 4.
pysdk-core: A Python Implementation of XQ Message SDK (V.2) which provides convenient access to the XQ Message API.
IRIS: 🔍 IRIS: An open-source intelligence framework
LadonGo: LadonGO 4.2 Pentest Scanner framework 全平台Go开源内网渗透扫描器框架,Windows/Linux/Mac内网渗透,使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost,远程执行SSH/Winrm,密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis,端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机,端口扫描服务识别PortScan。
k8s-security-dashboard: A security monitoring solution for Kubernetes
TWAPT: Deploy your own lab of web application penetration testing with docker and docker-compose, webgoat, dvwap, bwapp and Juice Shop
dr_checker_4_linux: Port of "DR.CHECKER : A Soundy Vulnerability Detection Tool for Linux Kernel Drivers" to Clang/LLVM 10 and Linux Kernel
violent-python3: Source code for the book "Violent Python" by TJ O'Connor. The code has been fully converted to Python 3, reformatted to comply with PEP8 standards and refactored to eliminate dependency issues involving the implementation of deprecated libraries.
SubDomainizer: A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.
Unity-game-hacking: A guide for hacking unity games
CTF-WriteUps: Writeups for the CTFs I solve
ORLFTExploit: Exploit script to constantly get free access to O'Reilly Learning material via their Free Trial Page - https://learning.oreilly.com/register/
site-vulns-finder: Scans site for vulnerabilities, such as admin panels, logs
TorBot: Dark Web OSINT Tool
Vine: Python 3 Hacking Tools
malidate: A logging DNS and HTTP(S) server. Opensource alternative to some parts of the Burpsuite Collaborator server.
Amazing-Bug-Bounty-Path: Amazing Collection of Bug Bounty Hunting resources
labsecurity: labsecurity is a tool that brings together python scripts made for ethical hacking, in a single tool, through a console interface
xray: 一款完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档
SuperLibrary: Information Security Library
SQLzr-i: This is a Perl program to do an automated SQL Injection for pentesting web's SQL database protection. Coded by M.Fazri Nizar.
CTI-Quiz: Practice CTI Quiz
DDoS-Ripper: DDos Ripper a Distributable Denied-of-Service (DDOS) attack server that cuts off targets or surrounding infrastructure in a flood of Internet traffic
fake-sms: A small script to send messages anonymously. very fast and secure SMS sending script.
SwiftyRSA: RSA public/private key encryption in Swift
Deep-Explorer: Deep Explorer is a ( 1 day developed ) tool made in python which purpose is the search of hidden services in tor network, using Ahmia Browser and crawling the links obtained
exploit-CVE-2015-3306: ProFTPd 1.3.5 - (mod_copy) Remote Command Execution exploit and vulnerable container
saucerframe: python3批量poc检测工具
awesome-vehicle-security: 🚗 A curated list of resources for learning about vehicle security and car hacking.
Gish-Code-1.12.2: This is a hacked modification for Minecraft Forge 1.12.2
shfz: TypeScript Scenario-Based Web Application Fuzzing Framework
CVE-2021-21315-PoC: CVE 2021-21315 PoC
setcap-static: A statically linked lightweight version of setcap(8) to use in scratch images
Web-Scraper: Web Scraper is a melange of Web tools for web hacking, reconnaissance, bug bounty so on. This tool consists of 20 most used web tools for security assessment
WebHackersWeapons: ⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
ir-rescue: A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
opal: OSCAL Policy Administration Library (OPAL) provides a simple web application for managing System Security Plans. The data modle is based on the OSCAL standard.
arachni-docked: This is a skeleton project for working with Arachni (https://www.arachni-scanner.com/), a web application security scanner framework, in a Docker environment.
Wifi-Sentinel: A service that runs on a Raspberry Pi Zero W to identify and log wifi devices entering your home.
wannaNotes: Markdown Cybersecurity Notes
DeepScan: A simple shell script which utilizes nmap, nikto, dirb, enum4linux and other open source goodies to automate enumeration process.
dheater: D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange.
BITS-v5.5: Behörden-IT-Sicherheitstraining bis v5.5
scapy: Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.
BlockList-Malware: Making Blocklists/blacklists with data from AlienVault Threat Exchange. CC0 1.0 Universal
PENTOL: PENTOL - Pentester Toolkit for Fiddler2
privapi: Detect Sensitive REST API communication using Deep Neural Networks
adversarial-MTSR
AndroidSecNotes: An actively maintained, Self curated notes related to android application security for security professionals, bugbounty hunters, pentesters, reverse engineer, and redteamers.
mythril: Security analysis tool for EVM bytecode. Supports smart contracts built for Ethereum, Hedera, Quorum, Vechain, Roostock, Tron and other EVM-compatible blockchains.
thycotic.secretserver: PowerShell module for automating with Thycotic Secret Server REST API
k8gege.github.io: K8博客
ghaction-container-scan: GitHub Action to check for vulnerabilities in your container image
net.security: Security R package with a set of utils to analyse the different industry standards (MITRE and NIST).
Ethical-Hacking-Labs: Practical Ethical Hacking Labs 🗡🛡
exploit-pattern: generate and search pattern string for exploit development
MixewayOpenVASRestAPI: JAVA Spring-Boot implementation of REST API for OpenVAS Security Vulnerability Scanner. REST API is using gvm-cli in order to communicate with OpenVAS
spring-boot-leaning: Spring Boot 2.X 最全课程代码
cryptic: The official repository of Cryptic
AvArmy: AvArmy is a software for the detection and analysis of vulnerabilities in services and web applications using Machine learning.
rustbuster: A Comprehensive Web Fuzzer and Content Discovery Tool
ExAuth: Authentication/Whitelist system for Roblox [Synapse X]
Wordlists: A collection of wordlists for many different usages.
zap-docked: This is a skeleton project for working with Zap (https://www.zaproxy.org/), a web application security scanner, in a Docker environment.
Reconnoitre: A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
404StarLink: 404StarLink - 推荐优质、有意义、有趣、坚持维护的安全开源项目
browserrecon-asp: Advanced Web Browser Fingerprinting
kscan: Kscan是一款纯go开发的全方位扫描器,具备端口扫描、协议检测、指纹识别,暴力破解等功能。支持协议1200+,协议指纹10000+,应用指纹2000+,暴力破解协议10余种。
SportBruter: A bruteforce script aimed at sending authentication requests to the SportPesa website in an attempt to log in as a user against a supplied set of passwords
subzer0: A tool that scans a list of given domains, and returns the status codes for each domain on both port 80 & 443
Diamorphine: LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)
spoofpoint: Spoofpoint is a domain monitoring tool that allows you to generate a list of domains that are 1 character off of your domain (grahamhelton.com turns into -> grahamheIton.com ((The L is a capital I )), check a list of domains you already have, or check as single domain.
The-Big-List-of-Hacked-Malware-Web-Sites: This repository contains a list of all web sites I come across that are either hacked with or purposefully hosting malware, ransomware, viruses or trojans.
M4nifest0-Payload-Builder: Crypter and downloader rat
ctf-archive-created: CTF problems I have created.
A-Red-Teamer-diaries: RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
Kali_Port_Scanning: NBCU command line implementation of python-portscan
Payload-Guest-With-Icons: Payloads with Icons for Payload Guest by Al Azif - Firmware 9.00
technowlogger: TechNowLogger is Windows/Linux Keylogger Generator which sends key-logs via email with other juicy target info
HITB2020_FSFUZZER: My Material for the HITB presentation
AndroRAT: A Simple android remote administration tool using sockets. It uses java on the client side and python on the server side
G4T13L.github.io: Blog de notas, aportes, writeups o cosas de ciberseguridad que se me ocurra publicar.
fast-security-scanners: Security checks for your researches
Hacking-P-B: the only place u can acquire knowledge
Pwnlab-Security-Resources: Sharing our knowledge and resources in the field of cyber security
Security4Delphi: Enables and use of the concept of security in your Delphi applications
ansvif: A Not So Very Intelligent Fuzzer: An advanced fuzzing framework designed to find vulnerabilities in C/C++ code.
linuxboot: The LinuxBoot project is working to enable Linux to replace your firmware on all platforms.
fileintel: A modular Python application to pull intelligence about malicious files
jexboss: JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool
FairEmail: Fully featured, open source, privacy friendly email app for Android
ICS-Security-Products: Lists of products useful for ICS security
Vulnogram: Vulnogram is a tool for creating and editing CVE information in CVE JSON format
Android-Security-Reference: A W.I.P Android Security Ref
LQMToolset: Flexible framework that allows automation to process cyber threat information and update endpoint defense tools.
xhunter: Remote Administrator Tool [ RAT For Android ] No Port Forwarding
HostHunter: HostHunter a recon tool for discovering hostnames using OSINT techniques.
rekor: Software Supply Chain Transparency Log
goblin: 一款适用于红蓝对抗中的仿真钓鱼系统
cazador_unr: Hacking tools
pwninit: pwninit - automate starting binary exploit challenges
AI-for-Security-Learning: 安全场景、基于AI的安全算法和安全数据分析业界实践
linux-anti-recon: Linux anti-reconnaissance kernel module. Mitigates OS fingerprinting and service detection. Based on "A deception based approach for defeating OS and service fingerprinting" by M. Albanese, E. Battista and S. Jajodia.
wwwordlist: Wwwordlist is a wordlist generator. It extract words from HTML, URLs, JS/HTTP/input variables, quoted texts in the text and mail files.
Ironsquirrel: Encrypted exploit delivery for the masses
android-hosts: This is a small repository that has many different of hosts files with certain use-cases. It's meant to be used with the F-Droid version of Netguard https://github.com/M66B/NetGuard | https://www.netguard.me .
PassBox: Password Management Control Panel
Basic-HTML-Website-Cyber-Security: This website was made during my college presentation and here, I am trying to convey the need for Cyber Security and how to prevent malicious activities through it, and also how to safeguard our children from child predators. It's a really simple and basic HTML, CSS, and JS-based website.
1nternist.github.io: 1nternist's Cydia repository on Github
ownlist: Weekly compilation of offensive security tools and write-ups
halfempty: A fast, parallel test case minimization tool.
secureCodeBox: secureCodeBox (SCB) - continuous secure delivery out of the box
hacking-tool: Social media & camera hacking & whatsapp virus & SMS bombing
memguard: Secure software enclave for storage of sensitive information in memory.
CVE-2019-16759-Vbulletin-rce-exploit: Vbulletin rce exploit CVE-2019-16759
checkMach: checkMach is a shell script to check the security properties of Mach-O executables
Bookmarklet-Hacks-For-School: * READ THE README FOR INFO!! * Incoming Tags- z score statistics,find mean median mode statistics in ms excel,variance,standard deviation,linear regression,data processing,confidence intervals,average value,probability theory,binomial distribution,matrix,random numbers,error propagation,t statistics analysis,hypothesis testing,theorem,chi square,time series,data collection,sampling,p value,scatterplots,statistics lectures,statistics tutorials,business mathematics statistics,share stock market statistics in calculator,business analytics,GTA,continuous frequency distribution,statistics mathematics in real life,modal class,n is even,n is odd,median mean of series of numbers,math help,Sujoy Krishna Das,n+1/2 element,measurement of variation,measurement of central tendency,range of numbers,interquartile range,casio fx991,casio fx82,casio fx570,casio fx115es,casio 9860,casio 9750,casio 83gt,TI BAII+ financial,casio piano,casio calculator tricks and hacks,how to cheat in exam and not get caught,grouped interval data,equation of triangle rectangle curve parabola hyperbola,graph theory,operation research(OR),numerical methods,decision making,pie chart,bar graph,computer data analysis,histogram,statistics formula,matlab tutorial,find arithmetic mean geometric mean,find population standard deviation,find sample standard deviation,how to use a graphic calculator,pre algebra,pre calculus,absolute deviation,TI Nspire,TI 84 TI83 calculator tutorial,texas instruments calculator,grouped data,set theory,IIT JEE,AIEEE,GCSE,CAT,MAT,SAT,GMAT,MBBS,JELET,JEXPO,VOCLET,Indiastudychannel,IAS,IPS,IFS,GATE,B-Tech,M-Tech,AMIE,MBA,BBA,BCA,MCA,XAT,TOEFL,CBSE,ICSE,HS,WBUT,SSC,IUPAC,Narendra Modi,Sachin Tendulkar Farewell Speech,Dhoom 3,Arvind Kejriwal,maths revision,how to score good marks in exams,how to pass math exams easily,JEE 12th physics chemistry maths PCM,JEE maths shortcut techniques,quadratic equations,competition exams tips and ticks,competition maths,govt job,JEE KOTA,college math,mean value theorem,L hospital rule,tech guru awaaz,derivation,cryptography,iphone 5 fingerprint hack,crash course,CCNA,converting fractions,solve word problem,cipher,game theory,GDP,how to earn money online on youtube,demand curve,computer science,prime factorization,LCM & GCF,gauss elimination,vector,complex numbers,number systems,vector algebra,logarithm,trigonometry,organic chemistry,electrical math problem,eigen value eigen vectors,runge kutta,gauss jordan,simpson 1/3 3/8 trapezoidal rule,solved problem example,newton raphson,interpolation,integration,differentiation,regula falsi,programming,algorithm,gauss seidal,gauss jacobi,taylor series,iteration,binary arithmetic,logic gates,matrix inverse,determinant of matrix,matrix calculator program,sex in ranchi,sex in kolkata,vogel approximation VAM optimization problem,North west NWCR,Matrix minima,Modi method,assignment problem,transportation problem,simplex,k map,boolean algebra,android,casio FC 200v 100v financial,management mathematics tutorials,net present value NPV,time value of money TVM,internal rate of return IRR Bond price,present value PV and future value FV of annuity casio,simple interest SI & compound interest CI casio,break even point,amortization calculation,HP 10b financial calculator,banking and money,income tax e filing,economics,finance,profit & loss,yield of investment bond,Sharp EL 735S,cash flow casio,re finance,insurance and financial planning,investment appraisal,shortcut keys,depreciation,discounting
password-generator: Gerador de Senhas gratuito para Desktop (Windows 7 e posterior)
Hunting-Queries-Detection-Rules: Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
Attacker-Group-Predictor: Tool to predict attacker groups from the techniques and software used
fake-admin-honeypot-V1.1: 🍯 New Honeypot Version: 1.2! 🐝 This pH7CMS module is a simple but effective honeypot fake Admin CP for the security of your website. Honeypot for the attackers!
Log4j-RCE: Log4j RCE - (CVE-2021-44228)
cybersecurity-dynamic-analysis: An ongoing & curated collection of awesome vulnerability scanning software, libraries and frameworks, best guidelines and technical resources and most important dynamic application security testing (DAST)
UMUDGA: Domain Generation Algorithm official repository. Please visit the WIKI page for more information
Kong-API-Manager: Kong API Manager with Prometheus And Graylog
Hacktoberfest2020: Submit your samples here :D
Gr33k: 图形化漏洞利用集成工具
ccat: Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.
cybersecurity-red-team: An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Red Team (Offensive) in Cybersecurity.
SAGEMCOM-FAST-5370e-TELIA: This is my personal wiki for hacking the router firmware used by (Sagemcom)F@ast Version 3.43.2 delivered from Sagemcom
memcached: Scan the memcached vulnerability.
pwnKit: pwnKit: Privilege Escalation USB-Rubber-Ducky payload, which exploits CVE-2021-4034 in less than 10sec's and spawns root shell for you.
smart-home-device-cyberattack-detection: This is a collaborative work between Asmau (a Ph.D. research), Thejavathy and Oluwasegun under the supervision of Dr. Jun and Dr. Xiaoqi at Nottingham Trent University, UK.
Sinput: Standards compliant XSS input filtering package for Laravel 6, 7, 8 built on top of the popular HTMLPurifier package.
sack: Identify connection of sessions for social engineering attacks.
kanidm: Kanidm: A simple, secure and fast identity management platform
ExploitableApp: A .NET core project for web based pen testing
werdlists: ⌨️ Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases
Awesome-Ethical-Hacking-Resources: 🔗 All the resources I could find for learning Ethical Hacking and Penetration Testing.
blankspace: Proof of Concept for EFSRPC Arbitrary File Upload (CVE-2021-43893)
webGuard: webGuard is a Web Application Testing tool that helps find security vulnerabilities in your applications.
Anti-Debugging: A collection of c++ programs that demonstrate common ways to detect the presence of an attached debugger.
qualys_parser: CLI tool that parses the csv report from Qualys and gives quick result
awesome-hacking: Awesome hacking is an awesome collection of hacking tools.
CVE-2018-10583: An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by "xlink:href=file://192.168.0.2/test.jpg" within an "office:document-content" element in a ".odt XML document".
Scout: Scout - a Contactless Active Reconnaissance Tool
envkey-node: EnvKey's official Node.js client library
facebook-cracker: Facebook Cracker Version 1.0 can crack into Facebook Database 100% without Interruption By Facebook Firewall
GobyVuls: Vulnerabilities of Goby supported with exploitation.
aws-check-publicly-exposed: Check your EC2 and ELB public exposure.
APAC-Meetups: A community contributed consolidated list of InfoSec meetups in the Asia Pacific region.
Pegasus-samples: Here's samples of android/ios spyware named "Pegasus" made by the NSOGROUP
vpn_killer: Kill any Android VPN in the browser, and expose the client's real IP address.
MassVulScan: Bash script which quickly identifies open network ports and any associated vulnerabilities / Script Bash qui permet d'identifier rapidement les ports réseaux ouverts et les éventuelles vulnérabilités associées.
HolisticInfoSec-For-WebDevelopers-Fascicle0: 📚 Overview 🔒 Tooling 🔒 Process 🔒 Physical 🔒 People 📚
Robber: Robber is open source tool for finding executables prone to DLL hijacking
awesome-ios-security: A curated list of awesome iOS application security resources.
TIWAP: Totally Insecure Web Application Project (TIWAP)
SusCheck: Reveals impostors in Among Us
laravel-url-signer: Create and validate signed URLs with a limited lifetime
nosqlInjector: A nosql automated injection tools for nonrelational guys
Brutegram: Instagram multi-bruteforce Platfrom
ghorg: Quickly clone an entire org/users repositories into one directory - Supports GitHub, GitLab, Bitbucket, and more 🥚
code-injector: Aynı ağ içerisinde , ARP Spoofing saldırısı yapılmış hedef bilgisayarın ziyaret ettiği , HTTP protokolünü kullanan web sitelerine kod enjekte ederek manipüle etmenize yarayan bir script.
LFIscanner: Simple Local File Inclusion (LFI) scanner.
xonsh-cheatsheet: Cheat sheet for xonsh shell with copy-pastable examples. The best doc for the new users.
opensnitch: OpenSnitch is a GNU/Linux port of the Little Snitch application firewall
Susanoo: A REST API security testing framework.
rdroid: [Android RAT] Remotely manage your android phone using PHP Interface
Gngr_remote_keylogger: (On 09/04/2021) Remote Keylogger software has been made for the latest up-to-date "Windows 7, 8 and 10" operatings systems. It managed to circumvent the "Windows Defender" program.
vue-dompurify-html: Safe replacement for the v-html directive
Anti-DDOS: 🔒 Anti DDOS | Bash Script Project 🔒
TegraRcmGUI: C++ GUI for TegraRcmSmash (Fusée Gelée exploit for Nintendo Switch)
TORhunter: Designed to scan and exploit vulnerabilities within Tor hidden services. TORhunter allows most tools to work as normal while resolving .onion
honeyLambda: honeyλ - a simple, serverless application designed to create and monitor fake HTTP endpoints (i.e. URL honeytokens) automatically, on top of AWS Lambda and Amazon API Gateway
dnsbin: The request.bin of DNS request
hackipy: Hacking, pen-testing, and cyber-security related tools built with Python.
om5p-ac-v2-unlocker: Open Mesh OM5P-AC v2 Unlocker (U-Boot 1.1.4 based)
MindAPI: Organize your API security assessment by using MindAPI. It's free and open for community collaboration.
earth-storm: CAS 5.x 服务,提供各种cas-client
Security_Hacking_Scripts: This Repository contains Encryption Algorithms, Ethical Hacking Scripts, Cybersecurity Learning Resources, and Security-Based Projects. Contribute to this repository!!
whoUR: Tool for information gathering, IPReverse, AdminFInder, DNS, WHOIS, SQLi Scanner with google.
FalconOne: FalconOne is an Open Source solution deployed and updated on daily basis to help prevent terror and crime. By using advanced tools, functions and stealth strategies, FalconOne's community is focused on making a friendly and fast solution for effective results.
PHP-Antimalware-Scanner: AMWScan (PHP Antimalware Scanner) is a free tool to scan php files and analyze your project to find any malicious code inside it.
vechain-core-nodes-security-checklist: VeChain core nodes security checklist(唯链核心节点安全执行指南)
helmet: Help secure Express apps with various HTTP headers
PatrowlEngines: PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
yookiterm-slides: Exploitation and Mitigation Slides
SecureBit: SecureBit is a chat client where Security is number one priority. B)
SyntheticSun: SyntheticSun is a defense-in-depth security automation and monitoring framework which utilizes threat intelligence, machine learning, managed AWS security services and, serverless technologies to continuously prevent, detect and respond to threats.
ExtensionSpoofer: Spoof file icons and extensions in Windows
adminexploit: this is the fastest way that you can get admin rights at work,school,etc in only a few seconds
awesome-R-cyber-security: awesome-R-cyber-security
komand-tools: A dedicated repo to interact with the API of Rapid 7 Komand API
Malicious-Urlv5: A multi-layered and multi-tiered Machine Learning security solution, it supports always on detection system, Django REST framework used, equipped with a web-browser extension that uses a REST API call.
bb-tips-tricks: Just Some Tips & Tricks for BB found on the Internet :D
streamalert: StreamAlert is a serverless, realtime data analysis framework which empowers you to ingest, analyze, and alert on data from any environment, using datasources and alerting logic you define.
Shellcode-Extractor: Python script to extract shellcode from linux executables
IsmailScript: Is a tool written by using python programming language. Enable a penetration testers to save a time and performing a full Reconnaissance and Information Gathering on any Web Application Server.
Microsoft-Sentinel-4-SecOps: Microsoft Sentinel 4 SecOps
Google-Dorks-Simplified: Best Resource for learning Google Dorks
PhoneSploit: A tool for remote ADB exploitation in Python3 for all Machines.
TryHackMe-Notes: Learning Cyber Security everyday and I share my notes here!
Olaf-E-commerce-Backend-System: Developed the backend of the Olaf e-commerce application. Allowing users to register in the system and buy,sell products. There is different modules in the system from login and registration to add products, sell products and different kind of services.
Magento-shoplift-python-exploit: Magento shoplift exploit is vulnerability which was discovered by CheckPoint team (http://blog.checkpoint.com/2015/04/20/analyzing-magento-vulnerability/) This python script developed by joren but it was having some bug because of which it was not working properly. If magento version is vulnerable, this script will create admin account with username forme and password forme
What-Is-RESETHACKER: ResetHacker celebrates its 2 year anniversary
PayloadsAllTheThings: A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Spykeyboard: keylogger which sends us the data to our gmail.
pysploit-framework: free exploit framework written use python language version 3.3
icmp-bindshell: Experimental python3.x based ICMP bind shell listener using scapy and windows 'compatible'
security-checker: A Magento 2 wrapper that leverages SensioLabs Security Checker library to checks if our application uses dependencies with known security vulnerabilities
Probe_spider: Probe_Spider is a Open Source Intelligence Tool made complete out of Python.
C2-Pwn: Uses Shodan API to pull down C2 servers to run known exploits on them.
objection: 📱 objection - runtime mobile exploration
CyberSecurity_Conferences: List of some cybersecurity conferences
Speedhack: Speedhack coded in C++, inspired by Cheat Engine's own speedhack.
spicedb: Open source permissions database inspired by Google Zanzibar
tyranoscript_vulnerability: 👻 [PoC] TyranoScript 5.13b - Arbitrary Code Execution (0day)
ioc-scanner: Search a filesystem for indicators of compromise (IoC).
nesca_audit: The Good, the Bad and the Ugly: результаты частичного аудита кода Nesca
secret_agent: An Elixir library to manage secrets
eslint-plugin-security-node: ESLint security plugin for Node.js
ockam: Build Trust with a simple developer experience and powerful primitives that orchestrate end-to-end encryption, key management, authorization policy enforcement, and mutual authentication.
pwn-pulse: Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)
host_security: Red Hat Enterprise Linux 6 & 7 security tool for enumerating security and IT operations-relevant information on a host and forwarding to a SIEM or enterprise syslog server in key='value' format.
TheXFramework: Network/WebApplication Information Gathering, Enumeration and Vulnerability Scanning (Under Development)
ShellShockHunter: It's a simple tool for test vulnerability shellshock
id-obfuscator: A Java library for reversibly obfuscating numerical identifiers (e.g. 1234 ↔ 4TQCNTL)
Scripts-Sploits: A number of scripts POC's and problems solved as pentests move along.
cyber_training_materials: Training materials I've written.
cve-fix-reporter: A Script to find fixes for CVE ids by parsing nvd website and respective git repository log.
kube-psp-advisor: Help building an adaptive and fine-grained pod security policy
Sexeca-FreeVersion: A tool for senecalearning, that gets the answers for the questions, coded in c#
lockphish: Lockphish it's the first tool (07/04/2020) for phishing attacks on the lock screen, designed to grab Windows credentials, Android PIN and iPhone Passcode using a https link.
Active-Directory-Exploitation-Cheat-Sheet: A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
syzkaller: syzkaller is an unsupervised coverage-guided kernel fuzzer
UAficionado: Red Team vs Blue Team. Series of 5 challanges. Are you up for it?
-CVE-2017-9805: Exploit script for Apache Struts2 REST Plugin XStream RCE (CVE-2017-9805)
boreas: Boreas a command line tool to scan for alive hosts
school-of-sre: At LinkedIn, we are using this curriculum for onboarding our entry-level talents into the SRE role.
PolicyGlass: PolicyGlass allows you to analyse one or more AWS policies' effective permissions in aggregate, by restating them in the form of PolicyShards which are always Allow, never Deny.
ByteCog: A way to analyse how malware and/or goodware samples vary from each other using Shannon Entropy, Hausdorff Distance and Jaro-Winkler Distance
caddy: Fast, multi-platform web server with automatic HTTPS
sysmon-modular: A repository of sysmon configuration modules
mitreattack-python: A python module for working with ATT&CK
Croissanted.py: A Python script exploiting Discord's authorization token.
Web-Cache-Vulnerability-Scanner: Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).
reverse-shell-generator: Hosted Reverse Shell generator with a ton of functionality. -- (Great for CTFs)
Packet-Sequence: A tool that can be used to send single or multiple packets in sequences with a lot of packet customization. Can be used as a DoS attack tool for pen-testing purposes and more including network monitoring.
brutemap: Let's find someone's account
PatrowlHearsData: Open-Source Vulnerability Intelligence Center - Unified source of vulnerability, exploit and threat Intelligence feeds
stethoscope-app: A desktop application that checks security-related settings and makes recommendations for improvements without requiring central device management or automated reporting.
gorsh: A Golang Reverse Shell w/ a Tmux-driven psuedo-C2 Interface
VulnFanatic: A Binary Ninja plugin for vulnerability research.
mad-metasploit: Metasploit custom modules, plugins, resource script and.. awesome metasploit collection
frappe: Low code web framework for real world applications, in Python and Javascript
sentinel-attack: Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
BadUSB256: A BadUSB Human Interface Device project that can store and execute 256 scripts at a time.
MonarcAppFO: MONARC - Method for an Optimised aNAlysis of Risks by @CASES-LU
BucketsHunter: A CLI tool to find open buckets, misconfigurations, and dump bucket contents - under dev
inthewilddb: Hourly updated database of exploit and exploitation reports
winafl: A fork of AFL for fuzzing Windows binaries
box-Authorizer: PKApp is used to start, stop and authorise approval flow of authorizer.
shufti: All in one OSINT Framework
AspNetCoreSpa: Asp.Net 5.0 & Angular 13 SPA Fullstack application with plenty of examples. Live demo:
oidc-workshop-spring-io-2019: Workshop at Spring I/O 2019 on "Securing Microservices with OpenID Connect and Spring Security 5.1"
FlameCord: Patches for Waterfall to improve overall performance, fix memory issues and protect against attacks.
spring-break_cve-2017-8046: This is a Java program that exploits Spring Break vulnerability (CVE-2017-8046).
tracee: Linux Runtime Security and Forensics using eBPF
WWWE: 💧 Check your email(s) using popular online services to see if it appears in any data-breach
Simple-CTF-Writeups: CTF Writeups
aws-ecr-continuous-scan: ECR Container Image Re-Scan
hblock: Improve your security and privacy by blocking ads, tracking and malware domains.
kernel-exploits: Various kernel exploits
introspector: A schema and set of tools for using SQL to query cloud infrastructure.
malgazer: A Python malware analysis library.
filterbypass: Browser's XSS Filter Bypass Cheat Sheet
arpspoof: 
arpspoof for macOS - intercept packets on a switched LAN
HEVD_Kernel_Exploit: Exploits pack for the Windows Kernel mode driver HackSysExtremeVulnerableDriver written for educational purposes.
FBI-tools: 🕵️ OSINT Tools for gathering information and actions forensic 🕵️
tfsec: Security scanner for your Terraform code
reveng_rtkit: Linux Loadable Kernel Module (LKM) based rootkit (ring-0), capable of hiding itself, processes/implants, rmmod proof, has ability to bypass infamous rkhunter antirootkit.
Awesome-Hacking-Resources: A collection of hacking / penetration testing resources to make you better!
OpenNetAdmin-RCE: OpenNetAdmin 8.5.14 <= 18.1.1 - Remote Command Execution
cypheroth: Automated, extensible toolset that runs cypher queries against Bloodhound's Neo4j backend and saves output to spreadsheets.
VHostScan: A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
Unified-Cybersecurity-Ontology: Unified Cybersecurity Ontology
stegcloak: Hide secrets with invisible characters in plain text securely using passwords 🧙🏻♂️⭐
doraemon: Command & Control system for Windows written in Python and C++.
dellicious: Enabled / Disable LSA Protection via BYOVD
struts2_cve-2017-5638: This is a sort of Java porting of the Python exploit at: https://www.exploit-db.com/exploits/41570/.
wtf: wtf is a distributed, code-coverage guided, customizable, cross-platform snapshot-based fuzzer designed for attacking user and / or kernel-mode targets running on Microsoft Windows.
secure-pipeline-advisor: Improve your code security by running different security checks/validation in a simple way.
awesome-cybersecurity-blueteam-cn: 网络安全 · 攻防对抗 · 蓝队清单,中文版
vuln-scanner-flask: A flask web app made for scanning vulnerabilites on a website, network exploitation, reconnaissance
reconspider: 🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.
xmir-patcher: Firmware patcher for Xiaomi routers
pillager: Pillage filesystems for sensitive information with Go 🔍
SlowLoris: Asynchronous Python implementation of SlowLoris DoS attack
klustair-helm: Helm chart do deploy klustair with anchore
omsp: Open Mobility Security Project is an open source project dedicated to standardize a framework of technical controls to evaluate security in all types of vehicles.
CVE-2020-3153: POC code for CVE-2020-3153 - Cisco anyconnect path traversal vulnerability
hostedscan-api-examples: HostedScan Security API examples.
CVenom: CVenom is An Ultra Easy-To-Use Cross-Platform Malware Development Framework For Advanced Malware Development
h1st: Power Tools for AI Engineers With Deadlines
kerma: demi2.0
T-LOAD
kaudit: Alcide Kubernetes Audit Log Analyzer - Alcide kAudit
ail-feeder-leak: AIL LeakFeeder: A Module for AIL Framework that automate the process to feed leaked files automatically
openvas-up: Levels up scripting OpenVAS
HackAllTheThings: Cheatsheets, References, and notes on various red teaming/pentesting topics.
stunner: Stunner is a tool to test and exploit STUN, TURN and TURN over TCP servers.
code6: 码小六 - GitHub 代码泄露监控系统
invenio: 🔎 Cve-scanner and vulnerability scanner for local-hosting and local/web-wide scanning
ccd-signal-injection-attacks: Source code to execute signal injection attacks against CCD image sensors
Zero-attacker: Zero-attacker is an multipurpose hacking tool with over 24 tools like token-gen, ddos and more (code public in sometime)
python-injector: A Python runtime code injector written in C++. Abandoned 2012.
APISecurityBestPractices: Resources to help you keep secrets (API keys, database credentials, certificates, ...) out of source code and remediate the issue in case of a leaked API key. Made available by GitGuardian.
converged-security-suite: Converged Security Suite for Intel & AMD platform security features
Android-Exploits: A collection of android Exploits and Hacks
AttackSurfaceManagement: Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty
i-Haklab: i-Haklab is a hacking laboratory for Termux that contains open source tools for pentesting, scan/find vulnerabilities, explotation and post-explotation recommended by Ivam3 with automation hacking commands and many guides and tutorials to learn use it.
slsa-provenance-action: Github Action implementation of SLSA Provenance Generation
lemmeknow: The fastest way to identify anything!
unicorn: Unicorn CPU emulator framework (ARM, AArch64, M68K, Mips, Sparc, PowerPC, RiscV, S390x, TriCore, X86)
jsubfinder: jsubfinder searches webpages for javascript & analyzes them for hidden subdomains and secrets (wip).
Incident-Playbook: GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]
xiringuito: SSH-based "VPN for poors"
bluemaho: BlueMaho is GUI-shell (interface) for suite of tools for testing security of bluetooth devices. It is freeware, opensource, written on python, uses wxPyhon. It can be used for testing BT-devices for known vulnerabilities and major thing to do – testing to find unknown vulns. Also it can form nice statistics.
Anomaly-Detections-Apache-Spark: This solution performs Anomaly Detection with Statistical Modeling on Spark. The detection is based on Z-Score calculated on cpu usage data collected from servers.
iOS-Debug-Hacks: 🎯 Advanced debugging skills used in the iOS project development process, involves the dynamic debugging, static analysis and decompile of third-party libraries. iOS 项目开发过程中用到的高级调试技巧,涉及三方库动态调试、静态分析和反编译等领域
nginxconfig.io: ⚙️ NGINX config generator on steroids 💉
SSH-tunneling-internal: Scripts to assist in deploying virtual ethernet adapter and ssh tunneling for vulnerability scanning/ penetration testing
wordlistgen: Quickly generate context-specific wordlists for content discovery from lists of URLs or paths
the-bastion: Authentication, authorization, traceability and auditability for SSH accesses.
cve-2016-1764: Extraction of iMessage Data via XSS
attack-control-framework-mappings: Security control framework mappings to MITRE ATT&CK provide a critically important resource for organizations to assess their security control coverage against real-world threats and provide a bridge for integrating ATT&CK-based threat information into the risk management process.
topscan: Web Vulnerability Scanner.
hack-technicolor: Hacking Technicolor Gateways wiki repository
Ethlint: (Formerly Solium) Code quality & Security Linter for Solidity
gateCracker
CVE-2021-44228-PoC-log4j-bypass-words: 🐱💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks
Infosec-and-Hacking-Scripts: 🚀 This is a collection of hacking and pentesting 🧐 scripts to help with enumeration, OSINT, exploitation and post exploitation automated scripts to make work easier. Have fun!😎
graphqlInjector: A graphQl Injector for REST in peace guys
KeychainCracker: macOS keychain cracking tool
black-hat-rust: Applied offensive security with Rust - https://kerkour.com/black-hat-rust
GEVAUDAN: Exploit for Red Hat / GlusterFS CVE-2018-1088 & CVE-2018-1112, featured @ DEFCON 26, Las Vegas!
who_and_what_to_follow: Who and what to follow in the world of cyber security
tjson.js: JavaScript-compatible implementation of Tagged JSON (TJSON), written in TypeScript.
OSINT-SAN: OSINT-SAN Framework дает возможность быстро находить информацию и деанонимизировать пользователей сети интернет.
CVE-2020-7931: Hacking Artifactory with server side template injection
cve-scanner-exploiting-pocs
Zilcorili
openpyn-nordvpn: Easily connect to and switch between, OpenVPN servers hosted by NordVPN on Linux (+patch leakes)
aardvark: Aardvark is a multi-account AWS IAM Access Advisor API
CVE-2019-10149: CVE-2019-10149 : A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.
nero-phishing-server: An full HTTP server for Phishing. Downloads recursively the entire webpage.
AutoPentest: A system for automation of the penetration testing procedure. Master's thesis work
CloudScraper: CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.
ImgBackdoor: Hide your payload into .jpg file
kravatte: Implementation of Kravatte Encryption Suite
t14m4t: Automated brute-forcing attack tool.
lempo: LEMPO (Ldap Exposure on POrtainer) is an exploit for CVE-2018-19466 (LDAP Credentials Disclosure on Portainer). Featured @ DevFest Siberia 2018
chainsaw: Rapidly Search and Hunt through Windows Event Logs
openvas-light: A dockerized version of openvas and totally independent of the greenbone stack.
hmac-timing-attacks: HMAC timing attack's w/ statistical analysis
titanm: This repository contains the tools we used in our research on the Google Titan M chip
Crash-Call-Discord: Crash discord dm / group vocal
Hunter-Toolkit: Hunter-Toolkit Pentesting Assistant: Information Gathering And More.
Cascade: Cascade - Dataflow graphing and analysis for C#
shynet: Modern, privacy-friendly, and detailed web analytics that works without cookies or JS.
soos-ci-analysis-circleci-orb: SOOS SCA for CircleCI
uokoo_exploit: Post-Auth RCE & Persistence on UOKOO Security Cameras
cycat-service: CyCAT.org API back-end server including crawlers
Resources-for-Beginner-Bug-Bounty-Hunters: A list of resources for those interested in getting started in bug bounties
Windows-Event-Monitor: Python 3-based multithreaded Windows Event monitoring program
FakeUSB: Make your own BadUSB device!
dionaea: Home of the dionaea honeypot
Make-It-Burn: Colección de herramientas y scripts enfocados al Red-Team y CTFs
GetMeUacPerms: this will be deleted when its patched
KeyLy: A powerfull and awesome Keylogger(Your keyboard and your mouse) realy helpfull for hackers! :-P (C/C++)
cherrybomb: Stop half-done API specifications! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by validating your API specifications.
paypalsocialengineering: Uma ferramenta simples , de fácil instalação e bem desenvolvida com o objetivo de facilitar a prática em ambiente de pentesting o acesso a contas PayPal
bypassjqueryrealpersoncaptcha: A Chrome Plugin to Bypass jQuery Real Person Captcha
CVSS_Calculator: CVSS Calculator - a burp suite extension for calculating CVSS v2 and v3.1 scores of vulnerabilities.
Tor2web: Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers
Niko: Small crash client base for retarded(german) people who steal other people's code.
BAF: winx86 Stack-Based Buffer Overflow Scanner
aws-least-privilege: Use AWS X-Ray to reach Least Privilege
evillimiter-windows: Tool that limits bandwidth of devices on the same network without access.
Docx-Exploit-2021: This docx exploit uses res files inside Microsoft .docx file to execute malicious files. This exploit is related to CVE-2021-40444
MixewayScanner: Mixeway Scanner is Spring Boot application which aggregate integration with number of OpenSource Vulnerability scanners - both SAST and DAST types
search_vulns: Search for known vulnerabilities in software using software titles or a CPE 2.3 string
PcapXray: ❄️ PcapXray - A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction
Auditr: A utility for auditing C code for vulnerabilities.
OWASP-Risk-Assessment-Calculator: This Risk Rating Calculator is based on OWASP's Risk Rating Methodology
BSOD-Trigger
CVE-2019-0708-Tool: A social experiment
Seth: Perform a MitM attack and extract clear text credentials from RDP connections
MyBBscan: Scans plugins directory for possible vulnerable plugins.
zbn: 安全编排与自动化响应平台
heimdall-framework: USB threat evaluation framework for Linux
SharpSQLPwn: C# tool to identify and exploit weaknesses within MSSQL instances in Active Directory environments
autovpn: Create On Demand Disposable OpenVPN Endpoints on AWS.
fireELF: fireELF - Fileless Linux Malware Framework
kaminsky_exploit: Tool to exploit the Kaminsky DNS vulnerability
wildzarek.github.io: Artículos sobre ciberseguridad, hacking ético, resolución de CTFs, programación y mucho más.
blue_hydra: Blue Hydra
browserrecon-php: Advanced Web Browser Fingerprinting
IoT-Network-Intrusion-Detection-System-UNSW-NB15: Network Intrusion Detection based on various machine learning and deep learning algorithms using UNSW-NB15 Dataset
Android_Hacking: All things Android | Happy New Year 🎉 2022️⃣!
chef-cis-tomcat-hardening: (WIP) Chef recipe for hardening tomcat 8 to the CIS Tomcat Benchmark v1.0.1
V3n0M-Scanner: Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
KeyLogger: This Advanced Keylogger is much more than a Keylogger. This keylogger includes more features other than just keylogging. This program is capable of Recording Keystrokes, Takes Screensnaps, Records Audio, Cracks System Configurations, Records data copied in Clipboard, Sends all the above data via E-mail.
CVE-2019-12594: This is a PoC for CVE-2019-12594, a vulnerability in DOSBox 0.74-2.
programming-challenges: Algorithmic, Data Structures, Frontend and Pentest - Programming challenges and competitions to improve knowledge.
RHEL7-CIS: Ansible role for Red Hat 7 CIS Baseline
infosec-startups: This repo contains list of all cybersecurity around the India. It has core hugo files for infosec-startups.github.io website for sending PR to add more links
hijagger: Checks all maintainers of all NPM and Pypi packages for hijackable packages through domain re-registration
graph-fraud-detection-papers: A curated list of fraud detection papers using graph information or graph neural networks
secrets-web: Not Yet Another Password Manager self-hosted Web app written in Go using libsodium
SecBERT: pretrained BERT model for cyber security text, learned CyberSecurity Knowledge
PXEnum: A shell script that automatically performs a series of NIX enumeration tasks.
overkill: QNAP N-Day (Probably not CVE-2020-2509)
goHackTools: Hacker tools on Go (Golang)
richelieu: List of the most common French passwords
Vault-7: A Public available archive of the leaked Vault 7 archive files
CVE-2020-0796: local exploit
packet-maze-example: 🔀 📕Example R project for the CyberDefenders Packet Maze e-book walkthrough
AllHackingTools: ALL HACKING TOOLS IN ONE REPO
docker-volatility: Volatility Dockerfile
puffgo: A go package implementing a simple logic-bomb.
vsftpd-3.0.3-DoS: vsftpd 3.0.3 Exploit - Remote Denial of Service
SecPump: A wireless infusion pump system workbench for security research
Standard-Keylogger: A simple, small in size and portable keylogger for Windows XP/Vista/7/8/10/11 that doesn't require .NET Framework.
encrypted-list: EncryptedList 2.0 - Collective List of Products & Services that Offer Zero-Knowledge or End-to-End Encryption.
RubyFu: Rubyfu, where Ruby goes evil!
codeclimate-rubocop: Code Climate Engine for Rubocop
HacKingPro: HacKingPro - Hack Like A Pro !
MrKaplan: MrKaplan is a tool aimed to help red teamers to stay hidden by clearing evidence of execution.
batchql: GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations
subshot: 🐛 Screenshot subdomains w/ Sublist3r.
HellRaiser: Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.
Cloak-And-Dagger: An overlay attack example
security-guide-for-developers: Security Guide for Developers (实用性开发人员安全须知)
kubestriker: A Blazing fast Security Auditing tool for Kubernetes
Multi-Client-Reverse-Shell: A multi-client reverse shell that allows multiple connections from target computers || Hedef bilgisayarlardan gelen birden fazla bağlantıya izin veren çoklu istemcili reverse shell.
LambdaGuard: AWS Serverless Security
SecurityManageFramwork: Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.
box-appServer: The Staff-Manager App Server for Enterprise Token Safe BOX
OhMyDoS: ⛔ Console application abusing Wordpress API called XML-RPC and its functions with aim of Denial-of-Service.
EventTranscriptParser: Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)
openmz: OpenMZ, a security kernel for RISC-V targeting secure coprocessors and secure embedded systems.
metasploit-cheat-sheet: Metasploit Cheat Sheet 💣
Angora: Angora is a mutation-based fuzzer. The main goal of Angora is to increase branch coverage by solving path constraints without symbolic execution.
Awesome-Deep-Graph-Anomaly-Detection: Awesome graph anomaly detection techniques built based on deep learning frameworks. Collections of commonly used datasets, papers as well as implementations are listed in this github repository. We also invite researchers interested in anomaly detection, graph representation learning, and graph anomaly detection to join this project as contributors and boost further research in this area.
cpwntools: Fast, portable implementations for exploit development in C.
TFM: Resolución y explicación de Cap y Seal (HTB)
envkey-python: EnvKey's python library. Protect API keys and credentials. Keep configuration in sync.
spike_detector: Tool to detect unusually high CPU usage (as in harmful cryptojacking)
iblessing: iblessing is an iOS security exploiting toolkit, it mainly includes application information gathering, static analysis and dynamic analysis. It can be used for reverse engineering, binary analysis and vulnerability mining.
samaritan: Samaritan clone from the hit CBS T.V. show, Person of Interest.
aws-recon: Multi-threaded AWS inventory collection tool with a focus on security-relevant resources and metadata.
discord-bugs-exploits: A Collection of Various Discord Bugs, Exploits, Un-Documented Parts of the Discord API, and Other Discord Related Miscellaneous Stuff.
ThreatReportExtractor: Extracting Attack Behavior from Threat Reports
athena-iso: Athena is a Arch Linux-based distro focused on Cybersecurity. Learn, practice and enjoy with any hacking tool!
sops: Simple and flexible tool for managing secrets
WebHackingNotes: RECON Notes taking from every fucking book about bugbounty and web-app penetration testing exists
urchin: 🐚💥 Python socket remote shell that lets you connect to others computers through the shell when they run the client.
bpfd: Framework for running BPF programs with rules on Linux as a daemon. Container aware.
pyKeylogger: A Python-based Keylogger that can track your keystrokes, clipboard text, take screenshots at regular intervals, and records audio. It sends the data as SMS to the target phone number using Twilio.
Secode: Static Code Analyzer For Scanning Insecure Functions In The Given C++ Code
Crascan: Crascan is a simple LFI, RFI, RCE, and Joomla Components vulnerability scanner.
logback: 💡 SpringBoot+Spring Security基本配置
sense-hacker: This game is developed in vanilla js. This project won 2nd prize in Merge Intern's Hack You Hackathon 🎉
Vigenere: This small C-program is able to encrypt and decrypt simple textfiles using Vigenere algorithm.
CVE-2021-3317: CVE-2021-3317
MAOYYK2018: Mustafa Akgül Özgür Yazılım Yaz Kampı 2018 - Ağ Güvenliği ve Denetimi Kursu Notları
honggfuzz: Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based)
Doxxer-Toolkit: Todo lo necesario que un doxxer debe de tener siempre a mano
dbuster-pro: Dbuster-pro is a beta open-source hacking tool for scanning directories in the websites!
command-injection-payload-list: 🎯 Command Injection Payload List
mercator: Cartographie du système d'information / Mapping the information system
RVD: Robot Vulnerability Database. An archive of robot vulnerabilities and bugs.
WhatsPayloadRCE: Whatsapp Automatic Payload Generator [CVE-2019-11932]
openvpn3: OpenVPN 3 is a C++ class library that implements the functionality of an OpenVPN client, and is protocol-compatible with the OpenVPN 2.x branch.
Python-RAT: Remote Administration tool for Windows Systems written in pure Python
assimilation-official: This is the official main repository for the Assimilation project
evilgrade: Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates.
Exploit-jpg: Vulnerability Disclosure Timeline Closer inspection of the Exploit JPG content reveals the malicious link as well as the URL Download and Execute of the tool used to generate the Exploit JPG from Python encrypted code content which we also implement in couple of our builders.Silent JPG Exploit There are multiple Exploit JPG in Silent JPG Exploit…
DiabHack: The definitive Diablo 1 hacking program
encryption-decrypted: How does RSA Work, who was Diffie Hellman? I need this for my Finals, feel free to use on your own risk
virtualseccons: An ongoing list of virtual cybersecurity conferences.
Gallery-Pole-Vault: Android Gallery Vault PoC Exploit
mikrotik-fail2ban
hackerpro: All in One Hacking Tool for Linux & Android (Termux). Make your linux environment into a Hacking Machine. Hackers are welcome in our blog
gvmd: Greenbone Vulnerability Manager - The database backend for the Greenbone Community Edition
criptografia-arquivos: A ideia deste projeto é desenvolver um sistema que permite usuários gravarem dados em um servidor não confiável. O servidor não deve ser capaz de observar os dados enviados por usuários e também não deve ser capaz de corromper os arquivos enviados sem que isto seja notado. O sistema deve permitir a coexistência de diferentes usuários que podem compartilhar arquivos entre si. Para cada arquivo deve ser possível controlar o conjunto de usuários que podem ler e/ou escrever para aquele arquivo.
TimeLapse: A time lapse app for Sony Alpha camera using the OpenMemories framework
limitrr-php: Better PHP rate limiting using Redis.
Peergos: A p2p, secure file storage, social network and application protocol
hacker101: Source code for Hacker101.com - a free online web and mobile security class.
Kissing-Bug: This is a combination of a hacking and a cracking tool.
API-Security-Checklist: Checklist of the most important security countermeasures when designing, testing, and releasing your API
VanakkamNanbaFW: ;-P
go-hash: Small utility to store secret information like passwords.
adsimulator: A realistic simulator of Active Directory domains
starboard: Moved to https://github.com/aquasecurity/trivy-operator
Jira-Lens: Fast and customizable vulnerability scanner For JIRA written in Python
zaproxy-automation: This is a collection of ZAProxy Automation Tools and scripts to automate security tests of WEB Applications and WEB Sites
Stowaway: 👻Stowaway -- Multi-hop Proxy Tool for pentesters
secure-webhosting-infra: WordPress, security, speed, backuping, webhosting, and tuned Apache2.4 server with php-fpm, chroot and other stuff.
suricata-rules: Suricata IDS rules 用来检测红队渗透/恶意行为等,支持检测CobaltStrike/MSF/Empire/DNS隧道/Weevely/菜刀/冰蝎/挖矿/反弹shell/ICMP隧道等
CVE-2020-29134: Exploit CVE-2020-29134 - TOTVS Fluig Platform - Path Traversal
Blue-Team-Notes: You didn't think I'd go and leave the blue team out, right?
buji-pac4j: pac4j security library for Shiro: OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
AnsiblePlaybooks: A collection of Ansible Playbooks that configure Kali to use Fish & install a number of tools
tp_link_gdpr: Breaking TP-Link's attempt at GDPR compliance
MISP: MISP (core software) - Open Source Threat Intelligence and Sharing Platform
gensec: General Security Utilities for Linux
PatrowlManager: PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
neoblox: A level 7 keyless Lua executor for Roblox. Free, forever!
websocket-connection-smuggler: websocket-connection-smuggler
IDORD: The only IDOR Vulnerablitiy detection tools ever.
jarbou3: Jarbou3 is rat tool coded in python with C&C which can accept multiple connections from clients
security-bulletins: Security Bulletins that relate to Netflix Open Source
ADPWN: Useful Windows and AD tools
gvm-install-script: An unofficial script to install GVM alias OpenVAS.
hiddenwave: An Audio Steganography Tool, written in C++
ppmap: A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.
openredscan: Multifunctional open redirection vulnerability scanner.
find-gh-poc: Find CVE PoCs on GitHub
log4shell-looker: log4jshell vulnerability scanner for bug bounty
ggtfobins: Get GTFOBins info about a given exploit from the command line
teleport: Certificate authority and access plane for SSH, Kubernetes, web apps, databases and desktops
SmartBatteryHack: Arduino based hacking tool for smart batteries using SMBus.
cybersecurity-malware-analysis: A collection of Malware Analysis software, materials, libraries, documents, books, resources about malware analysis in Cybersecurity.
meshbird: Distributed private networking
reosploit: A Tool that Finds, Enumerates, and Exploits Reolink Cameras.
spectre_meltdown: Meltdown and Spectre : CPU vulnerabilities — Explained and Exploited
railsgoat: A vulnerable version of Rails that follows the OWASP Top 10
ambiguous-png-packer: Craft PNG files that appear completely different in Apple software [NOW PATCHED]
browser-creds: recover Firefox and more browsers logins
ez-pwnkit: Go implementation of the PwnKit Linux Local Privilege Escalation exploit (CVE-2021-4034)
TotalPass: Default password scanner. 默认密码扫描器
Teardroid-phprat: 🇮🇳 🤖 It's easy to use android botnet work without port forwarding, vps and android studio
cve-2020-27358-27359: CVE-2020-27358 and CVE-2020-27359
AppInfoScanner: 一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具,可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如:Title、Domain、CDN、指纹信息、状态信息等。
WitnessMe: Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.
cics-java-liberty-loans-and-scoring: Sample materials for the article "Using the Liberty JWT Feature with CICS" that illustrate how CICS and Liberty for z/OS capabilities can be used to handle JSON Web Token (JWT)
HTP: Hack The Printer
The-Awesome-And-Dangerous-collection
fuxi: Penetration Testing Platform
Instabruteforce: hacking-tool termux-tools termux noob-friendly instagram-bot bruteforce-password-cracker wordlist-technique
robot_hacking_manual: Robot Hacking Manual (RHM). From robotics to cybersecurity. Papers, notes and writeups from a journey into robot cybersecurity.
Forum-de-cursos: Aplicação desenvolvida com o curso da alura Spring-boot-seguranca-cache-monitoramento
sploitfun-linux-x86-exp-tut-zh: 📖 [译] SploitFun Linux x86 Exploit 开发系列教程
charlas-ciberseguras: Charlas / Conferencias de hacking y seguridad informática en español
PseudoROX.github.io: PseudoROX cybersecurity opensource project website.
snoop: Snoop — инструмент разведки на основе открытых данных (OSINT world)
Slacker: Slacker makes navigating tools while focusing on a single target quicker, and easier with global targeting and preset tool functionality, as well as optional custom argument input.
nocom-explanation: block game military grade radar
Asnlookup: Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.
orbot: The Github home of Orbot: Tor on Android (Also available on gitlab!)
wprecon: WPRecon, is a tool for the recognition of vulnerabilities and blackbox information for wordpress.
rdp0708scanner: cve-2019-0708 vulnerablility scanner
envchain: Environment variables meet macOS Keychain and gnome-keyring <3
Exploit-Slient-Doc-Pdf: ulnerability Disclosure Timeline Closer inspection of the Exploit PDF content reveals the malicious link as well as the URL Download and Execute of the tool used to generate the Exploit PDF from Python encrypted code content which we also implement in couple of our builders. Silent PDF Exploit silent-pdf-exploit-2018silent-pdf-exploit-2018 Silen…
Miner: Local Privilege Escalation Miner
wholeaked: a file-sharing tool that allows you to find the responsible person in case of a leakage
second-order: Second-order subdomain takeover scanner
opencti: Open Cyber Threat Intelligence Platform
mobile-heavy-artillery: 🔥Ready, Aim, Fire.🔥
netauditor: Mirror repository of https://gitlab.gast.it.uc3m.es/schica/netauditor
Whaler: Program to reverse Docker images into Dockerfiles
container.binwalk: Project that Leverages Packer to Produce a Docker Container w/ binwalk and its Dependencies
EvtXHunt: EvtXHunt is an Autopsy plugin that is able to analyze Windows EVTX logs against a library of SIGMA rules.
DevSecOpsGuideline: The OWASP DevSecOps Guideline can help us to embedding security as a part of the development pipeline.
RECON-SCANNER: Recon scanner is a web crawling and vulnerability scanning tool. Available modules: whoIs, subdomain scanner, port scanner, directory traversal finder, xss finder.
cybersecurity-interview-questions: Security interview questions with possible explanation
G-Unsicherheit: G-Unsecure
httpsuite: A toolkit for web reconnaissance, it's fast and easy to use.
Fuzzing101: An step by step fuzzing tutorial. A GitHub Security Lab initiative
wp-api-exploit-v4.7.0-v4.7.1: WordPress 4.7.0-4.7.1 REST API Post privilege escalation / defacement exploit
MBF-HACK: gunakan dengan bijak
wallnet
saractl: saractl is the userspace counterpart of the S.A.R.A. LSM.
w13scan: Passive Security Scanner (被动式安全扫描器)
anonfiles: Share Files More Anonymously Than Ever...
TITANIC-DATASET-ANALYSIS: Kaggle Titanic Challenge link: https://www.kaggle.com/c/titanic-gettingStarted
Advanced-Penetration-testing: A Step by Step Penetration Testing Sheet for Cyber Security Experts
Python-Nikto-Vulnerability-Report-Tool: Nikto Vulnerability Report Tool 🌌
hawk: Network, recon and offensive-security tool for Linux.
intrigue-ident: Application and Service Fingerprinting
Valkyrie: Another OSINT tool
BlooketHack: One of the First Blooket hacks online.
VanCleef: Exploit for CVE-2019-11881 (Rancher 2.1.4 Web Parameter Tampering)
joomscan: OWASP Joomla Vulnerability Scanner Project
PwnLnX: An advanced multi-threaded, multi-client python reverse shell for hacking linux systems. There's still more work to do so feel free to help out with the development. Disclaimer: This reverse shell should only be used in the lawful, remote administration of authorized systems. Accessing a computer network without authorization or permission is illegal.
recommendations-for-engineers: All of my recommendations for aspiring engineers in a single place, coming from various areas of interest.
wingkalabs: Wingkalabs (Linux) Wingkalabs es una máquina Virtual Linux intencionalmente vulnerable. Esta máquina virtual se puede utilizar para realizar entrenamientos de seguridad, probar herramientas de seguridad y practicar técnicas comunes de pruebas de penetración.
cloudlist: Cloudlist is a tool for listing Assets from multiple Cloud Providers.
click-click: click-click is a python script to quickly scan for clickjacking vulnerability in a given list of URLs
lyncsmash: locate and attack Lync/Skype for Business
ns3-cybersecurity-simulations: Collection of Common Cybersecurity Scenarios/Simulations in NS3 w/ NetAnim.
pocassistdb: database of pocassist(漏洞库)
argus: Argus Advanced Remote & Local Keylogger For macOS and Windows
RainbowAttack: C++ application that cracks password using a Rainbow Table
RedTeam_toolkit: Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together.
dronesploit: Drone pentesting framework console
OpenEMR-RCE: OpenEMR <= 5.0.1 - (Authenticated) Remote Code Execution
manifest: The WooKey project manifest repository, use repo init -u https://github.com/wookey-project/manifest.git
Vaile: Metasploit-like pentest framework derived from TIDoS (https://github.com/0xInfection/TIDoS-Framework)
ThreatMapper: 🔥 🔥 Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more. 🔥 🔥
eth_keyfun: A small tool to bruteforce weak ethereum private keys and more
cod-steamauth-rce
SELKS: A Suricata based IDS/IPS/NSM distro
OSCP-Notes-Template: A template Obsidian Vault for storing your OSCP revision notes
Cam-Hackers: Hack Cameras CCTV FREE
emba: EMBA - The firmware security analyzer
GitLab-11.4.7-RCE: POC for GitLabs Authenticated RCE in version 11.4.7 community edition
hostintel: A modular Python application to collect intelligence for malicious hosts.
OSINTBookmarks: OSINT Bookmarks for Firefox / Chrome / Edge / Safari
CTI-Lexicon: Dictionary of CTI-related acronyms, terms, and jargon
dexcalibur: [Official] Android reverse engineering tool focused on dynamic instrumentation automation leveraging Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform.
findbugs-security-docker: FindBugs + Find Security Bugs -plugin in Docker image
sliver-gui: A Sliver GUI Client
ggshield-action: GitGuardian Shield GitHub Action - Find exposed credentials in your commits
the-hacking-trove: The hacker technical cheat sheet
nim-firejail: Firejail wrapper for Nim, Isolate your Production App before its too late!
security_review: Drupal 8 port of the Security Review module for GSoC 2015
certera: A central validation server for Let's Encrypt certificates
AutoGadgetFS: USB testing made easy
CVE-2021-21123-PoC-Google-Chrome: 🐱💻 👍 Google Chrome - File System Access API - vulnerabilities reported by Maciej Pulikowski | Total Bug Bounty Reward: $5.000 | CVE-2021-21123 and 5 more...
the-practical-linux-hardening-guide: This guide details creating a secure Linux production system. OpenSCAP (C2S/CIS, STIG).
Yazilarim: Geçmiş zamanlarda yazdığım yazılar. Siber güvenlik, Rootkit, Analiz, Bot Network, DDoS, DoS , Phishing , Exploit ...v.s...
cloudmarker: Cloud security monitoring tool and framework
CVE-2019-8449: CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4
IoTVulnerabilityScanner: An interactive IoT vulnerability scanner.
MalwareGallery: Malware Gallery. Yet another malware collection in the Internet.
mimiRust: MimiRust - Hacking the Windows operating system to hand us the keys to the kingdom with Rust.
nodejsscan: nodejsscan is a static security code scanner for Node.js applications.
MS17-010: MS17-010
Chaya: Advance Image Steganography
php-casbin: An authorization library that supports access control models like ACL, RBAC, ABAC in PHP .
pwn2exploit: all mine papers, pwn & exploit
webstor: A script to quickly enumerate all websites across all of your organization's networks, store their responses, and query for known web technologies, such as those with zero-day vulnerabilities.
getroot: 🛠️ Tool to bypass my school's security system to get sudo privileges on MacOS
OSCP-Human-Guide: My own OSCP guide
swifty: 🔑 Free Offline Password Manager
CVE-repository: 🪲 Repository of CVE found by OCD people
fim: FIM is an Open Source Host-based file detection tool that performs file system analysis, file integrity checking and real time alerting.
git-dumper: A tool to dump a git repository from a website
privacy.sexy: Open-source tool to enforce privacy & security best-practices on Windows and macOS, because privacy is sexy 🍑🍆
Explib: Explib: Collections of poc and exp.
incident_alarm: An alarm written in Python to sniff a pcap file or live interface for NULL, XMAS, FIN, SMB, and Nikto scans. Detects plaintext credentials sent over IMAP, FTP, and HTML protocols.
Addon: ClearURLs is an add-on based on the new WebExtensions technology and will automatically remove tracking elements from URLs to help protect your privacy.
ArchStrike: An Arch Linux repository for security professionals and enthusiasts. Done the Arch Way and optimized for i686, x86_64, ARMv6, ARMv7 and ARMv8.
BinAbsInspector: BinAbsInspector: Vulnerability Scanner for Binaries
plexiglass: A PyTorch toolbox for adversarial attack and deepfake detection research.
ForceReset: Simple Tool to Temp Disable Discord Accounts | Force them to Reset their password
cti-stix-diamond-activity-attack-graph: STIX 2.1 Visualizer, Attack and Activity Thread Graph for Threat Modeling
DeimosC2: DeimosC2 is a Golang command and control framework for post-exploitation.
ManageEngineFileUploadExploit: POC script for the ManageEngine Multiple Products Authenticated File Upload Exploit
unipacker: Automatic and platform-independent unpacker for Windows binaries based on emulation
certonid: Certonid is a Serverless SSH Certificate Authority
Mass-exploit-CVE-2022-29464: Mass Exploit for CVE 2022-29464 on Carbon
CVE-2022-23808: phpMyAdmin XSS
seccubus: Easy automated vulnerability scanning, reporting and analysis
go-cpe: A Go library for CPE (A Common Platform Enumeration 2.3)
SwissArmyPi: A set of utility/tools to make Raspberry Pi [Zero W] into Swiss Army Knife
terrascan: Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
openvas-scanner: This repository contains the scanner component for Greenbone Community Edition.
log4j-scanner: log4j-scanner is a project derived from other members of the open-source community by CISA to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities.
ATutor-2.2.4-Language-Exploit: ATutor 2.2.4 Arbitrary File Upload / RCE (CVE-2019-12169)
securitytools: Tools created under this repo are general-purpose tools for cyber-security beginners to check the prototype and flow of any enterprise-level software and implementation, providing the same
CVE-2022-24124: POC for CVE-2022-24124
bWAPP: Most vulnerable PHP website to carry pentesting.
SSI_Extra_Materials: In my computer security course we make extensive usage of cheatsheets for various tools and extra materials to complement the student learning if they are willing to do so. I have decided to share them to enable others to take advantage of these materials
Apache-OFBiz-XXE: XXE injection (file disclosure) exploit for Apache OFBiz < 16.11.04
free-security-resources: 安全总是无处不在...
sodium_compat: Pure PHP polyfill for ext/sodium
Snort_Log_Server: A tool for simplifying network administration. Gets log messages from Snort IDS, processes them, classifies them as either THREAT / NOT_THREAT then creates a pop up window incase of a threat.
hacker-scripts: ⛷ A collection of hacker scripts.
codecat: CodeCat is an open-source tool to help you find/track user input sinks and security bugs using static code analysis. These points follow regex rules. Beta version.
aws-well-architected-labs: Hands on labs and code to help you learn, measure, and build using architectural best practices.
exploit-CVE-2014-6271: Shellshock exploit + vulnerable environment
CCSC-CTF-2020: All challenges for the CCSC 2020 CTF
xxUSBSentinel: Windows anti-forensics USB monitoring tool.
SecurityDriven.Inferno: ✅ .NET crypto done right. Professionally audited.
OSINT-SearchOperators
cipher4j: Pure Implementations for encryption algorithms including DES, RSA, AES, RC4
hubcommander: A Slack bot for GitHub organization management -- and other things too
WarioLand4MultiEditor: MultiEditor for Wario Land 4
TokenUniverse: An advanced tool for working with access tokens and Windows security policy.
DOMPurify: DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
fosstars-rating-core: A framework for defining ratings for open source projects. In particular, the framework offers a security rating for open source projects that may be used to assess the security risk that comes with open source components.
graphw00f: graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.
Kill-Router-: Ferramenta para quebrar senhas administrativas de roteadores Wireless, routers, switches e outras plataformas de gestão de serviços de rede autenticados.
cisofy-security-policy: This is the public security policy of CISOfy, with extra resources like security tools.
tenable-securitycenter: Tenable SecurityCenter REST API client
dnsFookup: DNS rebinding toolkit
ProxyExe: Launch a Windows EXE file with this EXE file (application filter evasion)
TextAttack: TextAttack 🐙 is a Python framework for adversarial attacks, data augmentation, and model training in NLP https://textattack.readthedocs.io/en/master/
midfp-win32: Mail Message-ID Fingerprinting
SyscallExtractorAnalyzer: This script will pull and analyze syscalls in given application(s) allowing for easier security research purposes
python_sec: python安全和代码审计相关资料收集 resource collection of python security and code review
gagako: 一款Golang开发的安全工具
eos-bp-nodes-security-checklist: EOS bp nodes security checklist(EOS超级节点安全执行指南)
dirhunt: Find web directories without bruteforce
bluetooth-keyboard-emulator: Simple proof-of-concept software tool for emulating Bluetooth BR/EDR (a.k.a. Bluetooth Classic) keyboards
ByePg: Defeating Patchguard universally for Windows 8, Windows 8.1 and all versions of Windows 10 regardless of HVCI
ATSCAN: Advanced dork Search & Mass Exploit Scanner
ctfr: Abusing Certificate Transparency logs for getting HTTPS websites subdomains.
Adhrit: Android Security Suite for in-depth reconnaissance and static bytecode analysis based on Ghera benchmarks.
mdptropfort.github.io: Et si on essayait collectivement d'adopter une meilleure hygiène informatique ?
Discord-Nuker: Super fast nuker written in python with proxy and many thing!
Vailyn: A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python
vilicus: Vilicus is an open source tool that orchestrates security scans of container images(docker/oci) and centralizes all results into a database for further analysis and metrics.
flightsim: A utility to safely generate malicious network traffic patterns and evaluate controls.
Python-Scripts: Collection of Python Scripts
PHPVulFinder: PHP Static Program Analysis
tpot-terraform: DEPRECATED: Deploy T-Pot Honeypot to EC2 Using Terraform
NETNOOB: A simple program written in bash that contains basic Linux network tools, information gathering tools and scanning tools.
android-hacking-part-2: How to Hack an Android Phone using an Malicious Android Application - Part-2 (More Sophisticated Way)
CVE-2022-33891: 「💥」CVE-2022-33891 - Apache Spark Shell Command Injection
bughunting-ar: هذا المستودع هي محاولة منا لاثراء المحتوي العربي بخصوص البج بونتي ومايحتويه من انواع ثغرات الي تقنيات مختلفة الي مصادر متعددة
search-for-vulnerabilities
CVE-2019-0604: cve-2019-0604 SharePoint RCE exploit
Go-MISPFeedGenerator: Golang implementation of PyMISP-feedgenerator
pyvfeed: Python API for vFeed Vulnerability & Threat Intelligence Database Enterprise & Pro Editions
Software-Security: A Github repository I created while studying the Software Security course on Coursera. I made the repository public to discuss solutions with like-minded developers.
nvtengine: network vulnerability-test engine nasl like script engine
Screenshooter: C# program to take a full size screenshot or a recording of the user's desktop. Takes in 0-3 flags
Brutal: Payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy . Brutal is a toolkit to quickly create various payload,powershell attack , virus attack and launch listener for a Human Interface Device ( Payload Teensy )
awesome-vm-exploit: share some useful archives about vm and qemu escape exploit.
DScaner: 分布式漏扫框架
jaeles: The Swiss Army knife for automated Web Application Testing
ATMSFE: Termux Auto-Metasploit
go-gmp: Go library to interact with the Greenbone Vulnerability Manager 11 using the GMP protocol (Greenbone Management Protocol, version 9.0)
interactsh: An OOB interaction gathering server and client library
CVE-2021-3156: Script en python sobre la vulnerabilidad CVE-2021-3156
handbook: A living document for penetration testing and offensive security.
0d1n: Tool for automating customized attacks against web applications. Fully made in C language with pthreads, it has fast performance.
ThreatIngestor: Extract and aggregate threat intelligence.
integrated-security-testing-environment: Integrated Security Testing Environment for Web Applications as Burp Extension. 質問等用Slackへの参加はこちら:https://join.slack.com/t/burp-iste/shared_invite/zt-13xm9liet-BPI1ByEEklmTKZcSbQepAA
awesome-game-security: awesome game security [Welcome to PR]
Knowledge-Base: Knowledge Base 慢雾安全团队知识库
RomBuster: RomBuster is a router exploitation tool that allows to disclosure network router admin password.
databreach: Description of Data Breaches Notifications in France and Lessons Learned for the Healthcare Stakeholders. Simon M. Looten V. Stud Health Technol Inform. 2020 Nov 23;275:192-196. doi: 10.3233/SHTI200721. https://pubmed.ncbi.nlm.nih.gov/33227767/
AutoBlue-MS17-010: This is just an semi-automated fully working, no-bs, non-metasploit version of the public exploit code for MS17-010
wP-BrutE
PortScanner: Scanning privileged ports 1-1024, DDos is illegal and should be used only if have permission
Nidhogg: Nidhogg is an all-in-one simple to use rootkit for red teams.
wifiphisher: The Rogue Access Point Framework
adarch: Development of active defense tools, made easier.
dirsearch: Web path scanner
chromepass: Chromepass - Hacking Chrome Saved Passwords
bloodhound-elementary: Command line tool for analyzing .json files generated by bloodhound.py or sharphound for use in Bloodhound.
armpwn: Repository to train/learn memory corruption on the ARM platform.
Umbrella_content: Open source Android, iOS and Web app for learning about and managing digital and physical security. From how to send a secure message to dealing with a kidnap. Umbrella has best practice guides in over 40 topics in multiple languages. Used daily by people working in high risk countries - journalists, activists, diplomats, business travelers etc.
PrefSecure: Android Library For Saving any sensitive Data (e.g user credentials, access token, credit cards ,... etc) in cryptographic format
taser: Python3 resource library for creating security related tooling
CyberSecurity-Bootcamp: Assignments and projects that show my knowledge and experience of Cyber Security.
securefs: Filesystem in userspace (FUSE) with transparent authenticated encryption
falcon: Collection of exploits that were verified by an automated system
psytester.github.io: Blog
security-bundle: The security system is one of the most powerful parts of Symfony and can largely be controlled via its configuration.
scilla: Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration
Hax-That-Fuck: Hax That F#uck Html Page
leaky-paths: A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
SAP_exploit: Here you can get full exploit for SAP NetWeaver AS JAVA
kubernetes-goat: Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
rainfall: Second projet de la branche sécurité de l'école 42.
AWS-Loot: Pull secrets from an AWS environment
hookso: linux动态链接库的注入修改查找工具 A tool for injection, modification and search of linux dynamic link library
jasypt-spring-boot: Jasypt integration for Spring boot
facebook-exploit-toolkit: Toolkit for Penetration Testing Facebook
violent_python: Example programs from Violent Python book
awesome-cloud-osint: This repository will host resources for collecting information about cloud providers - SaaS, IaaS, PaaS, DaaS etc.
multi-juicer: Run Capture the Flags and Security Trainings with OWASP Juice Shop
Vanquish: Vanquish is Kali Linux based Enumeration Orchestrator. Vanquish leverages the opensource enumeration tools on Kali to perform multiple active information gathering phases.
attckr: ⚔️MITRE ATT&CK Machinations in R
ursadb: Trigram database written in C++, suited for malware indexing
reconftw: reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
ApplicationSecurity_Interview_Questions_Answers: Some of the queries that were asked in interviews for Application/Security Engineering roles and were submitted to Glassdoor.com. I felt these queries were vital to being asked and a few were difficult to answer. I attempted to incorporate some answers for a few of the queries
deepweb-scappering: Discover hidden deepweb pages
phpsecurityscanner: A PHP Class to recursively scan vulnerable php functions inside a directory
OSINT_TIPS: OSINT
POC-exploits: 🔓 Vulnerability Research and Proof of Concept exploits for various targets found by me
Secure-Pref-Manager: Secure Preference Manager for android. It uses various Encryption to protect your application's Shared Preferences.
brutto: Easy brute forcing to whatever you want - Jose Pino
DARK-FB_v1.6: script hack fb
advisory-db: Security advisory database for Rust crates published through crates.io
UserFinder: OSINT tool for finding profiles by username
Exploits-in-c: Exploits in c
scan-cli-plugin: Docker Scan is a Command Line Interface to run vulnerability detection on your Dockerfiles and Docker images
collection-document: Collection of quality safety articles. Awesome articles.
habu: Hacking Toolkit
keeweb: Free cross-platform password manager compatible with KeePass
capsulecorp-pentest: Vagrant VirtualBox environment for conducting an internal network penetration test
Ethical-Hacking-Python-Scripts: Repository for security-related Python scripts.
materializecss_starter: A Starter Boilerplate for Materializecss, ionicons, font-awesome and Animatecss
Pompem: Find exploit tool
Structured-Exception-Handling-SEH-Buffer-Overflow: Contains an exploit code of a SEH attack against the file sharing wizard 1.5.0 application and a report explaining the process
X-Scan: 魔改版内网扫描工具
Galacticc: Minecraft ghost client for 1.8.9
DeathStar: Uses Empire's (https://github.com/BC-SECURITY/Empire) RESTful API to automate gaining Domain and/or Enterprise Admin rights in Active Directory environments using some of the most common offensive TTPs.
wp-plugins-poc: Collection of WordPress Plugin PoC - For Educational Purposes ONLY
ARP-Spoofer: This script sends forged ARP packages on a local network in order to impersonate a host and receive victim's internet traffic
pytools: Pytools: Some useful tools written by pure python.
apk-medit: memory search and patch tool on debuggable apk without root & ndk
TypeHUB: TypeHUB Exploiter
MalGAN: 主题为”基于GAN的恶意软件对抗样本生成“。首先介绍了恶意软件发展现状,引出基于模式匹配、特征空间和问题空间三种方式去检测恶意软件。然后介绍了如何生成对抗样本攻击恶意软件检测器,详细介绍了基于GAN的恶意软件对抗样本的MalGAN框架,并对实验结果进行了对比。最后总结了结构性对抗样本的约束:可用转换 、保留语义、似然性、副作用特征。
phackerpy: p hacker
SpicyPass: A light-weight password manager with a focus on simplicity and security
exploit-CVE-2016-6515: OpenSSH remote DOS exploit and vulnerable container
VISE: A search engine on information delivered by OSINT sources to support Vulnerability Assessment
sel4-armv8-vmm-manifest: A manifest that allows one to build virtualized seL4 for zcu102 and i.MX8
os-newify: os-newify: A set of steps to update, clean, reset, and maintain different types of operating systems to boost security and make the device(s) more efficient.
awesome-list-of-secrets-in-environment-variables: 🦄🔒 Awesome list of secrets in environment variables 🖥️
TIL: 📚 Today I Learned : Security
Watcher: Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.
zong-wifi
IntRec-Pack: Intelligence and Reconnaissance Package/Bundle installer.
iBadApple: First ever: Windows, free iCloud & activation lock bypass... that isn't a malware!
gitleaks: Protect and discover secrets using Gitleaks 🔑
linuxScripts: University(SevGU) master's project. Several scripts to scan Linux OS, detect vulnerabilities and manage them.
Shellshocker: A Bash script to test a list of URLs for the shellshock vulnerability.
redteam_vul: 红队作战中比较常遇到的一些重点系统漏洞整理。
csplogger: A CSP endpoint to aggregate, correlate and analyze report-uri violations across your infrastructure
WebExp: 2020年~2021年 网站CMS、中间件、框架系统漏洞集合
badKarma: network reconnaissance toolkit
sike-java: SIKE for Java is a software library that implements experimental supersingular isogeny cryptographic schemes that aim to provide protection against attackers running a large-scale quantum computer.
Interlace: Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.
docker-vuln-scanner: docker vulnerability scanner
HassanKit_Target_Detection: This script validates if any queried domain/user is contained as a target within the HassanKit Phishing Campaign
Perun: Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架
PWF: Practical Windows Forensics Training
HERCULES: HERCULES is a special payload generator that can bypass antivirus softwares.
How-2-Get-Bootcamp-Content: Samples of how I write how-to's
teensy3.2-projects: Teensy 3.2 Projects - Teensy with CMD Command Execution Attack Example 💣
Blog-Pessoal: Projeto blog pessoal para praticar CRUD, realizado durando o bootcamp da Generation Brasil
Shady-Hook: Proof of Concept - Hooking API calls of a Ransomware
CVE-2020-15368: CVE-2020-15368, aka "How to exploit a vulnerable driver"
hackage-security: Hackage security framework based on TUF (The Update Framework)
WebToken: Monetary's WebToken JS Client
packit: network packet generator and capture tool
ctf-exploit-farm: Asynchronous exploit farm for attack-defence CTF
vgs-rails-bikerental: An example demonstrating how Very Good Security can secure a Rails application without any code changes and instantly make it PCI DSS Level 2 compliant.
the-broken-links-project: A site for an IQT R&D initiative on software supply chain security.
Nettacker: Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
XSpear: Powerfull XSS Scanning and Parameter analysis tool&gem
threat-personas: We borrow the concept of 'personas' from UX/service design and apply it to threat actors to improve understanding between security, technology and business teams. Created at the Open Security Summit 2020.
spidex: Continuous reconnaissance scanner. Find and analyze internet-connected devices in minutes.
PatrowlDocs: PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Final-year-Diffie-hellman-key-Algorithm-Project: Diffie–Hellman Key Exchange Method (hereafter called the D-H method) allows two parties agree upon a shared secret number, a symmetric key, over an insecure communications channel
PROXY-List: Get PROXY List that gets updated everyday
Smart-Augmented-Glasses-Hackthon-4.0-: Smart Glasses for Police Force, a wearable augmented reality glasses with applications in security, medical and industrial field applications such as remote monitoring surgical operations. Our solution is built with state of the art IOT components integrated with Artificial Intelligence. The glasses essentially automate the process of asking for an ID. When the wearer looks at someone, the attached camera apparently takes precise measurements of the person’s face. That measurement is then compared to a database of individuals, each with their own recorded measurements. The tech is reportedly able to determine a match within seconds. For riders, the police want to make sure the person on the train/plane isn’t traveling with someone else’s ID or hopping a train/plane to avoid police. Catching criminals in a real world crowd just with a glance. In the last years, more and more wearable devices are being adapted for law enforcement. Next-generation wearables have the potential to enable police officers to improve situational awareness and decision making during missions. Law enforcement needs real-time information for better situational awareness in the field and at the command center. Officers need access to information, to stream videos and to collaborate in real time.
CVE-2018-7750: an RCE (remote command execution) approach of CVE-2018-7750
RegSLScan: A tool for scanning registery key permissions. Find where non-admins can create symbolic links.
Red-Baron: Automate creating resilient, disposable, secure and agile infrastructure for Red Teams.
BlueCommand: Dashboarding and Tooling front-end for PowerShell Empire using PowerShell Universal Dashboard
Dh-All: This is a package of all hacking tools., This tool contain over 300+ Advance and professional Hacking tools.it contain Phishing, Brute forcing, cloning, Vulnerability scanning, Information Gathering, Tracing and Tracking, Exploitation, Password cracking, Wifi Hacking, Bombing, DDOS, Malwares, Some special pakages and Another Hacking tools
honggfuzz-rs: Fuzz your Rust code with Google-developed Honggfuzz !
SirepRAT: Remote Command Execution as SYSTEM on Windows IoT Core (releases available for Python2.7 & Python3)
simple-haveibeenpwned: A very simple class to check your password safety against 'Have I Been Pwned' API.
urldedupe: Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations
fortify-plugin: Fortify Jenkins plugin
sqlinjection-training-app: A simple PHP application to learn SQL Injection detection and exploitation techniques.
nice-framework: This is a repo for on-going development of an xAPI Profile and JSONLD for the Cybersecurity Education Cybersecurity Workforce Framework - NICE Framework
PyPowerShellXray: Python script to decode common encoded PowerShell scripts
wadbpwn: Hack a random android device with 100% guarantee to succeed within 1 second, all you really need is to copy and paste 3 lines, yay! It's for real!!
CVE-2018-16763-Exploit-Python3
dc540-0x00005b: DC540 hacking challenge 0x00005b.
IPASN-History: IP ASN History to find ASN announcing an IP and the closest prefix announcing it at a specific date
derailed: CVE-2021-40875: Tools to Inspect Gurock Testrail Servers for Vulnerabilities related to CVE-2021-40875.
CheckPasswordHash: Lets you check your password hash against a list in a textfile (for the have i been pwned database)
clusterfuzzlite: ClusterFuzzLite - Simple continuous fuzzing that runs in CI.
simple-port-scanner: This is a simple port scanner built in python 3.8
pentbox: PentBox is a tool that allows us to create honeypot in our system this is written in ruby language.
jiff: JavaScript library for building web-based applications that employ secure multi-party computation (MPC).
pwnscripts: Very simple script(s) to hasten binary exploit creation
rastrea2r-server: Restful Server to handle requests from rastrea2r client
One-Click-Image-Logger: A method on how to make a One Click Image Logger!
nerve: NERVE Continuous Vulnerability Scanner
Hacking-Notebooks: Hacking Tricks, Techniques & Tools
cyber-camp-2020-writeup: Cyber Camp 2020 CTF by SANS Institute Writeup
attack_monitor: Endpoint detection & Malware analysis software
azure_password_harvesting: Plaintext Password harvesting from Azure Windows VMs
mptcp: Application and work associated with Ph.D. research. The purpose of the research is to provide a mechanism to transfer data safely without encryption using MP-TCP.
dumb-password-rules: Shaming sites with dumb password rules.
password-leak: A library to check for compromised passwords
Bachelorarbeit_SichereWebsite
secDevLabs: A laboratory for learning secure web and mobile development in a practical manner.
gohack: Experimental Go language CSGO exploit.
Computer-forensics: The best tools and resources for forensic analysis.
Quantum-Phase-Estimation: Quantum Phase Estimation is a key component of Shor's Factoring Algorithm.
Hackbox: Hackbox is an open-source, container-based platform that makes it easy to launch vulnerable systems to test your hacking skill!
charts: Deploy Kubernetes Helm Charts for Check Point CloudGuard
PrestaShop-CVE-2018-19126: PrestaShop (1.6.x <= 1.6.1.23 or 1.7.x <= 1.7.4.4) Back Office Remote Code Execution (CVE-2018-19126)
cyber-crime-records-management-system: The objective of this project is to maintain a record of all the cyber-crime complaints reported by the victims and provide a platform for the cyber-crime bureau/police department to provide necessary solution and help to all of these problems.
tuftools2: a installer that u can install some of my hacking tools and other hacking tools on written in python 2.7.14 (DEAD SCRIPT)
mOSL: Bash script to audit and fix macOS Catalina (10.15.x) security settings
awesome-windows-domain-hardening: A curated list of awesome Security Hardening techniques for Windows.
xvwa: XVWA es una aplicación Web mal Desarrollada en PHP / MySQL que ayuda a los entusiastas de la seguridad a aprender la seguridad de las aplicaciones WEB. No es recomendable alojar esta aplicación en línea, ya que está diseñada para ser "Extremadamente Vulnerable". Recomendamos alojar esta aplicación en un entorno local/controlado. El fin es que puedas agudizar tus habilidades de seguridad, ya que este proyecto es totalmente legal romperlo o piratearlo. La idea es evangelizar la seguridad de las aplicaciones web para la comunidad de la forma más fácil posible. Por favor Aprende y adquiere estas habilidades para un buen propósito.
cyberdisc-bot: The bot for the Cyber Discovery Community Discord Server!
awesome-embedded-and-iot-security: A curated list of awesome embedded and IoT security resources.
DarkDork: Fast dorking with DarkDork. Written with python. Please run it with python3 versions. You can find vulnerability url s.
sandfly-setup: Sandfly Security Agentless Compromise and Intrusion Detection System For Linux
awesome-security-hardening: A collection of awesome security hardening guides, tools and other resources
BLE-Security-Attack-Defence: ✨ Purpose only! The dangers of Bluetooth Low Energy(BLE)implementations: Unveiling zero day vulnerabilities and security flaws in modern Bluetooth LE stacks.
reverseshell-powercat-v2: Bypass antivirus and gain a reverse shell on Windows with Powercat v2
bylibrary: 白阁文库是白泽Sec安全团队维护的一个漏洞POC和EXP公开项目
asleep_scanner: Dahua DVRs bruteforcer at port 37777
Nihon-Lua-Bytecode-Interpreter: C/C++ Roblox Lua Script Executor, Uses Probably The Next To Worst Method Lua Bytecode Interpreter Where Our Lua Interpreter Does Most Of The Work This Method Is Unstable And Slow
node-rate-limiter-flexible: Count and limit requests by key with atomic increments in single process or distributed environment.
uniscan: Just a mirror of uniscan project
ekolabs: EKOLABS esta dedicada para investigadores independientes y para la comunidad del Software Libre. Vamos a proveer de stands completos con monitor, alimentacion de energia y acceso a internet por cable, y vos vas a traer tu maquina para mostrar tu trabajo y responder preguntas de los participantes de Ekoparty Security Conference
Dunocoin-Exploit: Custom miner that Spoof packets to be considered an IoT device and earn more coins.
devise-security: A security extension for devise, meeting industry-standard security demands for web applications.
GoFuzz: A Request fuzzer written in Go
cvemon: Monitoring exploits & references for CVEs
DevSecOps_tools: Recopilación de herramientas complementarias para auditoría de Docker, K8, AWS, etc. Estas herramientas me han sido útiles en pentesting (tanto caja negra como blanca) y en la revisión de la seguridad de diferentes entornos y diferentes tecnologías.
MBomb: MBomb(Gmail To Gmail) Mail Bombing! Send Unlimited Bombing!
macof.py: macof.py, a MAC address table overflow utility.
linux-kernel-exploitation: A collection of links related to Linux kernel security and exploitation
heartsk_community: Hearts K-企业资产发现与脆弱性检查工具,自动化资产信息收集与漏洞扫描
terracreds: A Terraform Automation and Collaboration Software credentials helper
wstg: The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Cheatsheet-God: Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
steal-all-files: Python script to automatically steal all the files and information from a computer using an USB device. Created just for educational purposes.
blueborne-scanner: Bluetooth scanner for local devices that may be vulnerable to Blueborne exploit
openvas-sandbox: openvas network security monitoring NIDS HIDS
cyber-defence-presentation: 🖥️ A reveal.js website for presenting the cyber security basics to humans
Bruteforcefb: Tools Brute Force Facebook v.0.1
Python-Rootkit: Python Remote Administration Tool (RAT) to gain meterpreter session
OpenRemoteStart: An open source remote implementation for the Fortin EVO-One remote starter
cve-2021-3449: CVE-2021-3449 OpenSSL denial-of-service exploit 👨🏻💻
Audit-Learning: 记录自己对《代码审计》的理解和总结,对危险函数的深入分析以及在p牛的博客和代码审计圈的收获
security-checklist-transformer: Sqreen Security Checklist Transformer & Uploader
kindle-factory-jailbreak: Kindle factory image jailbreak.
slate-tools: Shopify's defunct Slate tools occasionally updated w/ some security patches
guardium-analyzer-workshop: IBM Security Guardium Analyzer Workshops
Image-Security-by-Triple-DES-Final-Year-Project: B.tech Cryptogaphy Final Year Project on ENCRYPTION & DECRYPTION of IMAGE through Triple DES.
stealthware-backdoor: Persistent & Undetectable Malware Backdoor
sriracha-iq: Rapid cybersecurity toolkit based on Elastic in Docker. Designed to quickly build elastic-based environments to analyze and execute threat hunting, blue team assessments, audits, and security control assessments.
chronicle: Public append-only ledger microservice built with Slim Framework
Follina_Exploiter_CLI: Exploit Microsoft Zero-Day Vulnerability Follina (CVE-2022-30190)
kickthemout: 💤 Kick devices off your network by performing an ARP Spoof attack.
Ktos.AspNetCore.Authentication.ApiKeyHeader: Authentication using X-APIKEY HTTP header for ASP.NET Core
Hide-FS: Inject dll to explorer.exe and hide file from process.
fofa_viewer: 一个简单实用的FOFA客户端 By flashine
Espionage: A Network Packet and Traffic Interceptor For Linux. Spoof ARP & Wiretap A Network.
maskphish: Introducing "URL Making Technology" to the world for the very FIRST TIME. Give a Mask to Phishing URL like a PRO.. A MUST have tool for Phishing.
Sooty: The SOC Analysts all-in-one CLI tool to automate and speed up workflow.
pwn.hs: [WIP] Exploit development library for Haskeller
zap-scripts: Zed Attack Proxy Scripts for finding CVEs and Secrets.
protostar-iot: Statically compiled binaries of Protostar (exploit-exercises.com) in ARM and MIPS along with original source code
ksubdomain: 无状态子域名爆破工具
RVuln: [ Automated Web Vulnerability Scanner ]
awesome-recon-tools: A compiled list of tools for reconnaissance and footprinting
ShellPop: Pop shells like a master.
pentestER-Fully-automatic-scanner: DNS Subdomain● Brute force ● Web Spider ● Nmap Scan ● etc
CybersecurityEssentials: Abarca los fundamentos y las habilidades básicas en todos los dominios de la ciberseguridad, incluida la seguridad de la información, seguridad de sistemas, seguridad de la red, ética y leyes, y técnicas de defensa y mitigación utilizadas en la protección de los negocios.
pi-pwnbox-rogueap: Homemade Pwnbox 🚀 / Rogue AP 📡 based on Raspberry Pi — WiFi Hacking Cheatsheets + MindMap 💡
SecretScanner: 🔓 🔓 Find secrets and passwords in container images and file systems 🔓 🔓
wifi-sdcf: Reverse Engineering notes on the Dxingtek/Keytech(?) WiFi@SDCF card
Th3_Monster: Th3_Monster Tool 2.5 ☣ Website Vulnerability Scanner & Auto Exploiter Bot ☣ .
CustomizableAlertController: Hacking the UIAlertController to fully customize it
khefin: A simple way to generate password-proteceted secrets from a FIDO2 authenticator with the hmac-secret extension
Unreliable-Web: Vulnerable Pen-testing Lab for Web+Forensics+Crypto
CEHv10StudyGuidePlusPlus: 📓 CEHv10 Study Guide++
rogue_ap: Rogue AP using a Raspberry Pi Zero W
whose-trying-to-hack-me: Crystal-lang tool to identify potential hackers
security_content: Splunk Security Content
domato: DOM fuzzer
dockerized-security-tools: Dockerfiles for security tools
FalconGate: A smart gateway to stop cyber criminals - Sponsored by Falcon Guard
zip-slip-vulnerability: Zip Slip Vulnerability (Arbitrary file write through archive extraction)
universal-otherapp: Userland -> Kernel11 -> Arm9 otherapp for 3DS system versions 1.0 to <= 11.15
pwnAdventure3: This video game was created to test the hackers. I'm trying to solve it applying the technic "Man In The Middle Attack". I took some ideas and resources from LiveOverflow/PwnAdventure3 (https://github.com/LiveOverflow/PwnAdventure3) but I am doing with my thoughts and resources.
basic_ssh_honeypot: A basic SSH honeypot built in Python and containerised in Docker
Colossus: Secure File Storage in Cloud Computing using Hybrid Cryptography Algorithms. Colossus ensures security of the user’s data stored on cloud (AWS S3) by providing a tool that helps to encrypt files using AES and RSA. The user receives the key via email.
Godzilla: Godzilla is an automated scanner tool for bug hunters/pentesters that can scan website for vulnerabilities, Do Information gathering in Network range, exploit and attack network.
blackhat_python_book_code: Source code and exercises from the book "Black Hat Python" by Justin Seitz.
spyse-python: The official wrapper for spyse.com API, written in Python, aimed to help developers build their integrations with Spyse.
Security-Monitoring-Visualisation-System: This visualisation system is used to monitor the state and confirm the system's health running.
ifoughtthelaw: Repository for "I Fought The Law and The Law Lost" talk. Featured on Recon Village @ DEFCON 26, Las Vegas (And many other conferences!)
httprecon-win32: Advanced web server fingerprinting
AndroidHacking: Everything here is only for educational purposes only. Add star if u want, i will be very happy. Thanks :)
SH4R1NG4N: Plataforma de hacking ético, recolección de información y manejo de bases de datos. Es un proyecto antiguo, mi aprendizaje empezó con MySQL y Python, mi idea fue combinar ambas tecnologías.
Mpchadwick_MwscanUtils2: Run better Magento malware scans
swaggerHole: A python3 script searching for secret on swaggerhub
sippts: Set of tools to audit SIP based VoIP Systems
CVE-2021-37740: PoC for DoS vulnerability CVE-2021-37740 in firmware v3.0.3 of SCN-IP100.03 and SCN-IP000.03 by MDT. The bug has been fixed in firmware v3.0.4.
CTFGuideReact: The React Client for CTFGuide
cross-account-ecr-access-control: Allow AWS Account B to be able to connect to Account A ECR image repository to push or pull images
tensorflow-insiderthreat: Experimental ONLY: This consolidated data of scenario-2 of the US-CERT dataset for insider threats to be used with TF 2.0 and Keras
AIOCLF: just bored app for create all in one tools for hacker :p
GitMonitor: One way to continuously monitor sensitive information that could be exposed on Github
expdev: Vulnerable software and exploits used for OSCP/OSCE preparation
O-MEGA_VIRUSES: SAMPLE O-MEGA VIRUS FOR RESEARCH PURPOSES ONLY. PLEASE DELETE AFTER USAGE UNLESS A LICENSE IS PURCHASED.
splunk-integration: Databricks Add-on for Splunk
awesome-threat-intelligence: A curated list of Awesome Threat Intelligence resources
jwt-hack: 🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)
thc-tesla-powerwall2-hack: TESLA PowerWall 2 Security Shenanigans
ThreadBoat: Program Uses Thread Execution Hijacking To Inject Native Shell-code Into a Standard Win32 Application
visualize_logs: A Python library and command line tools to provide interactive log visualization.
rescope: A scope-generator-tool for Burp Suite and ZAP
google-ctf: Google CTF
wordle-answer-hack: Get the answer in both wordle and wordleunlimited.org
mutillidae: OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. Mutillidae can be installed on Linux and Windows using LAMP, WAMP, and XAMMP. It is pre-installed on SamuraiWTF and OWASP BWA. The existing version can be updated on these platforms. With dozens of vulnerabilities and hints to help the user; this is an easy-to-use web hacking environment designed for labs, security enthusiast, classrooms, CTF, and vulnerability assessment tool targets. Mutillidae has been used in graduate security courses, corporate web sec training courses, and as an "assess the assessor" target for vulnerability assessment software. A containerized version of the application is available as a companion project.
PhishMailer: Generate Professional Phishing Emails Fast And Easy
Tech-Scrolls: Concepts. Books. People. Definitions. Tech.
iot-security-vulnerability: Raspberry PI Vulnerability Study using Flask, PWA VueJS 2, Requests, Vue-Socket.io and Flask SocketIO
weekly-dmarc-grabber: Weekly DMARC Grabs of the Rapid7 1500
zeek-plugin-enip: Zeek network security monitor plugin that enables parsing of the Ethernet/IP and Common Industrial Protocol standards
fotogo-bakcend: Fotogo's backend server.
wireguard-docs: 📖 Unofficial WireGuard Documentation: Setup, Usage, Configuration, and full example setups for VPNs supporting both servers & roaming clients.
DGFraud-TF2: A Deep Graph-based Toolbox for Fraud Detection in TensorFlow 2.X
waf: 🚦Web Application Firewall or API Gateway(应用防火墙/API网关)
wrecon: WRecon is an open source no intussive web scanner. It is designed to discover all URL in a website recursively, without using bruteforce or unauthorized access. It comes with a camouflage engine and nice features for pentesting.
Cerberus: 一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能
nginx-admins-handbook: How to improve NGINX performance, security, and other important things.
AutoSploit: Automated Mass Exploiter
oro-bypass: RumbleFighter GameGuard bypass written with C++ 11 using win32
OverwatchINT: OverWatchINT is an Open Source Intelligence and All-in-One Hacking Tool. It's purpose is to reduce the time and efforts of security researchers and cyber experts.
0day-security-software-vulnerability-analysis-technology: 0day安全_软件漏洞分析技术
pickleassem: A simple pickle assembler to make handcrafting pickle bytecode easier.
Cybersecurity-University.of.Maryland: Cybersecurity Specialization - Cybersecurity Fundamentals. Construction of Secure Systems - Coursera
Polaris: 渗透测试框架
DetExploit: OSS Vulnerability Scanner for Windows Platform
h-encore: Fully chained kernel exploit for the PS Vita on firmwares 3.65-3.68
TallGrass: An AV exclusion enumeration tool written in Python.
mosint: An automated e-mail OSINT tool
RCE-VB5.x: Vulnerable (RCE) vBulletin 5.0.0 - 5.5.4 BurpSuite Request
slack-watchman: Monitoring your Slack workspaces for sensitive information
FlowerPassword: 🌸花密,不一样的密码管理器
forta-attack-simulation: 🦠🔬 Forta agent that detect deployment of smart contracts containing an exploit function
rootend: A nix Enumerator & Auto Privilege Escalation tool.
h1-702-2018-ctf-wu
free_materials: Small collection about free cybersecurity materials
wraith: [WIP] A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.
WAMpage: WAMpage - A WebOS root LPE exploit chain (CVE-2022-23731)
opencve: CVE Alerting Platform
embark: EMBArk - The firmware security scanning environment
prober: Pentester's toolbox
usb-keystroke-injector: ☠️ An Arduino-based USB keyboard simulator which injects keystrokes via Bluetooth protocol or predefined payloads in a SD card.
d3fend: Public static website for the D3FEND project. For the D3FEND ontology repo see: https://github.com/d3fend/d3fend-ontology
critical-ops-0day: source to ban any account in mobile game critical ops
100-redteam-projects: Projects for security students
sns: Scan'n'Search is a program that runs an Nmap scan and returns vunerabilities.
rawsec_cli: Rawsec's Cybersecurity Inventory cli. Search pentesting tools, resources, ctf, os.
pentesting-multitool: Different utility scripts for pentesting and hacking.
uPyPortal: A captive portal for MicroPython using ESP32 (WeMos)
itsdangerous: Safely pass trusted data to untrusted environments and back.
terraform-aws-secure-vpc: A terraform module to create a VPC with secure default configurations.
dependency-check-plugin: Jenkins plugin for OWASP Dependency-Check. Inspects project components for known vulnerabilities (e.g. CVEs).
PickleRick: A write up guide for the Pickle Rick room from Try Hack Me.
Atividades_Spring-Generation: Aulas de Java Avançado e inicio da Programação com Spring dentro do bootcamp Generation Brasil
hack-help: A support web page for my eJPT / eCPPT Certification Process
Reloaded.Memory: Managed, high performance, fully featured memory manipulation library written in C#, providing a very easy to use API.
Python-security-hashing: It is the project for ShapeAi Bootcamp in python and network security. I have created this project to demonstrate the use of various algorithms from Hashlib. Also, I have demonstrated the use of salting and iteration on hashes to increase security and protection.
x11-stack-corruption: X11/libX11.so.6 (XQueryKeymap) Stack corruption/Access violation [PoC+ Fuzzer]
dojos: This is where the Novoda team do all their hacking
your-private-life: Your "Private" Life est un jeu web permettant de faire de la prévention sur les dangers du web et de l'Internet.
Rainbow-Wifi-Hack-Utility-Android: The program implements brute Wi-Fi network method on platform Android
sec-admin-web: 分布式资产安全扫描核心管理系统Web页面(弱口令扫描,漏洞扫描)
bot18: Bot18 is a high-frequency cryptocurrency trading bot developed by Zenbot creator @carlos8f
EOS-Proxy-Token: Proxy token to allow mitigating EOSIO Ram exploit
google-dorks: Useful Google Dorks for WebSecurity and Bug Bounty
NIVOS: NIVOS is a hacking tool that allows you to scan deeply , crack wifi, see people on your network. It applies to all linux operating systems. And it is improving every day, new packages are added. Thank You For Using NIVOS :> [NIVOS Created By NIVO Team]
GoodHound: Uses Sharphound, Bloodhound and Neo4j to produce an actionable list of attack paths for targeted remediation.
SplunkPWNScripts: Scripts aiding penetration testing of Splunk Enterprise systems
depthcharge: A U-Boot hacking toolkit for security researchers and tinkerers
wp-mini-exploiter: Mini Wordress Exploiter using CVE2020
LuaCollection: 🐱💻Roblox hack/cheat scripts I made.
Cr3dOv3r: Know the dangers of credential reuse attacks.
scriptsafe: a browser extension to bring security and privacy to chrome, firefox, and opera
C-Experiments: Experiments on C/C++ Exploits
sozu: Sōzu HTTP reverse proxy, configurable at runtime, fast and safe, built in Rust. It is awesome! Ping us on gitter to know more
DFF: One of Best Path traversal and PRL attack tools by TS/SCI Security (year 2008). Also tool is included on BackTrack 4 and OWASP Phoenix/Tools Project.
RdpCacheStitcher: RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.
ColdFusionX.github.io
hades: Firewall System for A.E.G.I.S.
RBust: [ Blazing Fast Web Fuzzer in Rust ]
ransomwvre: Ransomware in v
Hack4Squad: 💀 A bash hacking and scanning framework.
simplex-chat: SimpleX - the first messaging platform operating without user identifiers of any kind - 100% private by design! iOS and Android apps are released 📱!
HiveNightmare: Exploit allowing you to read registry hives as non-admin on Windows 10 and 11
AIRAVAT: A multifunctional Android RAT with GUI based Web Panel without port forwarding.
has_tokenable: Identify your active records with random tokens when you don't want your users to see a sequential ID https://rubygems.org/gems/has_tokenable
Discord-email-spammer-exploit: A discord email spammer exploit that works by unferifying a tokens email and then requesting discord verify it again multiple times which leads to discord spamming that email with email verification messages
dymerge: 🔓 A dynamic dictionary merger for successful dictionary based attacks.
ProjectBrightSun: A suite of cybersecurity tools designed to allow for rapid deployment of virtualized environments. Intended for use in education: contains built-in lessons.
TRADFRI-Hacking: Hacking IKEA TRÅDFRI products, such as light bulbs, window blinds and other accessories.
vichiti: An OSINT focused tool made with Nodejs!
ban2fail: Simple & efficient log file scanning and iptable filtering
is-website-vulnerable: finds publicly known security vulnerabilities in a website's frontend JavaScript libraries
Wyrmsun_Macrobot: A hack for Wyrmsun version 5.0.1 that will automatically create worker units out of the currently selected structure when a player's gold is over 3000.
Reverse-Shell-Manager: 🔨 A multiple reverse shell session/client manager via terminal
Security-Scanner: It is a scanner used for security related tasks during penetration testing.
pdfparser: PDF Parser is a command line tool and go library for analyzing PDF files.
Caesar: An HTTP based RAT (Remote Administration Tool) that allows you to remotely control devices from your browser
setup-ipsec-vpn: Scripts to build your own IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2
CVE-2021-43008-AdminerRead: Exploit tool for CVE-2021-43008 Adminer 1.0 up to 4.6.2 Arbitrary File Read vulnerability
klustair-frontend: Frontend to Klustair scanner and Anchore
InstaBrowser: Android Phishing Application.This Project is for Educational purposes only.The Developer of this application is not responsible of any bad usage
gotator: Gotator is a tool to generate DNS wordlists through permutations.
100DaysOfHacking: This repository contains all the information shared during my 100 days of hacking challenge.
DI.WE.H: Repositório com conteúdo sobre web hacking em português
mvt: MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.
HCPaper: The published paper proposing Hacker Combat.
isoalloc: A general purpose memory allocator that implements an isolation security strategy to mitigate memory safety issues while maintaining good performance
asqlmap: Automated sqlmap
Bootmiester: Advanced deauthentication script.
bakerman: Doughskript interpreter for converting simple command sequences into executable Arduino C++ code.
beaconleak: Covert data exfiltration and detection using 802.11 beacon stuffing
K8tools: K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)
CuckooNet: A full implementation of the Cuckoo Sandbox Rest 2.0.7 API
attifyos: Attify OS - Distro for pentesting IoT devices
OSCP2020
EasyProtector: 一行代码检测XP/调试/多开/模拟器/root
Sploits-Protostar: Protostar exploit python scripts
IPAPatch: Patch iOS Apps, The Easy Way, Without Jailbreak.
rebuilderd: Independent verification of binary packages - reproducible builds
SpringBootExploit: 项目是根据LandGrey/SpringBootVulExploit清单编写,目的hvv期间快速利用漏洞、降低漏洞利用门槛。
swag-client: Cloud multi-account metadata management tool.
50-Days-Of-SQLi: Learning and hunting SQL injection bugs for 50 continuous days
aws-auto-remediate: Open source application to instantly remediate common security issues through the use of AWS Config
RATel: RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software.
zBang: zBang is a risk assessment tool that detects potential privileged account threats
etw-dns: A simple example application to collect DNS queries logs using etw-api
Ohm: Android RAT with web panel and undetectable App
PwnBack: Burp Extender plugin that generates a sitemap of a website using Wayback Machine
cybersecurity-blue-team: A collection of awesome software, libraries, learning tutorials, documents and books, technical resources and cool stuff about Blue Team in Cybersecurity.
C-Browser-Password-Cracker: C++ Firefox & Google Chrome Cracker Source Code
Crumble: Menu driven wordlist generator in C++
vulnerability-tool: Vulnerability-tool chains middleware (inspired by Alice) tools to analyse Github repositories for vulnerabilities (secrets, keys, etc)
offensive-azure: Collection of offensive tools targeting Microsoft Azure
otseca: Open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.
agartha: a burp extension for dynamic payload generation to detect injection flaws (RCE, LFI, SQLi), creates access matrix based user sessions to spot authentication/authorization issues, and converts Http requests to Javascript for further XSS exploitation and more.
ocaps: Object capability (ocap) tools and macros for Scala.
awesome-browser-containers: Curated list of awesome browser extensions that protect your privacy
airgeddon: This is a multi-use bash script for Linux systems to audit wireless networks.
spectre-attack: Example of using revealed "Spectre" exploit (CVE-2017-5753 and CVE-2017-5715)
exfilkit: Data exfiltration utility for testing detection capabilities
u2f-zero: U2F USB token optimized for physical security, affordability, and style
grype-contribs: A set of resources around Anchore's grype tool
CVE-2021-44228-Mass-RCE: CVE-2021-44228 Log4J multithreaded Mass Exploitation tool compatible with URL/IP lists.
themis: Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.
wesng: Windows Exploit Suggester - Next Generation
audit_scripts: Scripts to gather system configuration information for offline/remote auditing
plaguesec-os: Plague Security Customed Operating System for Penetration Testers Based on Kali Linux
Commodity-Injection-Signatures: Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT
pwn2own2020: Compromising the macOS Kernel through Safari by Chaining Six Vulnerabilities
offsec: Docker environment for exploit development.
pksgnpa: This tool creates NPA archives used by visual novel game Steins;Gate, for Chinese translation.
Gotanda: Gotanda is browser Web Extension for OSINT.
1Hosts: World's most advanced DNS filter-/blocklists!
AntiCheat-Testing-Framework: Framework to test any Anti-Cheat
dockle: Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
dockerscan: Docker security analysis & hacking tools
fhe-toolkit-linux: IBM Fully Homomorphic Encryption Toolkit For Linux. This toolkit is a Linux based Docker container that demonstrates computing on encrypted data without decrypting it! The toolkit ships with two demos including a fully encrypted Machine Learning inference with a Neural Network and a Privacy-Preserving key-value search.
linkedin2username: OSINT Tool: Generate username lists for companies on LinkedIn
Spectre-PoC: Proof of Concept - Spectre
tpotce: 🍯 T-Pot - The All In One Honeypot Platform 🐝
Brutus: Botnet targeting Windows machines written entirely in Python & open source security project.
aws-securitygroup-grapher: This ansible role gets information from an AWS VPC and generate a graphical representation of security groups
Scumblr: Web framework that allows performing periodic syncs of data sources and performing analysis on the identified results
evil-ssdp: Spoof SSDP replies and create fake UPnP devices to phish for credentials and NetNTLM challenge/response.
Lauschgeraet: Gets in the way of your victim's traffic and out of yours
unikraft: Unikraft is an automated system for building specialized OSes known as unikernels. Unikraft can be configured to be POSIX-compliant. (Core repository)
Exploit-Discord-Cache-System-PoC: 🗄️ Exploit Discord's cache system to remote upload payloads to Discord users machines (possible malware dropper for e.g. targeting specific victims)
RustScan: 🤖 The Modern Port Scanner 🤖
crowdsec: CrowdSec - the open-source and participative IPS able to analyze visitor behavior & provide an adapted response to all kinds of attacks. It also leverages the crowd power to generate a global CTI database to protect the user network.
b11: 11 DIGIT FACEBOOK ACCOUNTS PASSWORD CRACKER
FOR BANGLADESHI TERMUX USERS
UEFI_boot_script_expl: CHIPSEC module that exploits UEFI boot script table vulnerability
www-project-csrfguard: The aim of this project is to protect Java applications against CSRF attacks with the use of Synchronizer Tokens
WS-VulnS: WS-VulnS (Web Services Vulnerability Scanner) is a blackbox tool that detects injections (SQLi & XMLi) and DoS (XML Bomb, Oversized XML & Oversized Payload) vulnerabilities in SOAP and REST Web Services. It was developped during graduation project at Ecole Nationale Supérieure d'Informatique (ESI, Algiers) by AIT HABOUCHE Manele and BALI Amina.
hkcert-ctf-2020-challenges: The challenges for HKCERT CTF 2020
bludit-cms-bypass-brute-force-protection-mechanism: Permite realizar bypass (eludir) el mecanismo de protección de fuerza bruta de Bludit CMS versión 3.9.2 o inferior, mediante el uso de diferentes encabezados HTTP X-Forwarded-For falsificados.
GraphKer: Open Source Tool - Cybersecurity Graph Database in Neo4j
dependency-check-sonar-plugin: Integrates Dependency-Check reports into SonarQube
wifi-passview: An open source batch script based WiFi Passview for Windows!
CyberSecurity-and-Pentesting-Resources: Top 5 ethical hacking books to get started? Top 5 practical hacking books? Top 5 cybersecurity books to get started? Did I miss any great books?
aws-enumerator: The AWS Enumerator was created for service enumeration and info dumping for investigations of penetration testers during Black-Box testing. The tool is intended to speed up the process of Cloud review in case the security researcher compromised AWS Account Credentials.
wd-rce: WD My Cloud PoC exploit
MurMurHash: This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.
proxmox_toolbox: A toolbox to get the firsts configurations of Proxmox VE / BS done in no time
redteam-hardware-toolkit: 🔺 Red Team Hardware Toolkit 🔺
ATM-Malware-: Works only on NCR and Diebold Nixdorf. The software works pretty simple : Work on Windows and Android (8.0 or highter) devices. The NCR and Diebold Nixdorf ATM's work on Windows XP os and are connected to hidden wifi network. The software contains hidden wifi finder, brute force tool and wordlist. The procedure is absolutely wirelessly! All you need to do is to be less than 20 meters from the ATM, turn on the wifi finder, get the password via the bruteforcing tool and send the trojan to the ATM. The next step is to go in front of the ATM, press two buttons on the device you got connected through and start collecting the money. Contact info: telegram @No_name71 ,wickr @nonamee71, protonmail @No_namee71@protonmail.com
CVE-2021-41773: Apache2 2.4.49 - LFI & RCE Exploit - CVE-2021-41773
nishang: Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
wowned: Authentication bypass for outdated WoW emulation authentication servers
Shodan-Dorks: Dorks for shodan.io. Some basic shodan dorks collected from publicly available data.
Tic-Tac: Client not paid ? Set a timer to kill css/js or decrease opacity over time with a js script, available remotely !
ktmm: Keep That Mouse Moving!
exynos8890-bootrom-dump: dump Exynos 8890 bootROM from Samsung Galaxy S7
pyhtools: A collection of python written hacking tools consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester credential harvester, keylogger, download&execute, ransomware and reverse_backdoor.
wgcf: 🚤 Cross-platform, unofficial CLI for Cloudflare Warp
burpa: Burp Automator - A Burp Suite Automation Tool. It provides a high level CLI and Python interfaces to Burp Suite scanner and can be used to setup Dynamic Application Security Testing (DAST).
CVE-2021-44228-Mass-RCE-Log4j: CVE-2021-44228 Log4J multithreaded Mass Exploitation tool compatible with URL/IP lists.
Phlexish: Advanced Spear Phishing tool for Facebook with 2 factor authentication bypass! May contain minor bugs due to...idk
Eternalblue: Eternalblue written in CSharp. Contains version detection, vulnerability scanner and exploit of MS17-010
pwnphone: DREAM DEVICE FOR HACKERS
JbossExploit: MSF moudle jboss invoke deploy getshell Exploit & Jboss jmx-console getshell exploit
loopback4-vault: A loopback-next extension for HashiCorp's Vault integration in loopback-next applications
Apache-HTTP-Server-Module-Backdoor: 👺 A Backdoor For Apache HTTP Server Written in C
sqlscan: Quick SQL Scanner, Dorker, Webshell injector PHP
SpyLocator: A desktop application for detecting key logging activities based on active processes. Created in C# with visual studio 2019 for windows OS.
awesome-iot-hacks: A Collection of Hacks in IoT Space so that we can address them (hopefully).
mana-security-app: macOS vulnerability management for individuals
Unban: Den unbanner det id du specificere hvis din ven fx får ban ;) (skift user_id = 1)
Exegol: Fully featured and community-driven hacking environment
WindowsExp: Windows全版本提权脚本
vul-detect: GitHub repository vulnerability detection and metrics.
Pentest-Bookmarkz: A collection of useful links for Pentesters
MyExploits: Repo for discovered vulnerabilities/exploits
magesecuritypatcher: Magento 1 Security Patcher from MageMojo
Linux-kernel-forensics-scripts: Gdb, r2, python scripts i made to perform binary analysis and forensic tasks.
x64dbgpylib: Port of windbglib to x64dbgpy, in an effort to support mona.py in x64dbg.
Log4j-RCE-Scanner: Remote command execution vulnerability scanner for Log4j.
AndroDucky: Ferramenta para criação de payload HID para android sem nethunter e sem rubber ducky
Checklist-Tools-Website: 🍿 The perfect Checklist Website for meticulous developers.
shellen: 🌸 Interactive shellcoding environment to easily craft shellcodes
cybersecurity-appsec: A collection of awesome framework, libraries, learning tutorials, videos, webcasts, technical resources and cool stuff about Application Security.
posta: 🐙 Cross-document messaging security research tool powered by https://enso.security
biostamp: A self-hosted, open-source biometric identity solution that provides ready-made, customizable components for quickly implementing advanced biometric identity. Join us towards a #passwordless future.
dawgmon: dawg the hallway monitor - monitor operating system changes and analyze introduced attack surface when installing software
WEB1Tutorial.github.io: WEB1.0 is the Most Standard Programming Language for WEB invented by wilmix jemin j in NJDOLLAR at OCT 2015 to develop a WebService with namespace, used for security, used for userfriendly interface design, and it is easy to use....
APSoft-Web-Scanner-v2: Powerful dork searcher and vulnerability scanner for windows platform
csharp-keylogger: ⌨️ A keylogger written in C# + Send by email
IT8761-Security-Lab-Experiments: Anna University Regulation 2017 IT8761 Lab experiments. All of the programs here are my own for the most part. There could be hidden bugs or less optimal implementations. If you find any, do correct it and contribute to this repository. I'll add programs as I finish them.
dark-fantasy-hack-tool: DDOS Tool: To take down small websites with HTTP FLOOD. Port scanner: To know the open ports of a site. FTP Password Cracker: To hack file system of websites.. Banner Grabber: To get the service or software running on a port. (After knowing the software running google for its vulnerabilities.) Web Spider: For gathering web application hacking information. Email scraper: To get all emails related to a webpage IMDB Rating: Easy way to access the movie database. Both .exe(compressed as zip) and .py versions are available in files.
Web-Security-Engineer-Skill-Sheet: web安全工程师技能表
revshellgen: Reverse shell generator written in Python 3.
pySSH: A simple python tool to get ssh password of a target machine when they connect to the pySSH server
GlobalHookSample: Win32 global hook sample
openrasp-iast: IAST 灰盒扫描工具
BugId: Detect, analyze and uniquely identify crashes in Windows applications
pythonizing_nmap: A detailed guide showing you different ways you can incorporate Python into your workflows around Nmap.
PythonHackingBook1: Python黑客编程之极速入门
Security-Event-Analysis-Automation-Tool: A SOC Analyst's tool to automate the investigation & validation of possible Indicators of Compromise (IOCs) and perform various tasks including Phishing Email Analysis & Brand Monitoring to fasten the incident response.
Cronos-Crypter: Cronos Crypter is an simple example of crypter created for educational purposes.
CVE-2021-38314: Unauthenticated Sensitive Information Disclosure (CVE-2021–38314).
pentestlab: Script to manage and create local pentesting training virtual lab
Lost-NDS-TV: The Lost Nintendo DS Television Output, brought back to life
shania: Scan secrets from Continuous Integration Build Logs
exploit-cve-2017-5715: Spectre exploit
SocialRecon: This is an Open source intelligence tool and used to gather information about social media and it is also used to find whether the user name found in any of the website.It is used to find GPS location of an image and it also checks whether the email is found or not.
hacking-resources: Hacking resources and cheat sheets. References, tools, scripts, tutorials, and other resources that help offensive and defensive security professionals.
manticore: Symbolic execution tool
SVE-2016-7930: Proof-of-Concept for SVE-2016-7930 : multiple buffer overflows in Samsung Galaxy bootloader
wildpwn: unix wildcard attacks
SmsReader: Android Sms Reader
Raccoon: A high performance offensive security tool for reconnaissance and vulnerability scanning
anyelevate: x64 Windows privilege elevation using anycall
zinc: ZincSearch. A lightweight alternative to elasticsearch that requires minimal resources, written in Go.
svg2raster-cheatsheet: A cheatsheet for exploiting server-side SVG rasterization.
teensy-slcan: Teensy slcan sketch for arduino IDE can be used on teensy 3.2, 3.5, 3.6, 4.0 & 4.1 for can2.0b
SemanticCrashBucketing: Semantic Crash Bucketing
packj: The vetting tool 🚀 behind our large-scale security analysis platform to detect malicious/risky open-source packages
smbd-cpuminer-infection-fix: A Samba exploit turned Linux into a goldmine. Those infected by the malware would have their systems mining cryptocurrency 24/7, causing their cpu to maintain a 100% usage. My droplet was infected, these were the steps to remove the infection.
nm_objdump: A personal implementation of GNU shell commands: nm and objdump
blooket-hack: The original Blooket hack!
sdwan-infiltrator: 🔮 NSE script to automatically discover SD-WAN nodes
horusec: Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.
padre: Blazing fast, advanced Padding Oracle exploit
Yalu-Jailbreak-iOS-10.2: My own fork of (Beta) Yalu Jailbreak for iOS 10.0 to 10.2 by @kpwn and @marcograss with custom UI and other features.
py_webauthn: Pythonic WebAuthn
Awesome-Redteam: 一个红队知识仓库
InfGather: Information Gathering Scripts for Vulnerability Assessment
endpointdiff: Wrapper around LinkFinder to quickly determine whether endpoints have been added/removed to JavaScript files.
moonwalk: Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.
oss-backend: 仿写阿里云OSS,分布式对象存储OSS后端,支持 java sdk 授权访问,存储空间授权其他账户访问;技术栈:spring sercurity,mybatis, RS纠错冗余,Redis分布式锁;适用于一些严格要求内网部署的存储服务,如政府部门一些内部资料存储,同样可用于内部项目的文件存储相关的服务分离,支持sdk签发token直接与oss交互;
azweb_decrypt: Paywall Issue: The provider leaks sensitive data like password, IV and salt which are used for encryption and can be used to decrypt the articles.
RedTeam_Bypass-Detections: Collections of way to evade normal detection events.
file-identifier: A simple CLI Tool scripted in Python to check for File types based on MIME types and then comparing them with the extensions.
SoulTaker-Multitool: SoulTaker is a Open-Source MultiTool written by myself, contains a lot of things such as a phone spoofer, ip lookup, dox tool etc.
Web-Security-Learning: Web-Security-Learning
Life-Hacks: Few tools and cheat sheets, maybe useful for penetration testers and hackers while solving CTFs.
Cov-ComSec.github.io: The official site for Coventry's Ethical Hacking Computer Security Society (ComSec), find our latest presentations, videos & announcements!
websy: Keep track of changes in website with WEBSY
is_my_password_pwned: How often does your password appear in the Pwned Passwords database? Uses the k-anonymity API.
Router-hacker-Exploit-and-extract-user-and-password-: This is a python wifi (router) hacker , having ability to search for mikrotic devices around you and get their address then extract their user and password
kubescape: Kubescape is a K8s open-source tool providing a multi-cloud K8s single pane of glass, including risk analysis, security compliance, RBAC visualizer and image vulnerabilities scanning.
dref: DNS Rebinding Exploitation Framework
Encrypted_Traffic_Classification: using deep learning to classify the encrypted network traffic
zap2docker-auth-weekly: Zap baseline scanner in Docker with authentication
certspotter: Certificate Transparency Log Monitor
dnsmon-go: A golang DNS monitor inspired by https://github.com/gamelinux/passivedns
cybersec-writeups: That's a repo where I'll upload writeups for different topics related to cybersecurity.
CVE-2018-19131: Proof-of-Concept exploit of CVE-2018-19131: Squid Proxy XSS via X.509 Certificate
HackInBo: Official Collection of Slides and Programs of HackInBo
Dorkscan-Project: A new, better approach at dork scanning
linkedin-employee-scraper: Extract all employees from LinkedIn. Especially useful for companies with thousands of employees.
MikrotikSploit: MikrotikSploit is a script that searches for and exploits Mikrotik network vulnerabilities
Kh0p3sh: 🔒 Python tool for vulnerability assessment and persistence.
diffy: Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.
csn09112: CSN09112 Module
CVE-2019-9810: Exploit for CVE-2019-9810 Firefox on Windows 64-bit.
awesome-reference: Reference list of useful links to learn about programming, networking, hacking, cybersecurity, ctf, bounty bug write-up, and more
sunlogin-exp-gui: GUI版向日葵RCE漏洞利用工具 / GUI version of sunlogin exploit tool
cargo-crev: A cryptographically verifiable code review system for the cargo (Rust) package manager.
API-SecurityEmpire: API Security Project aims to present unique attack & defense methods in API Security field
PandwaRF: PandwaRF: RF analysis tool with a sub-1 GHz wireless transceiver controlled by a smartphone or
csp-builder: Build Content-Security-Policy headers from a JSON file (or build them programmatically)
CryptDown: client-side AES-encrypted Markdown pastebin clone
nothing-private: Do you think you are safe using private browsing or incognito mode?. 😄 👿 This will prove that you're wrong.
2fa.day: It's World 2FA Day on 2 FebuAry!
31-days-of-API-Security-Tips: This challenge is Inon Shkedy's 31 days API Security Tips.
win10pro: Active " Windows 10 Professional " with our Activation Script for Free
PHP-Auth: Authentication for PHP. Simple, lightweight and secure.
kalimux: Install And Use Kali Linux With Gui In Termux
PasswordPusher: 🔐 A dead-simple application to securely communicate passwords over the web. Passwords automatically expire after a certain number of views and/or time has passed.
Shellcode-Minidumpwritedump: Shellcode for creating a minidump file of the lsass.exe process.
test-your-sysadmin-skills: A collection of Linux Sysadmin Test Questions and Answers. Test your knowledge and skills in different fields with these Q/A.
Metaforge: An OSINT Metadata analyzing tool that filters through tags and creates reports
cloud-lusat: Cloud Internal Threat Intelligence Feeds, Inventory and Compliance Data Collection
onifw: onifw is a console framework for pentesting
warsend: Apache Tomcat Manager API WAR Shell Upload
DAws: Advanced Web Shell
edb-49263-fixed: Fixed version of the Python script to exploit CVE-2018-19571 and CVE-2018-19585 (GitLab 11.4.7 - Authenticated Remote Code Execution) that is available at https://www.exploit-db.com/exploits/49263 (Python 3.9).
K8CScan: K8Cscan大型内网渗透自定义插件化扫描神器,包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用,程序采用多线程批量扫描大型内网多个IP段C段主机,目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本,支持Cobalt Strike联动
Resources-for-learning: l
awesome-appsec: A curated list of resources for learning about application security
smart-url-fuzzer: Explore URLs of domains fast and efficiently using fuzzing techniques
tag2domain: A mapping project between tags (annotations, labels) and domain names
exposed-password: Validate that a password hasn't been exposed in a data breach.
polichombr: Collaborative malware analysis framework
iot-cves: IoT CVEs as abnormal events to evaluate a real-time host-based IDS. https://doi.org/10.1016/j.future.2022.03.001
exploit-CVE-2016-9920: Roundcube 1.0.0 <= 1.2.2 Remote Code Execution exploit and vulnerable container
i-wish-i-were-at-defcon-25-hack-a-thon: My own "I wish I were at DefCon 25" Hack-a-Thon
nTimetools: Timestomper and Timestamp checker with nanosecond accuracy for NTFS volumes
log4shell4shell: Log4shell - Multi-Toolkit. Find, Fix & Test possible CVE-2021-44228 vulneraries - provides a complete LOG4SHELL test/attack environment on shell
ROP-B1n-3xp: A very less information on what I learnt about ROP for the past days
THOTCON0xB: THOTCON 0xB Adversary Detection Pipelines Talk on 10/8/2021 in Chicago, IL.
sonarqube: SonarQube PHP file example.
evolve_cfengine_freelib: Evolve Thinking's free Cfengine promise library.
karton-yaramatcher: File and analysis artifacts yara matcher for Karton framework
nginx-tuning: NGINX tuning for best performance
ShowSheets: A Simple CLI App to mark all EXCEL sheets visible (i.e. sets "Very Hidden" and "Hidden" to "Visible")
iniscan: A php.ini scanner for best security practices
exploit-CVE-2019-14530: OpenEMR < 5.0.2 - (Authenticated) Path Traversal - Local File Disclosure
Cyder: Cyder is a Honeypot that can imitate any machines Operating System (OS) that is available in the NMAP database
sebsd: SEBSD is an experimental implementation of NSA's FLASK and Type Enforcement technologies, ported from SELinux using the TrustedBSD MAC Framework on FreeBSD 7.0.
fuelcms-rce: Fuel CMS 1.4 - Remote Code Execution
slsa-github-generator: Language-agnostic SLSA provenance generation for Github Actions
Cybernotes: Collection of all My notes and CTF writeups
shellver: Reverse Shell Cheat Sheet TooL
javascript-rat-antivirus-bypass: don't use for bad matters so i blocked already, don't try :D
Penetration_PoC: FROM:@Mr-xn 渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
coreruleset: OWASP ModSecurity Core Rule Set (Official Repository)
LightCosmosRat: A remote administration tool for Windows, written in C#
wsvd-bench: Benchmarking Vulnerability Detection Tools for Web Services
ATutor-Instructor-Backup-Arbitrary-File: ATutor 2.2.4 'Backup' Remote Command Execution (CVE-2019-12170)
BlooketUI: The best Blooket Multitool out there.
OS-CFI: Origin-sensitive Control Flow Integrity (OS-CFI) - USENIX Security 2019
Go_Learning_Repo: This is my Go Learnig Repository for all fellow Go noobs. Focused on InfoSec.
Self-XSS-Finder: Finding XSS with the X-FORWARDED-FOR header
clair-scanner: Docker containers vulnerability scan
pitch: The initial conversation slides and menu of scenarios
DotUrl: .url | Open source URL vulnerability scanner with integrated Proxyscraper
detectron2-dormalarm: I use detectron2 to demonstrate a computer vision powered dorm room security system that leverages transfer learning.
Osintgram: Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname
inspector-gadget: Inspector-gadget (a.k.a. PSHAPE - Practical Support for Half-Automated Program Exploitation) is an open source tool which assists analysts in exploit development. It discovers gadgets, chains gadgets together, and ensures that side effects such as register dereferences do not crash the program.
XsSCan: XsSCan | Web Application XSS Scanner | Coded By Sir.4m1R [Mr.Hidden]
security-scripts: A collection of security related Python and Bash shell scripts. Analyze hosts on generic security vulnerabilities. Wrapper around popular tools like nmap (portscanner), nikto (webscanner) and testssl.sh (SSL/TLS scanner)
NMapGUI: Advanced Graphical User Interface for NMap
HackingAllTheThings: My documentation and tools for learn ethical hacking.
ratchet: A tool for securing CI/CD workflows with version pinning.
ds3-nrssr-rce: Documentation and proof of concept code for CVE-2022-24125 and CVE-2022-24126.
AboutSecurity: Everything for pentest. | 用于渗透测试的 payload 和 bypass 字典.
api-firewall: Fast and light-weight API proxy firewall for request and response validation by OpenAPI specs.
pyshing: [Phishing Tool]
MDPin: MDPin is a server and a website. It contains an UI to fake a Android login screen to steal their pin code. It works via a web browser, by going into fullscreen.
repo-supervisor: Scan your code for security misconfiguration, search for passwords and secrets. 🔍
SPN-Honeypot: Detect Kerberoasting
BEST-HACKING-TOOLS: BEST HACKING TOOLS..For more tools visit our blog for Hackers
gex112: Segurança e auditoria de sistemas
Sepia: 一款集PoC批量验证和漏洞攻击的渗透测试工具
oval-graph: Understand OVAL results in a blink of an eye
GoFetch: GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.
CVE-2020-10558: Tesla Model 3 Hack DoS Entire Touchscreen Interface CVE-2020-10558
Owlyshield: Owlyshield is an open-source AI-driven behaviour based anti-malware engine written in Rust.
Degate: A modern and open-source cross-platform software for chips reverse engineering.
The-Hackers-Meetup-Application-Security-edition: The Hacker's MeetUp is doing a Monthly Meet-Ups to provide a proper platform for the cyber security researchers as well as security enthusiast people who really inserted to learn something and take exposure of latest trends and issues in cyber security, deep dive into security domain and build a community.
PyStat: Advanced Netstat Using Python For Windows
naive-hashcat: Crack password hashes without the fuss 🐈
nfstream: NFStream: a Flexible Network Data Analysis Framework.
Bludit-auth-BF-bypass: Bludit <= 3.9.2 - Authentication Bruteforce Mitigation Bypass
anti-quack: Anti Bad USB Shell Script
ras-fuzzer: RAS(RAndom Subdomain) Fuzzer
Python-random-module-cracker: Predict python's random module generated values.
SeshWebsite: The website for Sheffield Ethical Student Hackers society
XSScope: XSScope is one of the most powerful and advanced GUI Framework for Modern Browser exploitation via XSS.
hbhc: HBHC is a tool writeen in Python3 for Cracking the hashes in speed, it's small and handy tools required only 2 arguments. 🏡 🍪 🔑 🔨
Ridogram: Ridogram is an advanced multi-featured Telegram UserBot.
CVE-2018-15499: PoC code for CVE-2018-15499 (exploit race condition for BSoD)
XXE_Payload_List: XML External Entity Vulnerability Payload List
misp-compliance: Legal, procedural and policies document templates for operating MISP and information sharing communities
Website_Vulnerbility_Checker: This tools helps developers to check for xss and SQL injection vulnerability in websites
MSF-Webkit-10.3: A metasploit module for webkit exploits and PoC's targeting devices running iOS 10+
syswall: Work in progress firewall for Linux syscalls, written in Rust
awesome-nodejs-security: Awesome Node.js Security resources
Otomasyon_Video_2_Selenium: Selenium - Python ile Web Arayüz Otomasyonu (API ve SOAR olmayan bir ortamda), Örnek Senaryo, Firewall'dan Endpoint'e Otomatik Kural Yazma
Phishing-Websites-Detection: Experiments to detect phishing websites using neural networks
awesome-ics-writeups: Collection of writeups on ICS/SCADA security.
Shiro_exploit: Apache Shiro 反序列化漏洞检测与利用工具
Python-Shellcode-Buffer-Overflow: Shellcode / Buffer Overflow 💣
NERD: Network Entity Reputation Database
nessus-file-reader: CLI tool and python module which enables you to parse nessus scan files from Nessus and Tenable.SC by (C) Tenable, Inc.
malware-ioc: This repository contains indicators of compromise (IOCs) of our various investigations.
PayloadSiteForPenTesters: This is a site I made for easily hosting tools and payload over apache2 on Kali Linux so they are always ready to go. These are a collection of tools that can be downloaded with a site that is browsable for GUI situations.
pyiocutils: A collection of Python utilities for use in scripts related to working with "indicators of compromise" (IOCs).
extractTVpasswords: tool to extract passwords from TeamViewer memory using Frida
attack-stix-data: STIX data representing MITRE ATT&CK
meltdown-c: Fork of saneki repository which is a port of Kao's delphi tool in C.
onelinepy: Python Obfuscator to generate One-Liners and FUD Payloads.
zauth: 2FA (Two-Factor Authentication) application for CLI terminal with support to import/export andOTP files.
Ecommerce-Website-Security-CheckList: List of considerations for commerce site auditing and security teams. This is summary of action points and areas that need to be built into the Techinical Specific Document, or will be checked in the Security testing phases.
h-encore-2: Fully chained kernel exploit for the PS Vita on firmwares 3.65-3.74
openvas-docker: A Docker container for Openvas
Safiler: Safari local file reader
Malicious-URL-Detection: Malicious URL Detection using classical machine learning and deep learning
TMOHS1-Root-Utility: An interactive python script that enables root access on the T-Mobile (Wingtech) TMOHS1, as well as providing several useful utilites to change the configuration of the device.
process_injector
CloudPeler: CrimeFlare is a useful tool for bypassing websites protected by CloudFlare WAF, with this tool you can easily see the real IP of websites that have been protected by CloudFlare. The resulting information is certainly very useful for conducting further penetration testing, and analyzing websites with the same server.
Instagram-h4cknew: How To Hacking Instagram ? Tutorial In Down 😷😎 Follow Me
CVE-2022-30781: 🍵 Gitea repository migration remote command execution exploit.
netpwn: Tool made to automate tasks of pentesting.
UAC_Exploit: Escalate as Administrator bypassing the UAC affecting administrator accounts only.
xpid: Linux Process Discovery. C Library, Go bindings, Runtime.
Blockchain_for_user_auth: It is a project with an idea o using block chain for user authentication in various scenarios
webanalyze: Port of Wappalyzer (uncovers technologies used on websites) to automate mass scanning.
dictionary-attack: Bir hedef web sitesi veya ip adresine giriş için sözlük saldırısı yapan bir script.
graph-onelogin: A graph conversion tool for https://www.onelogin.com
Umbraco-RCE: Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution
Awesome-Baseband: Awesome list for baseband modem resources.
vaf: Vaf is a cross-platform very advanced and fast web fuzzer written in nim
CRAXplusplus: The exploit generator CRAX++ is CRAX with x86_64 ROP techniques, s2e 2.0 upgrade, code selection, I/O states, dynamic ROP, and more!
red_team_attack_lab: Red Team Attack Lab for TTP testing & research
CVE-2017-8759: Simple C# implementation of CVE-2017-8759
lapPI: A low-coast Laptop project based on Raspberry Pi Zero W.
gef-legacy: Legacy version of GEF running for GDB+Python2
lavymaria.github.io
arm_exploit
casper-fs: Casper-fs is a Custom Hidden Linux Kernel Module generator. Each module works in the file system to protect and hide secret files.
mitrecnd.github.io: MITRE Shield website
envkey-ruby: EnvKey's official Ruby client library
sniff-probes: Plug-and-play bash script for sniffing 802.11 probes requests 👃
domfind: A Python DNS crawler to find identical domain names under different TLDs.
OllyDbg-Scripts: Unpacking scripts for Ollydbg.
swap_digger: swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.
OSweep: Don't Just Search OSINT. Sweep It.
maalik: Feature-rich Post Exploitation Framework with Network Pivoting capabilities.
CVE-2022-0337-PoC-Google-Chrome-Microsoft-Edge-Opera: 🎩 🤟🏻 [P1-$10,000] Google Chrome, Microsoft Edge and Opera - vulnerability reported by Maciej Pulikowski - System environment variables leak - CVE-2022-0337
CVE-2018-19788: Ansible role to check the vulnerability tracked as CVE-2018-19788, impacts PolicyKit version 0.115 which comes pre-installed on a wide range of Linux distributions
OpenVehicleDiag: A rust based cross-platform ECU diagnostics and car hacking application, utilizing the passthru protocol
Recon-X: Advanced Reconnaissance tool to enumerate attacking surface of the target.
fingerlib: HTTP Fingerprint generation library in C++
CVE-2018-20343: PoC for CVE-2018-20343
DefaultCreds-cheat-sheet: One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
rajappan: An All in one Project for Digital Privacy. A step towards a PRIVATE FUTURE
cve-2019-11447: CutePHP Cute News 2.1.2 RCE PoC
BetterBackdoor: A backdoor with a multitude of features.
awesome-ddos-tools: Collection of several DDos tools.
squatm3: Squatm3 is a python tool designed to enumerate available domains generated modifying the original domain name through different techniques
clair-openshift: Openshift template for Clair (Docker vulnerability Scanner)
IoT-PT: A Virtual environment for Pentesting IoT Devices
gh-dork: Github dorking tool
CVE-2018-18852: CERIO RCE CVE-2018-18852, authenticated (vendor defaults) web-based RCE as root user.
log4j_mass_scanner: Automated scan thousands hosts in your Active Directory domain in minutes, for Log4j vulnerabilities with multithreading mass scanner and detailed report.
CVE-2018-15961: Unrestricted file upload in Adobe ColdFusion
insiders: Archive of Potential Insider Threats
CTFd: CTFs as you need them
iamzero: Identity & Access Management simplified and secure.
leaky_diode: Leaky diode is a data exfiltration test tool for data diodes.
phishalytics: Measurement system I built during my PhD to collect and analyse large-scale datasets; including phishing and malware attacks on Twitter, blacklist characterisation, and phishing detection capabilities of web browsers.
honeycomb_plugins: The plugin repository for Honeycomb, the honeypot framework by Cymmetria
FlipKart-Grid-Information-Security: Flipkart Grid 4.0 Submission for Information Security Challenge
CiscoRV320Dump: CVE-2019-1652 /CVE-2019-1653 Exploits For Dumping Cisco RV320 Configurations & Debugging Data AND Remote Root Exploit!
notruler: The opposite of Ruler, provides blue teams with the ability to detect Ruler usage against Exchange.
remediar: Remediar is an issue and vulnerability tracker framework
CVE-2020-27976: osCommerce Phoenix CE <=1.0.5.4 Authenticated RCE
eslint-plugin-no-secrets: An eslint plugin to find strings that might be secrets/credentials
OSCP-Cheat-Sheet: This is my OSCP cheat sheet made by combining a lot of different resources online with a little bit of tweaking. I used this cheat sheet during my exam (Fri, 13 Sep 2019) and during the labs. I can proudly say it helped me pass so I hope it can help you as well ! Good Luck and Try Harder
security-bugtracker: Run security test tools and track bugs easily
dnsmap: Scan for subdomains using bruteforcing techniques
zombie-system-demo: A simple setup that demonstrates concept of zombie computer and using it for dos.
SocialPwned: SocialPwned is an OSINT tool that allows to get the emails, from a target, published in social networks such as Instagram, Linkedin and Twitter to find possible credentials leaks in PwnDB or Dehashed and obtain Google account information via GHunt.
gnuradio: GNU Radio – the Free and Open Software Radio Ecosystem
awesome-rails-security: A curated list of security resources for a Ruby on Rails application
libdiffuzz: Custom memory allocator that helps discover reads from uninitialized memory
killshot: A Penetration Testing Framework, Information gathering tool & Website Vulnerability Scanner
AVMP: A collection of tools for managing and automating vulnerability management.
execution-trace-viewer: Tool for viewing and analyzing execution traces
Cyber-Playbook: Playbooks are used by cybersecurity professionals to store or encapsulate knowledge on cybersecurity topics and tactics. I will use these again and again in the field to deal with situations as they arise. The idea is that I don’t want to wait until a challenging situation arises to have a plan; I want to already have potential mitigation strategies in my playbook that can help kickstart my process toward finding solutions.
canary: Canary: Input Detection and Response
rotacsufbo: did u know the name of the repo is obfuscator backwards?
BCA-Phantom: A multi-platform HTTP(S) Reverse Shell Server and Client in Python 3
Return-into-libc: Attaque informatique par un dépassement de tampon dans lequel l'adresse de retour dans la pile est remplacée par l'adresse d'une autre fonction et une seconde partie de la pile est modifiée pour fournir les paramètres à cette fonction.
goMS17-010: Simple program for detecting if host(s) are vulnerable to SMB exploit(MS17-010)
security-txt: A proposed standard that allows websites to define security policies.
loopback4-ratelimiter: A rate limiting extension for loopback4 applications
Quasar: Remote Administration Tool for Windows
CVE-2019-1476: AppXSvc Arbitrary File Overwrite DoS
My_Secured_Memo: An android application that allows you to secure your notes with the highest level of security ,i.e., Fingerprint. Only the people with their fingerprints in the system can access, edit, delete or share the notes. It has dark theme as well!
linux-kernel-exploits: linux-kernel-exploits Linux平台提权漏洞集合
QuadCore-Web-SQLi-Injecter-DB-Dumper: WEB SQLi Injection DB Dumper DATA Hacking Tool
cve-2019-1003000-jenkins-rce-poc: Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)
android-zoo: A collection of proof of concepts of android malwares. For educational purposes only.
CVE-2021-31166-Exploit: Exploit for MS Http Protocol Stack RCE vulnerability (CVE-2021-31166)
InfosecHouse: Infosec resource center for offensive and defensive security operations.
gsvsoc_mission-model: Incident Response Report Using GitHub-Sphinx
CVE-2018-16711: PoC code for CVE-2018-16711 (exploit by wrmsr)
m3n0sd0n4ld.github.io: Resource where I will be posting #HTB, #THM, #VulnHub and others, scripts, exploits, personal articles or talks I have participated in security conferences.
client-python: OpenCTI Python Client
aqua-helm: Helm Charts For Installing Aqua Security Components
PivotSuite: Network Pivoting Toolkit
cloudrasp-log4j2: 一个针对防御 log4j2 CVE-2021-44228 漏洞的 RASP 工具。 A Runtime Application Self-Protection module specifically designed for log4j2 RCE (CVE-2021-44228) defense.
RedTeamTools: 记录自己编写、修改的部分工具
subzy: Subdomain takeover vulnerability checker
torDDoS: Automate tool DDoS Attack over Tor Network
otax: "Otax", a popularized shitty discord zero-day exploit. A bullshit writeup on it was released by a larper called HellSec.
tempesta: All-in-one solution for high performance web content delivery and advanced protection against DDoS and web attacks
Threat-Hunting-and-Detection: Repository for threat hunting and detection queries, tools, etc.
cameradar: Cameradar hacks its way into RTSP videosurveillance cameras
cfltools: A logfile analysis tool for cyberforensics investigators.
ruby-ann-webattack-filtering: A project to filter SQL Injection and XSS attacks using ANN -- in Ruby
AFL_DataSets: A work in progress repository for curated and created AFL-enabled fuzzing datasets for various programs, protocols, and file formats.
vuldash: Vulnerability Dashboard
LinuxPatchChecker: 🐧🎛️ Can be used for anything really though! Don't be evil! Pure python, OS-agnostic.
CounterAttack: Destroy account scammers with this one neat trick! This Python Script will help you shut down phishermen with ease.
DoubleStar: A personalized/enhanced re-creation of the Darkhotel "Double Star" APT exploit chain with a focus on Windows 8.1 and mixed with some of my own techniques
recaptcha: CakePHP 3 reCaptcha Plugin
hackingtool: ALL IN ONE Hacking Tool For Hackers
OPCDE: OPCDE Cybersecurity Conference Materials
SolarPuttyDecrypt: A post-exploitation tool to decrypt SolarPutty's sessions files
hakrawler: Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application
Set-UID-Vuln: Set-UID is an important security mechanism in Unix operating systems. When a Set-UID program is run, it assumes the owner’s privileges. For example, if the program’s owner is root, then when anyone runs this program, the program gains the root’s privileges during its execution. Set-UID allows us to do many interesting things, but unfortunately, it is also the culprit of many bad things. Therefore, the objective of this lab is two-fold: (1) Appreciate its good side: understand why Set-UID is needed and how it is implemented. (2) Be aware of its bad side: understand its potential security problems.
nowsecure-action: The NowSecure Action delivers fast, accurate, automated security analysis of iOS and Android apps coded in any language
LanguageBackdoors: Compiler exploits and exploitable non-obvious source code back doors.
httprecon-nse: Advanced web server fingerprinting for Nmap
wordlist-generator: Generate customised wordlist for penetration testing practice (e.g. brute force attack, dictionary attack, etc.).
RDDoS_Tool: 🔫 Red DDoS Tool is -THE BEST- tool for DDoS attacks.
Vulnerous: A vulnerability and network analysis tool with many additional features!
cybersecurity-exploit-development: An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Exploit Development.
scirius: Scirius is a web application for Suricata ruleset management and threat hunting.
kicks3: S3 bucket finder from html,js and bucket misconfiguration testing tool
SecCrawler: 一个方便安全研究人员获取每日安全日报的爬虫和推送程序,目前爬取范围包括先知社区、安全客、Seebug Paper、跳跳糖、奇安信攻防社区、棱角社区以及绿盟、腾讯玄武、天融信、360等实验室博客,持续更新中。
goaltdns: A permutation generation tool written in golang
awesome-checker-services: ✅ List of links to the various checkers out there on the web for sites, domains, security etc.
macos-scripts: Various scripts for macOS tasks
Awesome-hacking-tools: 收集网上好用、实用的红蓝对抗武器。从资产扫描、泄漏扫描、信息收集、漏洞扫描、SRC批量挖掘、内网渗透、应急响应等等工具。 大部分我都用过、部分会写上自己的感想与建议,希望对你有帮助
tutsplus-android-o-sms-token: My Tuts+ tutorial about using Android O's SMS Token
Open-Source-Lua-Wrapper: Free open-source Lua wrapper for ROBLOX
weird_proxies: Reverse proxies cheatsheet
data_obfuscation: Data Obfuscation for C/C++ Code Based on Residue Number Coding (RNC)
CVE-2018-16713: PoC code for CVE-2018-16713 (exploit by rdmsr)
Librefox: Librefox: Firefox with privacy enhancements
mqtts: MQTT安全测试工具 (MQTT Security Tools)
VolumEraser: Securely erases all data from a disk (USB Drive, SD Card etc.) based on the U.S. Department of Defense's standard 'National Industrial Security Program Operating Manual' (US DoD 5220.22-M ECE)
windows-kernel-exploits: windows-kernel-exploits Windows平台提权漏洞集合
netsec-ps-scripts: Collection of PowerShell network security scripts for system administrators.
Hacking-Tools-Pack: Trojan Rat Builder(310), Ransomware Builder(17), Crypter(72), Miner(9), Worm(8), Botnet(25), Virus Builder(9), Binder(25), Exploit(7), Keylogger & Stealer(40), Proxy Tool(9), Spoofer(11),Fake program & Sample Virus(64),Other & Tools(16). Around 𝟔𝟑𝟎 tools, that you can use for Hacking.
BrokenSMTP: Small python script to look for common vulnerabilities on SMTP server.
vimana-framework: Vimana is an experimental security framework that aims to provide resources for auditing Python web applications.
pyyso: pyyso is a Python package that generate java serialized poc. Including CommonsCollections1-7, JDK7u21, JDK8u20, ldap for jndi, shiro-550, CommonsBeanutils1 no cc, JRMPClient, high version JDK Bypass, Fake MySQL for JDBC attack
awesome-ethereum-security: A curated list of awesome Ethereum security references
cmd32: Fork of https://github.com/klinix5/InstallerFileTakeOver
antisamy: a library for performing fast, configurable cleansing of HTML coming from untrusted sources
Burp-Addons: Burp-Addons : Some of Burp Addons I use ( Mindak ak fahem )
articles-translator: 📚Translate the distinct technical blogs. Please star or watch. Welcome to join me.
IoT-vulhub: IoT固件漏洞复现环境
krackattack-all-zero-tk-key: This code has base on a code made by Mathy Vanhoef (https://github.com/vanhoefm/krackattacks-poc-zerokey). Please, take a look on README.md. Enjoy!
xforwardy: Host Header Injection Scanner
Privilege-Escalation-For-Linux: Bypass security restrictions in misconfigured systems.
PowerExfil: A collection of data exfiltration scripts for Red Team assessments.
vsftpd-2.3.4-vulnerable: This repo spins up vulnerable vsftpd-2.3.4 containers that can be used in security courses
Autoban: Det i har ventet på ;) | autobanner via mysql.
MicroservicesSecurity: Udacity Cloud Native Architect Nanodegree project 4
ropoly: ROP-Tool HTTP Server
nvtscript: the openVAS converted script for nvtengine
chepy: Chepy is a python lib/cli equivalent of the awesome CyberChef tool.
hackercouch: Hospitality for Hackers
Pwnagotchi-Addon-Scripts: These are my Scripts i use regulary for my Pwnagotchi and or other CyberSec related stuff.
Zeus-Scanner: Advanced reconnaissance utility
awesome-executable-packing: A curated list of awesome resources related to executable packing
Cluri7: penetration testing and security assessment
vUte: VeraCrypt Bruteforcer
jenkins-shell: Automating Jenkins Hacking using Shodan API
Steal-Not-Safe: Stealing a computer won't be as easy as it used to be, as long as you have Python and an internet connection.
nginx-ultimate-bad-bot-blocker: Nginx Block Bad Bots, Spam Referrer Blocker, Vulnerability Scanners, User-Agents, Malware, Adware, Ransomware, Malicious Sites, with anti-DDOS, Wordpress Theme Detector Blocking and Fail2Ban Jail for Repeat Offenders
ApplicationInspector: A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.
PAKURI-THON: PAKURI-THON is a tool that supports pentesters with various pentesting tools and C4 server (command & control and chat & communication server). PAKURI-THON can perform most of the operations with intuitive web operations and commands to chatbots.
CVE-2020-1034: PoC demonstrating the use of cve-2020-1034 for privilege escalation
poro: Scan publicly accessible assets on your AWS cloud environment
articulos: Artículos relacionados a la Ciberseguridad y Hacking.
PacketMagician: Linux tool written in C++ for creating and sending fully customizable TCP, UDP or ICMP packets with payloads.
exitmap: A fast and modular scanner for Tor exit relays. The canonical repository (including issue tracker) is at https://gitlab.torproject.org/tpo/network-health/exitmap
empty-argv-segfault-check: Test if an executable segfaults when started with an empty argv. The script may be used as a vulnerability-scanner to find setuid executables having buggy code (but it will probably not find any direct security vulnerabilities).
ASKT-AutoScriptKiddiesTool-
asvs-checklist: OWASP Application Security Verification Standard 4.0 Checklist
MalwareDatabase: One of the few malware collection
tarian: Protect your Cloud Native Applications running on Kubernetes from malicious attacks with pre-registered source code, pre-registered runtime processes monitoring, automated actions based on configure-actions, analytics, alerting and also sharing detections with community. Maybe save from Ransomware. Shift-Left your threat detection. Shift Right threat elimination.
TCPOptionsDataExfil: Experimental scripts using Python 3.x and Scapy to transmit data to closed (or open) ports between hosts using only TCP Options
CVE-2018-18714: PoC Code for CVE-2018-18714 (exploit by stack overflow)
kalitorify: Transparent proxy through Tor for Kali Linux OS
lobster-pot: Scans every git push to your Github organisations to find unwanted secrets.
CITM: Battle Cats MITM Mailbox Hack [PATCHED]
AdvBox: Advbox is a toolbox to generate adversarial examples that fool neural networks in PaddlePaddle、PyTorch、Caffe2、MxNet、Keras、TensorFlow and Advbox can benchmark the robustness of machine learning models. Advbox give a command line tool to generate adversarial examples with Zero-Coding.
arbimz: 🔥 Arbimz is a python tool created to exploit the vulnerability on Zimbra assigned as CVE-2019-9670.
Vulnerability-Wiki: 本项目用于搜集常见漏洞EXP/POC等,注意:本项目并不刻意搜集 POC 或 EXP,包含但不限于漏洞资讯、漏洞复现、漏洞分析、漏洞验证、漏洞利用
external-protocol-flooding: Scheme flooding vulnerability: how it works and why it is a threat to anonymous browsing
gitGraber: gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
instahack: instahack is a bash & python based script which is officially made to test password strength of Instagram account from termux and kali with bruteforce attack and. it based on tor This tool works on both rooted Android device and Non-rooted Android device. Best Tool For Instagram Bruteforce hacking Tool By Waseem Akram. Made in Bash & python. This is an official repository of instahack
gzip: Optimize any Joomla website and/or turn it into a Progressive Web Application
BTCPriceFeed: Secure Bitcoin price feed based on TLS-N proofs.
My-Reports: Here I'll share my pentest's reports. Html or Pdf or just txt files;
x41-smartcard-fuzzing: X41 Smartcard Fuzzer
Moodle-webshell-plugin: A webshell plugin and interactive shell for pentesting a Moodle instance.
SADA: SADA Webapplication Scanner
log4py: pythonic pure python RCE exploit for CVE-2021-44228 log4shell
Infosec_Reference: An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
Gr3eNoX: Advanced Vulnerability Scanner Tool
go-cves: 收录go语言编写的项目、框架和组件出现的cve,或者一些相关的利用方式的文章
vulniq-security-scanner: VulnIQ Security Scanner, Terzi
log4scan: A simple automatic tool for finding vulnerable log4j hosts
OpenNetAdmin18.1.1RCE: OpenNetAdmin 18.1.1 - Exploit - Remote Code Execution (RCE)
phishytics-machine-learning-for-phishing: Machine Learning for Phishing Website Detection
kindle-5.6.5-jailbreak: Kindle 5.6.5 exploitation tools.
Python-Keylogger: Python Tutorial - || Advanced Keylogger || Code Walk-through || Hacking/Info-Sec ||
mutillidae-docker: OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security enthusiasts.
NewCode: New code, es un grupo especial, formado con la intención de profundizar en diferentes áreas de la programación, y el ethical hacking.
gitls: 🖇 Enumerate git repository URL from list of URL / User / Org. Friendly to pipeline
lowendinsight: LowEndInsight is a simple "bus-factor" risk analysis library for Open Source Software that is managed within a Git repository. Provide the git URL and the library will respond with a basic Elixir Map structure report. Critical feedback is always appreciated. Demo at https://lowendinsight.dev
BitCoinAccountsBlanceChecker: the project generates a csv file with private and public keys with it corresponding current balance from the main bitcoin blockchain.
malsub: A Python RESTful API framework for online malware analysis and threat intelligence services.
Packer-Fuzzer: Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.
dDumper: dDumper is a Drupal Vulnerability Scanner & an Auto Exploiter.
Saker: Flexible Penetrate Testing Auxiliary Suite
Zimbra-RCE: Zimbra RCE PoC - CVE-2019-9670 XXE/SSRF
github-cve-monitor: Github action for monitoring CVE
cybersecurity-application-security: An ongoing & curated collection of awesome software practices and remediation, libraries and frameworks,payloads and techniques, best guidelines and technical resources about Application Security
SimpleVirusWriting: An example of basic virus writing in C
GraphQLIntrospectionScanner: It is obvious... A GraphQL Introspection Query Scanner. If it returns code 200 with the queries, it means the server has improper access control.
rootstealer: X11 trick to inject commands on root terminal.
PassLock: Aplikacija omogućuje korisniku upis željene lozinke te njeno generiranje i spremanje u hashiranom formatu.
exploit-me: Please, exploit me!
hydrafw: HydraFW official firmware for HydraBus/HydraNFC for researcher, hackers, students, embedded software developers or anyone interested in debugging/hacking/developing/penetration testing
hackerEnv
007-TheBond: This Script will help you to gather information about your victim or friend.
grapheneX: Automated System Hardening Framework
autoshell: AutoSHELL es un script para generar reverse shell, bind shell o meterpreter shell de forma automática indicando solo la dirección IP a utilizar y el puerto de escucha. También genera el código codificado en base64 o urlencode, indica la forma más óptima de poner el puerto en escucha así como tratar la TTY para que funcione correctamente
ASM-Experiments: Experiments with ASM Shellcodes in C++
grepaddr: Use grepaddr to extract (grep) different kinds of addresses from stdin like URLs (incl. IPv4 & IPv6), IP addresses & ranges (IPv4 & IPv6), e-mail addresses, MAC addresses.
wire-ios: 📱 Wire for iOS (iPhone and iPad)
go-sarif: Go library for sarif - Static Analysis Results Interchange Format
ghostunnel: A simple SSL/TLS proxy with mutual authentication for securing non-TLS services
CTF-Script-And-Template-Thrift-Shop: [180+ scripts] There are a few genuine gems in there. And a lot of spaghetti code. Most of these scripts were for solving CTF's. If you googles something for a CTF and landed here look at the scripts they're all fairly malleable. Sorry for the shitty naming conventions (not really). If you are a recruiter stop. I wont be able to rewrite half this shit in a formal interview ¯_(ツ)_/¯
repokid: AWS Least Privilege for Distributed, High-Velocity Deployment
RaspberryPi-Packet-Sniffer: An HTTP and HTTPS sniffing tool created using a Raspberry Pi
vote-buster: Capcha+Email confirmation bypass script
Taipan: Web application vulnerability scanner
getJS: A tool to fastly get all javascript sources/files
Ransome-killer: This is the project on ransomeware detection using machine learning.
BoomER: Framework for exploiting local vulnerabilities
Qu1cksc0pe: All-in-One malware analysis tool.
HINTS: Human Intelligence Narrowing Tool Set - An OSINT questionnaire and research structure meant to assist in organizing findings on high-level targets (Whales) scoped by clients.
BDeath: The black death backdoor/rootkits
requests-ip-rotator: A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.
prototipo-arq-mononitoramento: Cybersecurity monitoring architecture for industrial systems
SSLRelay-lib: An SSL relay library for writing applications that continuously intercept network traffic and R/W before sending it upstream or downstream.
celerystalk: An asynchronous enumeration & vulnerability scanner. Run all the tools on all the hosts.
SpyGen: Trojan 🐍 (keylogger, take screenshots, open your webcam) 🔓
DInvoke_rs: Dynamically invoke arbitrary unmanaged code.
trivy-restapi: A REST API server for https://github.com/knqyf263/trivy
trollmail-detector: A throwaway e-mail detection API.
local-exploits: Various local exploits
gradejs: GradeJS analyzes production Webpack bundles without having access to the source code of a website. Instantly see vulnerabilities, outdated packages, and more just by entering a web application URL.
dvs: Dangerous Vulnerabilities Scanner
python-deserialization-attack-payload-generator: Peas create serialized payload for deserialization RCE attack on python driven applications where pickle ,pyYAML, ruamel.yaml or jsonpickle module is used for deserialization of serialized data. I will update it with more attack vectors to targets other modules.
how2root: a collection of public root slides & WPs....
Invoke-WinSATBypass: Powershell UAC Bypass script leveraging WinSAT.exe
PhishingKitTracker: Let's track phishing kits to give to research community raw material to study !
cryptocat: Secure chat software for your computer.
crocodilehunter: Taking one back for Steve Irwin (๑•̀ㅂ•́)و
FYP-Fuck-You-Phisher: I really hate phishing. With this tool you can send multiple fake emails and password to phishers. It executes HTTP POST requests on the web page you are supposed to enter your real credentials.
smogcloud: Find cloud assets that no one wants exposed 🔎 ☁️
pentest-pivoting: A compact guide to network pivoting for penetration testings / CTF challenges.
Xavier-Portfolio: A student leader, A self-motivated Information Technology Student-Athlete with excellent time management, oral, and written communication skills. Passionate cybersecurity enthusiast looking to learn the ins and outs of data security, protection, detection, and prevention. Projects based on my interest in the IT world. The contact information listed below here for feedback and more.
h8mail: Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email
clair-cicd: Making CoreOS' Clair easily work in CI/CD pipelines
blackhat-python: Black Hat Python workshop for Disobey 2019
Trapdoor: Serverless honeytoken 🕵🏻♂️
ctf-collab: Collaborative programming environment inside GitHub Actions – like Google Docs for hacking
Exploit-Development-Tools: A bunch of my exploit development helper tools, collected in one place.
monkeyshine: A collection of slightly evil JavaScript
symrepl: Symbol REPL
ShoScan: Shodan Port Scanner
SwiftGCM: An implementation of Galois/Counter Mode for Swift 4.0.
PyTools: PyScanner is a quick and easy port scanning tool used for reconnaissance. A major benefit to using PyScanner is that it significantly faster than some of the other tools out there like NMAP (BUT), if you are looking for more features, NMAP, RustScan, etc, are the tools to use. Although alot of the things that Other tools can do are good, those tools are made more for deeper topics, whereas PyScanner only scans for open & closed ports ports.
simple-security-toolkit: A collection of practical security-focused guides and checklists for smart contract development
harvardx-cs50w-web-programming: CS50's Web Programming with Python and JavaScript
mag-vulnerability-report: MAG Vulnerability Reporter uses Yag Mail to send report
DexHub: script = ye
fail2ban-zmq-tools: A zeromq-based fail2ban clustering solution
ExFreePool-Vulnerability: My research into taking advantage of ExFreePool primitives.
eyeRat: A tool for building remote access trojan.
EvilToken: Digunakan untuk membruteforce atau menebak - nebak token access login orang di Discord. Dibuat dengan alasan tertentu, pastinya :).
data-protection-list: 🔒 Manual of resistance to surveillance capitalism - Based on Valentin Delacour version - https://codeberg.org/PrivacyFirst/PrivacyFirst/issues - Telegram group: - https://t.me/privacid
CVE-2017-5123: PoC CVE-2017-5123 - LPE - Bypassing SMEP/SMAP. No KASLR
chatter: internet monitoring osint telegram bot for windows
EyeJo: EyeJo是一款自动化资产风险评估平台,可以协助甲方安全人员或乙方安全人员对授权的资产中进行排查,快速发现存在的薄弱点和攻击面。
htshells: Self contained htaccess shells and attacks
Zerooo-Exploitation-Framework: 漏洞利用框架
Auto-Recon: Information-Gathering Shell Script
hevd: Public repository for HEVD exploits
HelloSecurity: Hello world This github i created to add about security news,articles, research papers,links ,ebooks ,torrents etc. Just use it for educational purpose only.My aim is to create worlds biggest repository of security material
nutek-core: My own version of Kali Linux, conveniently packaged in Dockerfile
fb-phisher-python: A python server tool based on flask , this tool can phish some Facebook credentials!
Scanners-Box: A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑
awesome-shodan-queries: 🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
tenda-reverse: Reverse engineering, getting root access to Tenda MW6 wifi mesh router
one_gadget: The best tool for finding one gadget RCE in libc.so.6
Coloraimbot-CSharp: A simple Coloraimbot for any Game coded in C# - with additional features
Auditing-Cybersecurity: Cybersecurity framework developed in C, Ansi-style
CVE-2021-41773_CVE-2021-42013: Apache HTTP Server 2.4.49, 2.4.50 - Path Traversal & RCE
CyberPunkNetrunner: Cyberpunk 2077 Netrunner Hacking Tool (Easy to use and install). Don't use it on illegal and malicious activity. Inspired by the game CyberPunk 2077 https://www.cyberpunk.net/
bypass-firewalls-by-DNS-history: Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.
Rapid7-Vulnerability-Management-CloudOne: A Collection of Scripts to Interact with Vulnerability Management Solutions
badssl.com: 🔒 Memorable site for testing clients against bad SSL configs.
linWinPwn: linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks
icgautoexploiter: Visit
TREVORspray: TREVORspray is a modular password sprayer with threading, clever proxying, loot modules, and more!
mac-address-changer: Mac Address Changer written with Python 3.8
pythem: pentest framework
CORScanner: Fast CORS misconfiguration vulnerabilities scanner🍻
MemBi: All the members of bugbounty and infosec. If you don't know who to follow, see!
keepassxc: KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”.
IMAPLoginTester: A simple Python script that reads a text file with lots of e-mails and passwords, and tries to check if those credentials are valid by trying to login on IMAP servers.
Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution-Exploit: This Metasploit module exploits an unauthenticated remote code execution vulnerability which exists in Apache version 2.4.49 (CVE-2021-41773). If files outside of the document root are not protected by ‘require all denied’ and CGI has been explicitly enabled, it can be used to execute arbitrary commands. This vulnerability has been reintroduced in the Apache 2.4.50 fix (CVE-2021-42013).
ja3transport: Impersonating JA3 signatures
grab.js: fast TCP banner grabbing with node.js
spamx: All In 1 Spam Tool For Termux Users Subscribe Us (Noob Hackers) some shit heads are trying to abuse this script so don't worry about them ...let them hallucinate ...but you are free to use this script
MemLabs: Educational, CTF-styled labs for individuals interested in Memory Forensics
awesome-hacking-lists: 平常看到好的渗透hacking工具和多领域效率工具的集合
expdevBadChars: Bad Characters highlighter for exploit development purposes supporting multiple input formats while comparing.
jecretz: Jira Secret Hunter - Helps you find credentials and sensitive contents in Jira tickets
dorker: Better Google Dorking with Dorker.
RTA: Red team Arsenal - An intelligent scanner to detect security vulnerabilities in company's layer 7 assets.
StormKitty: 🔑 Stealer written on C#, logs will be sent to Telegram bot.
androbugs2: AndroBugs Framework is an efficient Android vulnerability scanner that helps developers or security researchers find potential security vulnerabilities in Android applications.
Telegram-Trilateration: Proof of concept for abusing Telegram's "People Near Me" feature and tracking people's location
dustcloud: Xiaomi Smart Home Device Reverse Engineering and Hacking
go-gtfo: gtfo, now with the speed of golang
Webspoilt: This script will you help to find the information about the website and to help in penetrating testing
zvs-script: Zeek Vulnerabilitie Scanner
BMIN_GAN: Deep-fake medical image(X-ray) using GAN
intrigue-core: Discover Your Attack Surface!
zap-scan: This script wrote with Python3 and used OWASP-ZAP APIs
exploit-db-search: Search exploit database
mock-oauth2-server: A scriptable/customizable web server for testing HTTP clients using OAuth2/OpenID Connect or applications with a dependency to a running OAuth2 server (i.e. APIs requiring signed JWTs from a known issuer)
ATT-CK-CN: ATT&CK实操
secure-electron-template: The best way to build Electron apps with security in mind.
MIDA-Multitool: Bash script purposed for system enumeration, vulnerability identification and privilege escalation.
Salty-API-PHP: Blowfish Salts Repository Services API version 3.0.99
Porunga: Aerial platform for Recon, Intelligence and Pentesting. #R-KALI #Porunga
CVE-2019-17240_Bludit-BF-Bypass: Bludit <= 3.9.2 - Authentication Bruteforce Mitigation Bypass Exploit/PoC
docker-wallarm-node: ⚡️ Docker official image for Wallarm Node. API security platform agent.
honeybits: A PoC tool designed to enhance the effectiveness of your traps by spreading breadcrumbs & honeytokens across your systems to lure the attacker toward your honeypots
SentinelAutomationModules: The Microsoft Sentinel Triage AssistanT (STAT) enables easy to create incident triage automation in Microsoft Sentinel
TouDoum-Framework
shARP_2.0: shARP_2.0 is an updated version for shARP with more options for better performance.
CodeAllTheThings: A list of threat sinks used in the manual security source code review for application security
zgrab-mini: Minimal version for https://github.com/zmap/zgrab.
SKA: Simple Karma Attack
Drainer-Crypto-ETH-NFT: ALL ETH + ERC20 TOKENS + ALL NFTS DRAINER
cyberdoor: Automated Payload Generator Tool
Haimgard: Haimgard is an environment for writing, testing and using exploit code.
Slient-Doc-Pdf-Exploit-Builder-Fud-Malware-Cve: Vulnerability Disclosure Timeline Closer inspection of the Exploit PDF content reveals the malicious link as well as the URL Download and Execute of the tool used to generate the Exploit PDF from Python encrypted code content which we also implement in couple of our builders.
Kaminsky-s-DNS-Cache-Poisoning-Attack: My implementation of Kaminsky's DNS cache poisoning attack
moodle-auth_vulnerablepassword: This Moodle plugin attempts to check HIBP's list of exposed passwords. Enabling your learners to be informed if their password has ever been involved in a data breach.
FireFly: 📱ᴘʜᴏɴᴇ ɴᴜᴍʙᴇʀ ʟᴏᴏᴋᴜᴘ📱
MagikIndex: Advanced Keylogger / Info Grabber written in C++.
Pwn-exploits-CTF: Collection of exploits which I created for solving different pwn challenges during CTF's
mytools
flake8-bandit: Automated security testing using bandit and flake8.
HackWifi: El programa esta desarrollado en bat y en powershell su objetivo es extraer las contraseña he información de red que tiene un pc ya sea manualmente o automáticamente Solo las contraseñas guardadas de la pc ,puedes guardar el programa en una USB y ejecutarlo de ahí mismo. o usar diversas técnicas de ingeniería social para poder obtener las claves de tus victimas.. .
mRemoteNG-Decrypt: Python script to decrypt passwords stored by mRemoteNG
Codium-AntiMemoryScan-For-Native-Files-Improve-Runtime: Codium Algorithm Protector ^ Crypter
poc_exploits: 🕳️ Proof of Concept exploits and their descriptions for various products
wesng-wrapper: A bash wrapper script for bitsadmin's wesng.
BruteShark: Network Analysis Tool
CVE-2019-12181: LPE Exploit For CVE-2019-12181 (Serv-U FTP 15.1.6)
owasp-java-fileio: Automatically exported from code.google.com/p/owasp-java-fileio
dockerized-android: A container-based framework to enable the integration of mobile components in security training platforms
gh-actions-secure-pipeline-java-demo: Sample Secure Pipeline with GithHub Actions - Ideal for Open Source Projects
PSFuzz: Proviesec Fuzz Scanner - dir/path web scanner
TheFatRat: Thefatrat a massive exploiting tool : Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and etc . This tool compiles a malware with popular payload and then the compiled malware can be execute on windows, android, mac . The malware that created with this tool also have an ability to bypass most AV software protection .
adbsploit: A python based tool for exploiting and managing Android devices via ADB
Google-Forms-Spam: MultiThreaded spammer, 100% working | Consumes Data because of too high speed | You can decrease speed but I don't think that's what we want :)
Safe-Compiler: Bash Script to run C, C++, Java and Python codes safely(using blackboxing) and under limited resources(time, memory, output size)
Facebook-BruteForce: Facebook Brute Force Version 1.0
Drupal-Hunter: Drupal Exploiter Tool (Drupal Hunter)
s1c0n: simple recon tool to help you for searching vulnerability on web server
RedTeam_CheetSheets: RedTeam参考,修改自Ridter的https://github.com/Ridter/Intranet_Penetration_Tips
opensea-submarine: Ping. Ping. Ping.
Constole: Scan for and exploit Consul agents
gomem: A Go library for manipulating Windows processes.
All_CTF_write-ups: From Antoine Nguyen and 0ni0n CTF team with love:3
1337kit: 64-bit LKM Rootkit builder based on yaml prescription. Working on 5.15.5 kernel
GreedyBear: Threat Intel Platform for T-POTs
Discord-Console-hacks: A collection of JavaScript Codes I've made to enhance the User Experience of Discord and some other Discord related stuff
USBGuardian: USBGuardian is an open source and affordable USB malware cleaning station
APAC-Conferences: A community contributed consolidated list of InfoSec meetups in the Asia Pacific region.
butthax: lovense hush buttplug exploit chain
TheDupe: The Dupe is a free, multi-platform sensor for your decoy systems or honeypots. This sensor is easy to deploy and easy to use, you will have your own running decoy system in under 10 minutes!
Mitm: Man in the middle tool
RansomDLLs: Reference list for my Ransomware exploitation research. Lists current DLLs I have seen to date that some ransomware search for, which I have used successfully to hijack and intercept vulnerable strains executing arbitrary code pre-encryption.
cyris: CyRIS: Cyber Range Instantiation System
log4j-poc: A Docker based LDAP RCE exploit demo for CVE-2021-44228 Log4Shell
Industrial-Security-Auditing-Framework: ISAF aims to be a framework that provides the necessary tools for the correct security audit of industrial environments. This repo is a mirror of https://gitlab.com/d0ubl3g/industrial-security-auditing-framework.
cyber_threat_intelligence: Cyber Threat Intelligence Data, Indicators, and Analysis
credit-card-fraud-kaggle: Classificando dados anônimos de transações por cartão de crédito como fraudulentas ou genuínas
sDriller: An patch for shellphish's Driller. Add support for strip static linked binaries, for which uses IDrillerA's result to hook libc functions.
WhatWeb: Next generation web scanner
purelove: Purelove is a lightweight penetration testing framework, in order to better security testers testing holes with use.
aragraph: Visualize your Aragon DAO Templates
tools.tldr.run: A curated list of security tools for Hackers & Builders!
cybersecurity-web-security: An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Web Security in Cybersecurity.
Supply-Blockchain: A demonstration of asset tracking blockchain, a generic use-case in IoT.
LFITester: LFITester is a Python3 program that automates the detection and exploitation of Local File Inclusion (LFI) vulnerabilities on a server.
CTF-notes: Everything needed for doing CTFs
securely-transfer-messages: This is a tutorial to securely transfer messages from system A to system B with various coding languages and keep the rules of information security.
MailRipV3: SMTP and IMAP checker / cracker for mailpass combolists with a user-friendly GUI, automated inbox test and many more features.
b1tifi: ssh management tool to provides commandline access to a remote system running SSH server
GeoIPPlotter: GeoIP plotting script written in Python to help security teams draw visualized reports from IP addresses
botmap: A nmap & MSF bot
icp-domains: 输入一个域名,输出ICP备案所有关联域名
ad-privileged-audit: Provides various Windows Server Active Directory (AD) security-focused reports.
BabyMux: pentesting tool for noob hackers.Runs on linux and termux
CKS-Exercises-Certified-Kubernetes-Security-Specialist: A set of curated exercises to help you prepare for the CKS exam
toolkit-exploit-hacking-seismologic-networks: toolkit for exploiting your own seismological networks
Android-PIN-Bruteforce: Unlock an Android phone (or device) by bruteforcing the lockscreen PIN. Turn your Kali Nethunter phone into a bruteforce PIN cracker for Android devices! (no root, no adb)
cybergym: Lucideus CyberGym is the internal CTF event we organise for our security professionals to grow and learn together. Now everyone can access the challenges that can be easily setup and start playing.
gigahorse-toolchain: A binary lifter and analysis framework for Ethereum smart contracts
studious-tribble: Repositório criado para agregar documentos, orientações e demais informações advindas de um grupo de estudos em Segurança de Dados
CMSUno-RCE: CMSUno 1.6.1 <= 1.6.2 - Remote Code Execution (Authenticated)
ms17_010_scan: ms17_010的批量扫描工具
venom: the venom framework is a framework made in ruby filled with tools for wireless hacking, normal terminal commands, metasploit payloads and more i do plan on adding more things to it in the future if you would like to see updates on this and other tools i make follow me on instagram: @tuf_unkn0wn
ehtk: Ethical Hacking Toolkit is a collection of tools, cheat sheets, and resources for Ethical hackers, Penetration Tester, and Security Researchers etc. It contains almost all tools mentioned in CEH, OSCP, eCPPT and PNPT
SUF: SSH Username Finder
CamOver: CamOver is a camera exploitation tool that allows to disclosure network camera admin password.
turbo-scanner: A port scanner and service detection tool that uses 1000 goroutines at once to scan any hosts's ip or fqdn with the sole purpose of testing your own network to ensure there are no malicious services running.
exploit-framework: A multiple reverse shell sessions/clients manager via terminal written in go
high-assurance-rust: A free book about developing secure and robust systems software.
prl_guest_to_host: Guest to host VM escape exploit for Parallels Desktop
SecurityDataScience: Apache Spark 2.2.0 (pyspakr) exercises of Security Data Science Course.
ansible-role-firewall: Ansible Role - iptables Firewall configuration.
minecraft-log4j-honeypot: Minecraft Honeypot for Log4j exploit. CVE-2021-44228 Log4Shell LogJam
sightings_ecosystem: This project aims to fundamentally advance our collective ability to see threat activity across organizational, platform, vendor and geographical boundaries.
dalfox: 🌙🦊 DalFox is an powerful open source XSS scanning tool and parameter analyzer, utility
scan4all: vuls Scan: 15000+PoCs; 21 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...
optiga-tpm: Infineon OPTIGA™ TPM 2.0
Eagle: Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities
pyjarm: pyJARM is a library for doing JARM fingerprinting using python
knary: A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams/Lark/Telegram & Pushover support
antrea: Kubernetes networking based on Open vSwitch
portia: Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised. Portia performs privilege escalation as well as lateral movement automatically in the network
fuzzbang: Python 3 package providing basic fuzzing support
dustilock: DustiLock is a tool to find which of your dependencies is susceptible to a Dependency Confusion attack.
bareos: Main repository with the code for the libraries and daemons
CVE-2021-21972: CVE-2021-21972 – ᴠᴍᴡᴀʀᴇ ᴄʟɪᴇɴᴛ ᴜɴᴀᴜᴛʜᴏʀɪᴢᴇᴅ ᴄᴏᴅᴇ ɪɴᴊᴇᴄᴛɪᴏɴ (ʀᴄᴇ)
salus: Security scanner coordinator
trolo: trolo - an easy to use script for generating Payloads that bypasses antivirus
CheatSheets: Collection of scripts, files, and tips to create and maintain networks, hack, and more!
PowerLadon: Ladon Network Penetration Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC
ffuf-docker: A containerised version of ffuf (Fuzz Faster U Fool).
jscpwn: PoC exploit for CVE-2016-4622
snyk-maven-plugin: Test and monitor your projects for vulnerabilities with Maven. This plugin is officially maintained by Snyk.
SimpleExploitFixer: A Simple Exploit Fixer plugin that aims to fix most lag machines
shodansploit: 🔎 shodansploit > v1.3.0
idsa: This is the main repository of International Data Spaces Association on GitHub, where you can find general overview and useful information on IDS Landscape.
super-payload-launcher: A new, pretty, simple, cross-platform GUI-based tool for injecting payloads onto your Switch to boot into Atmosphere, Hekate, Android etc! Available for Windows, MacOS and Linux.
Winrarer-Ransomware
FedIoT: Federated Learning for Internet of Things: A Federated Learning Framework for On-device Anomaly Data Detection, backed by FedML, Inc.
log4jscanwin: Log4j Vulnerability Scanner for Windows
boast: The BOAST Outpost for AppSec Testing (v0.1.0)
jwtXploiter: A tool to test security of json web token
MSF-Self-Defence: Self defense post module for metasploit
envkey-source: Set OS-level shell environment variables with EnvKey. Allows EnvKey to be used with any language. Pairs well with Docker.
Threshold: Paper backup requiring a chosen K of N pieces to decrypt. Useful for storing passwords, private keys for PGP or Bitcoin, recovery codes, secret instructions, and small files. Work in progress.
rpl-attacks: RPL attacks framework for simulating WSN with a malicious mote based on Contiki
nano-can: Arduino code for use with nano can PCB
feuerfuchs: Files for the "feuerfuchs" challenge of 33C3 CTF. See the greeting message in server.py for more information about the challenge
buttercup-desktop: 🔑 Cross-Platform Passwords & Secrets Vault
LeakGenerator: Generate your own personal data leak
IPBan: Baneo de IPs para SSH y registro en MySQL
chronos: python framework to parse logs for IR
awesome-java-security: Awesome Java Security Resources 🕶☕🔐
xxexploiter: Tool to help exploit XXE vulnerabilities
blackholebots: Free module for prestashop and thirtybees platforms that will automagically ban bots that don't follow robots.txt instructions
RemoteMouse-3.008-Exploit: This exploit allows to connect to the remote RemoteMouse 3.008 service to virtually press arbitrary keys and execute code on the machine.
ActiveDirectoryAttackTool: ADAT is a small tool used to assist CTF players and Penetration testers with easy commands to run against an Active Directory Domain Controller. This tool is is best utilized using a set of known credentials against the host.
gina-ldap-client: Client Java d'accès à l'annuaire LDAP de l'État de Genève.
Magento2_SomethingDigital_InvalidateAdminPasswords: Module to invalidate all admin passwords on Magento 2
longtongue: Customized Password/Passphrase List inputting Target Info
lazy-oauth2-service-worker-vault: Keep your OAuth 2.0 tokens secure and up-to-date.
subdomain_scanner: Subdomain Scanner on Shell
Go-Security: My Go security projects
Lazysploit: I made this tool for beginner who start ethical hacking. This tool help you to make payload with msfvenom without writing a single line of command.
NetWorm: Python network worm that spreads on the local network and gives the attacker control of these machines.
udcide: Android Malware Behavior Deleter
Attiny85: RubberDucky like payloads for DigiSpark Attiny85
androsec-rl: Efficient Android Malware detection using Random - Protype of BA's final project (Efficient Android Malware Detection using RL) - Amit Moshe (@Amit223) & Inbar Roth (@inbaroth) & Liad Bercovich (@liadber)
nerdbug: Full Nuclei automation script with logic explanation.
WifiPassword-Stealer: Get All Registered Wifi Passwords from Target Computer.
VoiceSens: A Voice Biometric Application using Watson Speech to Text
ktcal2: SSH brute forcer tool and library, using AsyncIO of Python 3.4
struts-pwn_CVE-2018-11776: An exploit for Apache Struts CVE-2018-11776
phomber: Phomber is infomation grathering tool that reverse search phone numbers and get their details, written in python3.
DFBreak: DAYFILER Rooting Tool
Awesome-Cybersecurity-Datasets: A curated list of amazingly awesome Cybersecurity datasets
EQGRP: Decrypted content of eqgrp-auction-file.tar.xz
SecurIA: Proyecto "Seguridad en la vivienda". Sistema IoT de videovigilancia controlada por IA para una vivienda, dispone de aplicación android y web para la interfaz de usuario.
Confiscate: Discover duplication glitches, abusive staff giving items, x-ray or simply poor server economy.
cybersecurity-cross-site-scripting: An ongoing curated collection of awesome XSS software, libraries, frameworks, learning tutorials & practical resources cross-site scripting.
ARM_Exploit: ARM Exploit 開発のためのトレーニングリポジトリ
connectors: OpenCTI Connectors
Automating-VirusTotal-APIv3-for-IPs-and-URLs: Automating VirusTotal's API v3 for IP address and URL analysis w/HTML Reporting. Python script that functions like a CLI tool to interact programmatically with VirusTotal API v3.
digital-security-coach: 🔒 Accessible crash course on digital security
BlackMamba: C2/post-exploitation framework
googlephotos-filestorage: Exploiting Google Photos' unlimited photo storage
Lilith: Lilith, The Open Source C++ Remote Administration Tool (RAT)
burp-exporter: Exporter is a Burp Suite extension to copy a request to a file or the clipboard as multiple programming languages functions.
pentesterlabpro_notes: This is collection of my notes on pentesterlab which I made while solving these pentesterlab pro exercises.
Authorized: 🔐 Simple way to authorize user actions on resources for Vapor 3
SECMON: SECMON is a web-based tool for the automation of infosec watching and vulnerability management with a web interface.
awesome-rtc-hacking: a list of awesome resources related to security and hacking of VoIP, WebRTC and VoLTE
rapidscan: 🆕 The Multi-Tool Web Vulnerability Scanner.
MarkdownBlogPosts: Essentially just notes I take, via a markdown app called Dillinger
doublepulsar-detection-script: A python2 script for sweeping a network to find windows systems compromised with the DOUBLEPULSAR implant.
nlp: 兜哥出品 <一本开源的NLP入门书籍>
WP-Exploiter: WP-Exploiter is a tool for testing and exploiting a wide range of WordPress websites.
laravel-csp: Set content security policy headers in a Laravel app
overwhelm: Overwhelm's Vanquish is a Kali Linux based Enumeration Orchestrator built in Python running inside a docker container. Vanquish leverages the opensource enumeration tools on Kali to perform multiple active information gathering phases. The results of each phase are fed into the next phase to identify vulnerabilities that could be leveraged for a remote shell
nullbinder: Tools to exploit misconfiguration into LDAP directory
ghost_eye: Ghost Eye Informationgathering Footprinting Scanner and Recon Tool Release. Ghost Eye is an Information Gathering Tool I made in python 3. To run Ghost Eye, it only needs a domain or ip. Ghost Eye can work with any Linux distros if they support Python 3. Author: Jolanda de Koff
raptor: Web-based Source Code Vulnerability Scanner
substack: Sub-domains enumeration framework
juice-shop: OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
4depcheck: a tool to analyze and detect vulnerable dependencies/libraries from different programming languages
Cyber-Christmas: A curated list of resources for Cyber Professionals
nosurf: CSRF protection middleware for Go.
cornerstone: Linux命令转发记录
tbms: Tor-Browser Sandbox for macOS - security tool to reduce tor-browser access to macOS system
SafePad: SafePad : Encrypted Text Editor. This text editor uses very strong encryption to let you protect your secrets. Great for storing passwords, credit card details or any else that you want to keep safe.
find-sec-bugs: The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
PyIris: PyIris is a modular remote access trojan toolkit written in python targeting Windows and Linux systems.
best-practices-badge: 🏆Open Source Security Foundation (OpenSSF) Best Practices Badge (formerly Core Infrastructure Initiative (CII) Best Practices Badge)
RansomwareDetectionService: This program detects all present and future ransomware in Windows file shares or local drives for Windows file servers. I created this windows service to aide system administrators not average users.
IAT_API: Assembly block for finding and calling the windows API functions inside import address table(IAT) of the running PE file.
cybernethunter-armory: Tactical Cyber Tradecraft
awesome-anti-forensic: Tools and packages that are used for countering forensic activities, including encryption, steganography, and anything that modify attributes. This all includes tools to work with anything in general that makes changes to a system for the purposes of hiding information.
Nginx-Lua-Anti-DDoS: A Anti-DDoS script to protect Nginx web servers using Lua with a HTML Javascript based authentication puzzle inspired by Cloudflare I am under attack mode an Anti-DDoS authentication page protect yourself from every attack type All Layer 7 Attacks Mitigating Historic Attacks DoS DoS Implications DDoS All Brute Force Attacks Zero day exploits Social Engineering Rainbow Tables Password Cracking Tools Password Lists Dictionary Attacks Time Delay Any Hosting Provider Any CMS or Custom Website Unlimited Attempt Frequency Search Attacks HTTP Basic Authentication HTTP Digest Authentication HTML Form Based Authentication Mask Attacks Rule-Based Search Attacks Combinator Attacks Botnet Attacks Unauthorized IPs IP Whitelisting Bruter THC Hydra John the Ripper Brutus Ophcrack unauthorized logins Injection Broken Authentication and Session Management Sensitive Data Exposure XML External Entities (XXE) Broken Access Control Security Misconfiguration Cross-Site Scripting (XSS) Insecure Deserialization Using Components with Known Vulnerabilities Insufficient Logging & Monitoring Drupal WordPress Joomla Flash Magento PHP Plone WHMCS Atlassian Products malicious traffic Adult video script avs KVS Kernel Video Sharing Clip Bucket Tube sites Content Management Systems Social networks scripts backends proxy proxies PHP Python Porn sites xxx adult gaming networks servers sites forums vbulletin phpbb mybb smf simple machines forum xenforo web hosting video streaming buffering ldap upstream downstream download upload rtmp vod video over dl hls dash hds mss livestream drm mp4 mp3 swf css js html php python sex m3u zip rar archive compressed mitigation code source sourcecode chan 4chan 4chan.org 8chan.net 8ch 8ch.net infinite chan 8kun 8kun.net anonymous anon tor services .onion torproject.org nginx.org nginx.com openresty.org darknet dark net deepweb deep web darkweb dark web mirror vpn reddit reddit.com adobe flash hackthissite.org dreamhack hack hacked hacking hacker hackers hackerz hackz hacks code coding script scripting scripter source leaks leaked leaking cve vulnerability great firewall china america japan russia .gov government http1 http2 http3 quic q3 litespeedtech litespeed apache torrents torrent torrenting webtorrent bittorrent bitorrent bit-torrent cyberlocker cyberlockers cyber locker cyberbunker warez keygen key generator free irc internet relay chat peer-to-peer p2p cryptocurrency crypto bitcoin miner browser xmr monero coinhive coin hive coin-hive litecoin ethereum cpu cycles popads pop-ads advert advertisement networks banner ads protect ovh blazingfast.io amazon steampowered valve store.steampowered.com steamcommunity thepiratebay lulzsec antisec xhamster pornhub porn.com pornhub.com xhamster.com xvideos xvdideos.com xnxx xnxx.com popads popcash cpm ppc
BananaPhone: It's a go variant of Hells gate! (directly calling windows kernel functions, but from Go!)
Splunk_Remediation_Scripts: Scripts for Splunk Alerts
unlockdown: Disabling kernel lockdown on Ubuntu without physical access
go-metadataproxy: A proxy for AWS's metadata service that gives out scoped IAM credentials from STS
Admin-Scanner: This tool is design to find admin panel of any website by using custom wordlist or default wordlist easily and allow you to find admin panel trough a proxy server
dismap: Asset discovery and identification tools 快速识别 Web 指纹信息,定位资产类型。辅助红队快速定位目标资产信息,辅助蓝队发现疑似脆弱点
frontend-tech-list: 📝 Frontend Tech List for Developers 💡
ContainerSSH: ContainerSSH: Launch containers on demand
Encryption-Techniques: Eventually, I mean to implement multiple famous encryption/decryption techniques here.
Ultimate-Guitar-Hack: The first tool to download any Guitar Pro file, including 'Official' from Ultimate Guitar
Python-Cybrary-Code: python code correlating with my cybrary lesson blogs
CVE-2019-11708: Full exploit chain (CVE-2019-11708 & CVE-2019-9810) against Firefox on Windows 64-bit.
loopback4-helmet: A loopback4 extension for helmetjs integration
cybersecurity-threat-intelligence: An ongoing & curated collection of awesome software best practices and remediation techniques, libraries and frameworks, E-books and videos, Technical guidelines and important resources about Threat Intelligence.
linuxallenum: this bash script is for remote linux and macos hosts hacked!
HelpUKR-master: This website is a collection of content that can be used to help Ukraine in the Cyber War from your browser, it also contains WebApps, News from many sources and lots of ways to donate directly to Ukraine from verified charity’s and lots more. We even have some pages on here we recovered from Google Web Cache’s after being destroyed by Russian attacks.
CVE2020-0796: Exploit for win10 SMB3.1
hack-pet: 🐰 Managing command snippets for hackers/bug bounty hunters. with pet.
urlhunter: a recon tool that allows searching on URLs that are exposed via shortener services
DemonHunter: Distributed Honeypot
FunctionStomping: A new shellcode injection technique. Given as C++ header, standalone Rust program or library.
BAR-Tender: An FPGA I/O Device which services physical memory reads/writes via UMDF2 driver
Offensive-Reverse-Shell-Cheat-Sheet: Offensive Reverse Shell (Cheat Sheet)
Pentest-Notes: Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)
sigmavpn: Light-weight, secure and modular VPN solution which makes use of NaCl encryption (also available for Android using jnacl in "sigmavpn-android")
phishEye: phishEye is an ultimate phishing tool in python. Includes popular websites like Facebook, Twitter, Instagram, LinkedIn, GitHub, Dropbox, and many others. Created with Flask, custom templates, and tunneled with ngrok and localhost.run.
kernelpwn: kernel-pwn and writeup collection
awesome-vulnerable-apps: Awesome Vulnerable Applications
Burp-Selection-Size-Calculator: Burp extension to calculate the byte size of selections made in text windows
CVE-2022-26809: CVE-2022-26809 is a vulnerability in Remote Procedure Call Runtime
exifcleaner: Cross-platform desktop GUI app to clean image metadata
antifuzzer
uxss-db: 🔪Browser logic vulnerabilities ☠️
kernel-mii: Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.
dnxfirewall: DNXFIREWALL (dad's next-generation firewall), a C/CPython hybrid next generation firewall built on top of Linux and bound to kernel/ netfilter hooks for packet control.
Cyber-Risk-Research-FULL-WORK: All of my work for the past 6 months as a cyber risk researcher for University of Greenwich. A total of 41 literature reviews and analysis as white papers to develop the final survey paper
awesome-sec-challenges: A curated list of Awesome Security Challenges.
Firmware_Slap: Discovering vulnerabilities in firmware through concolic analysis and function clustering.
R2R--OnePunchInstaller: R2R is the short for Ready-To-Recon, This is a shell script written to install the major Known Reconnaissance tools in your Ubuntu-Linux-Fedora etc, Operating Systems to get started with Penetration Testing and Web App security with these tools.
kube-scan: kube-scan: Octarine k8s cluster risk assessment tool
Codium-Crypter-1.8.6: Codium Algorithm, We Provide Strong Encryption, And Stable Crypter, And Weekly-Daily Updates.
BigBountyRecon: BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
HackerOne-Lessons: Transcribed video lessons of HackerOne to pdf's
Psonic: Psonic is a password manager, equipped with password and mnemonic generation and encrypted storage.
rudy: RUDY is an acronym used to describe a Denial of Service (DoS) tool used by hackers to perform slow-rate a.k.a. “Low and slow” attacks.
Open-source-tools-for-CTI: Public Repository of Open Source Tools for Cyber Threat Intelligence Analysts and Researchers
TCPHound: Win32 utility for auditing TCP connections
AIL-framework: AIL framework - Analysis Information Leak framework. Project moved to https://github.com/ail-project
pythonidae-challenge: Set of Python programming challenge for cyber security (offensive / defensive)
Jpg-Png-Exploit-Downloader-Fud-Cryter-Malware-Builder-Cve-2022: Vulnerability Disclosure Timeline Closer inspection of the Exploit JPG content reveals the malicious link as well as the URL Download and Execute of the tool used to generate the Exploit JPG from Python encrypted code content which we also implement in couple of our builders.Silent JPG Exploit There are multiple Exploit JPG in Silent JPG Exploit, a package commonly used by web services to process Exploit JPG File. One of the vulnerabilities can lead to remote code execution (RCE) if you process user submitted JPG. The exploit for this vulnerability is being used in the wild.Why Are You Disclosing A Exploit JPG
ScoutSuite: Multi-Cloud Security Auditing Tool
qvm-create-windows-qube: Spin up new Windows qubes quickly, effortlessly and securely on Qubes OS
privacy-respecting: Curated List of Privacy Respecting Services and Software
FazScan: | FazScan is a Perl program to do some vulnerability scanning and pentesting |
go-dork: The fastest dork scanner written in Go.
brute-force-seed-bitcoin: Find used seeds in blockchain
CVE-2021-40845: AlphaWeb XE, the embedded web server running on AlphaCom XE, has a vulnerability which allows to upload PHP files leading to RCE once the authentication is successful - https://ricardojoserf.github.io/CVE-2021-40845/
kubernetes-network-policy-recipes: Example recipes for Kubernetes Network Policies that you can just copy paste
pidrila: Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer
fbspider: Scraping Facebook information
security-analytics: Community Security Analytics provides a set of community-driven audit & threat queries for Google Cloud
blackhat-arsenal-tools: Official Black Hat Arsenal Security Tools Repository
PwnKit-Exploit: Proof of Concept (PoC) CVE-2021-4034
KaliLadon: Ladon for Linux (Kali), Large Network Penetration Scanner, vulnerability / exploit / detection / MS17010 / password
secrets-auth: 🤫 This application is made for learning Authentication and Security in web applications. I am learning from basics of Authentication to the advanced level.
Search-That-Hash: 🔎Searches Hash APIs to crack your hash quickly🔎 If hash is not found, automatically pipes into HashCat⚡
Metasploit-termux: Metasploit 6 , No Error , Maintained, Termux
Automap: An automated tool for nmap scaning. It include several options such as vulnerabilities scanner, port scanner, sub-network scan and much more!
pyprotect: A lightweight python code protector, makes your python project harder to reverse engineer
PossumBot: A bot that will allow you to destroy discord servers.
ByeLog4Shell: Use Log4Shell vulnerability to vaccinate a victim server against Log4Shell
angular-auth-oidc-client: npm package for OpenID Connect, OAuth Code Flow with PKCE, Refresh tokens, Implicit Flow
bCTF: CTF scoreboard and framework. https://b-ctf.io
SprayingToolkit: Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient
PyLogger: ⌨ᴀᴅᴠᴀɴᴄᴇᴅ ᴘʏᴛʜᴏɴ ᴋᴇʏʟᴏɢɢᴇʀ⌨
awesome-golang-security: Awesome Golang Security resources 🕶🔐
Memory-Overwriter: Simple memory editing program written in C++
Phishing-URL-v5-IBM: Phishing Url detector detects cyber thefts and cyber frauds using machine learning and data science technology. TECH used- Python, Django(Backend), SQLite, IBM cloud, data science, machine learning.
staystaystay: Proof of Concept for CVE-2021-1585: Cisco ASA Device Manager RCE
D4rkXSS: A list of useful payloads and Bypass for Web Application Security and Bug Bounty/CTF
WordPress-Plugins-List: Wordpress Plugins List
StegoCracker: Stego is an open-source and free steganography tool that lets you hide your secret message in an image or audio file. You will not notice any change in the image or audio file. However, your secret message will be inside the original image or audio file
bscValueDefi-Exploit: Abusing delayed share calculations on 4000% APR staking.
SecureSignIn-v3a: A Java CLI application I have created in an attempt to improve my online account security
cercat: Monitor issued certificates in real-time and send alerts to Slack when a domain matches.
kernelpop: kernel privilege escalation enumeration and exploitation framework
Beam-On-Join: I saw some kid scamming kids and making them this tool for 10$ or something so uh like why not remake it and give it for free :D!
elasticsearch-readonlyrest-plugin: Free Elasticsearch security plugin and Kibana security plugin: super-easy Kibana multi-tenancy, Encryption, Authentication, Authorization, Auditing
bds03-security: Desafio do boocamp da devsuperior, onde coloquei em prática o módulo de spring security.
decker: Declarative penetration testing orchestration framework
EFIgy: A small client application that uses the Duo Labs EFIgy API to inform you about the state of your Mac EFI firmware
dinkleberg: 🕵️♂️ Catch users faking their offline status on Discord with an exploit written in Rust
Python-Honeypot: OWASP Honeypot, Automated Deception Framework.
djangorestframework-api-key: 🔐 API key permissions for Django REST Framework
meltdown-spectre-poc-grabber: Script I wrote in about 10 minutes to grab Meltdown/Spectre PoC's and download them.
Discord-Bots-Hack: Discord Bots Hacking
owtf: Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp
httpx: httpx is a fast and multi-purpose HTTP toolkit allows to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads.
gosec: Golang security checker
Hacking-Tools-Repository: A list of security/hacking tools that have been collected from the internet. Suggestions are welcomed.
admin-finder: This tool is used to find the admin login page of a website.
pdfcrack: An Advanced tool to Crack Any Password Protected PDF file. A very user friendly script especially for noob hackers.
FEUP-FSI: 🎓 FSI -> L.EIC/M.EIC - FEUP, 2021-2022
pre-commit-hooks-nodejs-reactjs: Git hook scripts are useful for identifying simple issues before submission to code review. We run our hooks on every commit to automatically point out issues like npm high & critical vulnerabilities, npm test, eslint, branch naming
Slient-Url-Exploit-New-Cve-Chrome-Exploit-Html-Downloader-Put-Your-Link: URL Infection (Silent Java Drive By) URL Infection Exploit Silent Java Drive by downloads may happen when visiting a site, opening an e-mail message. It may even happen by clicking on a malicious pop-up window: by clicking on the window in the belief that it concerns an error report from the computer’s OS, for example.
AzureKeyVault: R interface to Azure Key Vault. Submit issues and PRs at https://github.com/Azure/AzureKeyVault
Phobos-config: This is a config for Phobos 1.7 to 1.9.0
InfoSec_Practice: https://magicansk.github.io/InfoSec_Practice/TOC
pan-academy-blue-bank: Blue Bank é uma API de transações bancárias, desenvolvida durante o Bootcamp Pan Academy da Gama em parceria com o banco PAN.
NoSQLMap: Automated NoSQL database enumeration and web application exploitation tool.
vigrid: Vigrid is a Cyber Range redesign of the GNS3 tool able to virtualize almost any physical device on many CPU. It is also able to virtualize entire networks not visible between them. Vigrid adds industrial cloning. clientless console accesses. snapshots. unlimited scalability. standalone or infrastructure and cloud designs.
0x04-ARM-32-Hacking-Double: ARM 32-bit Raspberry Pi Hacking Double example in Kali Linux.
email2phonenumber: A OSINT tool to obtain a target's phone number just by having his email address
TracceDigitali: OSINT: come iniziare. Strumenti e idee per raccogliere e analizzare fonti aperte.
nzyme: Nzyme is a free and open next-generation WiFi defense system. Go to www.nzyme.org for more information.
PasswordStealer
ReverseGoShell: A Golang Reverse Shell Tool With AES Dynamic Encryption
wp-cloudflare-guard: Connecting WordPress with Cloudflare firewall, protect your WordPress site at DNS level. Automatically create firewall rules to block dangerous IPs
LaravelENV
IoT_Scanner: IoT Scanner by ASA - Scan for active IoT devices and find their vulnerabilities
dotdotslash: Search for Directory Traversal Vulnerabilities
Code-Audit-Challenges: Code-Audit-Challenges
solved-hacking-problem: ✔️ My solutions for CTF & wargame challenges
CSCI4349_Week7_WpPentest: Course code for TAMUSA CSCI 4349.
seminar: Seminar – IT-Sicherheitsgesetz 2.0
CTF-OverTheWire: Breakdown of OverTheWire CTF Game
cloudquery: The open-source cloud asset inventory powered by SQL.
shadowbroker-smb-scanner: shadowbroker SMB exploit scanner. Scans for ETERNALSYNERGY ETERNALBLUE ETERNALROMANCE ETHERNALCHAMPION
favtools: Tools that i use n love :D
linuxallremote: This bash scripts will help you to hack remote hosts. You can choose and run one of them.
Goblyn: Goblyn is a Python tool focused to enumeration and capture of website files metadata.
cloud-discovery: Cloud Discovery provides a point in time enumeration of all the cloud native platform services
Windows-exploits: 🎯 Windows 平台提权漏洞大合集,长期收集各种提权漏洞利用工具。 A large collection of rights raising vulnerabilities on the windows platform, which collects various rights raising vulnerability utilization tools for a long time.
Packet-Sniffing-and-Spoofing: Packet sniffing and spoofing 🗃️
web-hacking-toolkit: A web hacking toolkit (docker image).
unauthd: A local privilege escalation chain from user to kernel for MacOS < 10.15.5. CVE-2020–9854
hubble: Hubble is a modular, open-source security compliance framework. The project provides on-demand profile-based auditing, real-time security event notifications, alerting, and reporting. HubbleStack is a free and open source project made possible by Adobe. https://github.com/adobe
Win7Blue: Scan/Exploit - EternalBlue MS17-010 - Windows 7 x86/x64
WordListGen: Super Simple Python Word List Generator for Fuzzing and Brute Forcing in Python
WhatCMS: CMS Detection and Exploit Kit based on Whatcms.org API
awesome-python-security: Awesome Python Security resources 🕶🐍🔐
gsocket: Connect like there is no firewall. Securely.
ByteCodeDL: A declarative static analysis tool for jvm bytecode based Datalog like CodeQL
logkeys: 📝 ⌨️ A GNU/Linux keylogger that works!
cfscan: open-source security and vulnerability scanner for cloud foundry environments
CompTIA-Security-
s3s_doc: Sub3 Suite Documentation
docker-dvwa: Latest Docker DVWA running on Debian 9.3
Phishpedia: Official Implementation of "Phishpedia: A Hybrid Deep Learning Based Approach to Visually Identify Phishing Webpages" USENIX'21
433MHz-Cloner: Just hack any 433MHz device!
Vulcan: VulCan资产管理系统|漏洞扫描|资产探测|定时扫描
PPF: A modular pentesting framework implemented in C
osv.dev: Open source vulnerability DB and triage service.
RedBook: 基于Threathunting-book基础上完善的狩猎视角红队handbook
SentryPeer: Protect your SIP Servers from bad actors.
anchore-engine: A service that analyzes docker images and scans for vulnerabilities
libdft64: libdft for Intel Pin 3.x and 64 bit platform. (Dynamic taint tracking, taint analysis)
EhLab: O EhLab (Ethical Hacker Laboratory) é um laboratório de pentest grátis e de código aberto, altere e adquira conhecimento de forma livre com nosso lab
Zeek-Network-Security-Monitor: A Zeek Network Security Monitor tutorial that will cover the basics of creating a Zeek instance on your network in addition to all of the necessary hardware and setup and finally provide some examples of how you can use the power of Zeek to have absolute control over your network.
cowrie: Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io
TryHackMe-Writeups: My TryHackMe writeups and notes
vm2: Advanced vm/sandbox for Node.js
mosec-node-plugin: 用于检测 node 项目的第三方依赖组件是否存在安全漏洞。
Dr_Quine: A self-replicating virus in C, ASM, python.
AppLocker: AppLocker - simple lock screen for iOS Application ( Swift 4+, iOS 9.0+) Touch ID / Face ID
breaking-telegram: Simple PoC script that allows you to exploit telegram's "send with timer" feature by saving any media sent with this functionality.
kata-containers: Kata Containers version 2.x repository. Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs. https://katacontainers.io/
storefront_cloner: A python approach to clone Citrix Storefront portals
lzr: LZR quickly detects and fingerprints unexpected services running on unexpected ports.
Shuffle: Shuffle: A general purpose security automation platform. Our focus is on collaboration and resource sharing.
pentest-book
Penetration-Testing-Cheat-Sheet: A guide to help people who are new to penetration testing and are looking to gain an overview of the penetration testing process. This guide will help anyone hoping to take the CREST CRT or Offensive Security's OSCP exam and will aim to cover each stage of compromising a host.
RedisPushIptables: RedisPushIptables is used to update firewall rules to reject the IP addresses for a specified amount of time or forever reject.
AESJniEncrypt: Make safest code in Android. (基于libsodium实现chacha20算法,key在native中,防止被二次打包){长期维护,请star,勿fork}
chrome_enum: Decrypts and dumps Chrome-based browser cookies and passwords in Microsoft Windows.
tamperchrome: Tamper Dev is an extension that allows you to intercept and edit HTTP/HTTPS requests and responses as they happen without the need of a proxy. Works across all operating systems (including Chrome OS).
AdvancedKeyHacks: API Key/Token Exploitation Made easy.
piknik: Copy/paste anything over the network.
WireBug: WireBug is a toolset for Voice-over-IP penetration testing
jupyter-widget-stixview: STIX2 graph widget for Jupyter notebooks, powered by stixview library
HackBrowserData: Decrypt passwords/cookies/history/bookmarks from the browser. 一款可全平台运行的浏览器数据导出解密工具。
Shodan_Search: Based on the Shodan API, it displays the open ports and security vulnerabilities of the server related to the entered ip or hostname.
neoss: ✔️ User-friendly and detailed socket statistics with a Terminal UI.
AndroPyDucky: Ferramenta para criação de payloads HID (human interface device) para android sem nethunter ou rubber ducky
K-Tool: K-Tool
security-core: Security provides an infrastructure for sophisticated authorization systems, which makes it possible to easily separate the actual authorization logic from so called user providers that hold the users credentials. It is inspired by the Java Spring framework.
search-libc: Web wrapper of niklasb/libc-database
dfir-ioc-ut: DFIR IoC Unit Testing
minishmaker: Level editing suite for The Legend of Zelda: The Minish Cap
Image_Steganography: It is just an Experiment on Image Strgaography to Demostrate the uses of Hiding data in picture and Also Detecting it using Neural Network w.r.t noise in the malware image
shoulditrust: 🤔Check if an IP address is safe or not!
rbac-tool: Rapid7 | insightCloudSec | Kubernetes RBAC Power Toys - Visualize, Analyze, Generate & Query
CyberSec-Books: Cyber Security Books
domain-protect: Protect against subdomain takeover
turbo-attack: A turbo traffic generator pentesting tool to generate random traffic with random mac and ip addresses in addition to random sequence numbers to a particular ip and port.
Canvass: An open source tool chain to simulate cyber attacks in the power system
ActiveReign: A Network Enumeration and Attack Toolset for Windows Active Directory Environments.
security-101-for-saas-startups: security tips for startups
wifi-cracking: Crack WPA/WPA2 Wi-Fi Routers with Airodump-ng and Aircrack-ng/Hashcat
VAC-Bypass: Full VAC Bypass. Inject detected cheats and not get VAC banned.
aeacus: 🔐 Vulnerability remediation scoring system
printix-CVE-2022-25090: A "Creation of Temporary Files in Directory with Insecure Permissions" vulnerability in PrintixService.exe, in Printix's "Printix Secure Cloud Print Management", Version 1.3.1106.0 and below allows any logged in user to elevate any executable or file to the SYSTEM context. This is achieved by exploiting race conditions in the Installer.
netizenship: a commandline #OSINT tool to find the online presence of a username in popular social media websites like Facebook, Instagram, Twitter, etc.
RapidRepoPull: The goal of this program is to quickly pull and install repos from its list
jigg: JavaScript implementation of garbled gates and 2PC boolean circuit protocols
WSSAT: WEB SERVICE SECURITY ASSESSMENT TOOL
AzureHunter: A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
badusb_botnet: 👥😈 Infect a pc with badusb and establish a connection through telegram.
go-safeweb: Secure-by-default HTTP servers in Go.
ITWSV: ITWSV- Integrated Tool for Web Security Vulnerability
SLMail_PoC: Simple RCE PoC for SLMail server on Windows XP SP3
samson: Cryptanalysis and attack library
graphite: Encrypted, secure, user-owned productivity suite
DataProfiler: What's in your data? Extract schema, statistics and entities from datasets
CVE-2019-12840_POC: PoC for Webmin Package Update Authenticated Remote Command Execution
gsvsoc_working-from-home-infoseries: Cybersecurity Tips When Working Remote
zeek-plugin-tds: Zeek network security monitor plugin that enables parsing of the Tabular Data Stream (TDS) protocol
Lets_Pentest: ☠A collection of Penetration Testing scripts I'd written to use in Pentests.💉
gitlab_RCE: RCE for old gitlab version <= 11.4.7 & 12.4.0-12.8.1 and LFI for old gitlab versions 10.4 - 12.8.1
RouterTestApp: Aplicativo Android desenvolvido para a disciplina de Projeto de Aplicação II da Universidade Federal Fluminense. O objetivo do aplicativo é promover testes em roteadores domésticos com intuito de tornar pública as vulnerabilidades contidas neles.
Basic-Keylogger-python: A simple keylogger that sends the keystrokes to the provided email id.
TelemetrySourcerer: Enumerate and disable common sources of telemetry used by AV/EDR.
osx-and-ios-security-awesome: OSX and iOS related security tools
PhishAPI: Comprehensive Web Based Phishing Suite for Rapid Deployment and Real-Time Alerting!
security-threats: Real time analysis of information security vulnerabilities
ServerTelegramBot: Hacking from your phone
covermyass: Shell script to cover your tracks on UNIX systems. Designed for pen testing "covering tracks" phase, before exiting the infected server. Or, permanently disable system logs for post-exploitation.
gray_hat_csharp_code: This repository contains full code examples from the book Gray Hat C#
dontclickshit: Як не стати кібер-жертвою
CVE-2020-7247: PoC exploit for CVE-2020-7247 OpenSMTPD 6.4.0 < 6.6.1 Remote Code Execution
wpscan: WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites.
virustotal: R client for the Virustotal Public API. Virustotal is a Google service that analyzes files and URLs for viruses etc.
skjold: Security audit Python project dependencies against security advisory databases.
traft
PredictionPipelineMS2020: Source code and dataset used in M.S. Thesis "Optimizing a prediction pipeline by prepending an efficient low-fidelity model", 2020
siemstress: Very basic CLI SIEM (Security Information and Event Management system).
loctrack: A tool to locate people using social engineering. 🚀
Cryptolocker: CryptoLocker is open source files encrypt-er. Crypto is developed in Visual C++. It has features encrypt all file, lock down the system and send keys back to the server. Multi-threaded functionality helps to this tool make encryption faster.
skipmcgee.github.io: Welcome to Skip McGee's page: a personal introduction to my code and projects!
buildAPKs: Really quickly build APKs on handheld device (smartphone or tablet) in Amazon, Android, Chromebook and Windows📲 See https://buildapks.github.io/docsBuildAPKs/setup to start building APKs.
NoGPKI: Distrusts GPKI Root CA Certificate because their security and certificate management is bad as F*
awesome-cloud-security: 🛡️ Awesome Cloud Security Resources ⚔️
rop-tool: A tool to help you write binary exploits
eccube-acl-chmod: Adds ACLs to EC-CUBE 4.x, each group of allowed access represented by a bit in an octet like Unix.
linux-keylogger: Linux keylogger written in C
trj: Execute any command in other's computer using a trojan horse coded and compiled in C. Just for educational purpose.
phpvuln: 🕸️ Audit tool to find common vulnerabilities in PHP source code
CompTIA-Security-Hands-on-Labs-: Maybe you are studying for the CompTIA Security+ Course and don't have the hands-on labs that goes with it. This Free course is designed to help you close your hands-on knowledge gaps.
QuickLock: Sometimes locking your computer can take a long time if you have a tight schedeule or don't want to navigate Windows's menus. QuickLock solves all these problems by having an easy to click lock button.
pdfrip: A multi-threaded PDF password cracking utility equipped with commonly encountered password format builders and dictionary attacks.
hack.python: 白帽SEO是一种精神!
occlum: Occlum is a memory-safe, multi-process library OS for Intel SGX
shadowspace-curzor: Shadowrange is a cyberragne for active cybersecurity trainings and exercises. Curzor is one of the basics parts of that range - a web app containing multuple security vulnerabilities.
docker-spectre: Spectre and Meltdown in a docker containerized test
graudit: grep rough audit - source code auditing tool
CloudFrontier: Monitor the internet attack surface of various public cloud environments. Currently supports AWS, GCP, Azure, DigitalOcean and Oracle Cloud.
survivio-icehacks-aimbot-v1.0: A compiled surviv.io cheat (by IceHacks) with an old aimbot (v 1.0) for @VN BPM (on youtube).
torch: Command-line Cryptanalysis
Hande-Stealer: Powerful Discord Stealer written in python
fwexpl: PC firmware exploitation tool and library
OWASP-Calculator: 🧮 An online calculator to assess the risk of web vulnerabilities based on OWASP Risk Assessment
cryptonice: CryptoNice is both a command line tool and library which provides the ability to scan and report on the configuration of SSL/TLS for your internet or internal facing web services. Built using the sslyze API and ssl, http-client and dns libraries, cryptonice collects data on a given domain and performs a series of tests to check TLS configuration and supporting protocols such as HTTP2 and DNS.
tag-security: 🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!
Vulhub-Reproduce: 一个Vulhub漏洞复现知识库
SpamSlam: SpamSlam is a script I created to create accounts using the victim's cellphone number and as a result the victim will receive a ton of verification codes.
Project-Guardian: Project Guardian is designed as an open source and free portable Intrustion Detection System (IDS) and Firewall. Project Guardian was built on the Odroid XU-4 platform and is currently the only hardware officially supported by LEM Security LLC. Project Guardian is officially tested on the ARM version of Ubuntu 18.04 and in its current form should work just fine.
advisor-action: Alcide Advisor GitHub Action
Domain_Vulnerability_Detector: This script allows vulnerability testing to avoid penetration attacks by urls.
spectreScope: The demo of the speculative execution attack Spectre (CVE-2017-5753, CVE-2017-5715).
How-to-get-a-Entry-Level-Cybersecurity-Job: This repository is the store of all the main points and suggestions I have come across on LinkedIn, podcasts and YouTube related to finding an entry level cybersecurity job.
inputs: Clase para obtener entradas seguras GET, POST, HEADERS y más utilidades utilizables para APIS
jose-jwt: Ultimate Javascript Object Signing and Encryption (JOSE), JSON Web Token (JWT) and Json Web Keys (JWK) Implementation for .NET and .NET Core
vector-addon: A powerful open-source addon for Meteor Client.
snopf: snopf USB password token
research-threats: Collection of legal threats against good faith Security Researchers; vulnerability disclosure gone wrong. A continuation of work started by @attritionorg
owasp-fstm: The Firmware Security Testing Methodology (FSTM) is composed of nine stages tailored to enable security researchers, software developers, consultants, and Information Security professionals with conducting firmware security assessments.
shotdroid: ShotDroid is a pentesting tool for android. There are 3 tools that have their respective functions, Get files from Android directory, internal and external storage, Android Keylogger + Reverse Shell and Take a webcam shot of the face from the front camera of the phone and PC.
RS-Generator: Generador de Reverse Shell para distintos lenguajes de programación y sistemas operativos.
h1domains: HackerOne "in scope" domains
Cryptography-Communication-System: B.tech College Project for Secure Message Communication though Cryptography Algorithm
exploitation_docker: Docker container with exploitation technique examples, used in my master thesis
awesome-security-feed: A semi-curated list of Security Feeds
trafficker: Code written for the Google Maps traffic analysis demo. See the demo video at https://www.youtube.com/watch?v=skQNwd9Jij4 or the whitepaper which can be found in doc/. Talks about this were given at 44Con and Ruxcon.
reverser: Reverser - tiny 12k http based reverse tunnel using c++ as client and python3 as server
logiweb-microservices: First-part-application for T-Systems Java School
jsafer: A simple JS source code obfuscator/minifier that doesn't hurt consistency or speed.
steganographer: Steganograpy in Python | Hide files or data in Image Files
SecureBPMN: SecureBPMN is a domain-specific modeling language that allows to model security aspects (e.g., access control, separation of duty, confidentiality).
BrainDamage: Remote administration tool which uses Telegram as a C&C server
tomcatWarDeployer: Apache Tomcat auto WAR deployment & pwning penetration testing tool.
revive-cc: Static analysis tool for Hyperledger Frabric smart contracts written in Go.
AutoBlur-CNN-Features: Script to extract CNN deep features with different ConvNets, and then use them for an Image Classification task with a SVM classifier with lineal kernel over the following small datasets: Soccer [1], Birds [2], 17flowers [3], ImageNet-6Weapons[4] and ImageNet-7Arthropods[4].
Hexxo-Starl-client: n-gon hack client
DYFKeychain: ([Swift] https://github.com/dgynfi/DYFSwiftKeychain) This library is used to store text and data in Keychain securely for iOS, OS X, tvOS and watchOS. (Objective-C)
AllThingsOpen2018: All Things Open is the largest "Open" technology event on the east coast.
WizardOpium: Google Chrome Use After Free
graph-adversarial-learning-literature: A curated list of adversarial attacks and defenses papers on graph-structured data.
csgo_memory_hacking_examples: CsGO Memory Hacking C++ code examples. Ex: Read HP,Name,Coord,Bones,Weapons,items etc.
msspray: A basic username enumeration and password spraying tool aimed at spraying Microsoft's DOM based authentication using selenium.
zxcvbn-python: Python implementation of Dropbox's realistic password strength estimator
shellfinder: A Simple Tool to Find Shells and Some Interesting Endpoints in Websites
dms-filter: Library that offers Input Filtering based on Annotations for use with Objects. Check out 2.dev for 2.0 pre-release.
Shield.Dotnet.Client: The shield client for .NET allows you to interact with dotnetsafer shield from any environment and protect your software in an integrated way.
the-dao-hack-simulation: A simulation of the infamous DAO hack from 2016
gokart: A static analysis tool for securing Go code
RIPv6: Random IPv6 - circumvents restrictive IP address-based filter and blocking rules
Staticot: A BASH script to automate simple tasks related to static malware analysis
secure-open: A Docker environment to securely open images, videos, sounds and more.
Log4Shell-IOCs: A collection of intelligence about Log4Shell and its exploitation activity.
stronghold: Easily configure macOS security settings from the terminal.
ipa-medit: Memory modification tool for re-signed ipa supports iOS apps running on iPhone and Apple Silicon Mac without jailbreaking.
dumpall: 一款信息泄漏利用工具,适用于.git/.svn/.DS_Store泄漏和目录列出
kindle-pw2-5.6.5-jailbreak: jailbreak for the kindle paperwhite 2 firmware version 5.6.5
ssl-proxy: 🔒 Simple zero-config SSL reverse proxy with real autogenerated certificates (LetsEncrypt, self-signed, provided)
pwdsafety: 🔒command line tool checking password safety🔒
magicpad: MagicPad is an encryption suite for beginners. It is designed to be run standalone via the browser or executable (Electron).
Python-For-Ethical-Hacking: This is a complete project series on implementing hacking tools available in Kali Linux into python.
envkeygo: EnvKey's official Go client library
Debugger: An example of a Windows debugger that will attach to a running Assault Cube 1.2.0.2 process, change a specific instruction to an int 3 instruction (0xCC), and then restore the original instruction when the breakpoint is hit.
stig-cli: A CLI for perusing DISA STIG content Mac, Linux, and Windows Compatible
quay-workshop: This repository contains the source code for the Quay workshop.
password-wordlist-generator-cpp: Simple wordlist generator, made in c++. It's still in development. It can be a helpfull tool for pentesters trying out wordlist attacks.
DiscordExploit: This permission-less exploit can hijack a discord account
chef-postgres-hardening: This chef cookbook provides security configuration for PostgreSQL.
AlanFramework: A C2 post-exploitation framework
AuthMeReloaded: The best authentication plugin for the Bukkit/Spigot API!
BeFree: Website Security, Antivirus & Firewall || a powerful application that can secure your website against hackers, attacks and other incidents of abuse
grapX: grapX will iterate through the URLs and grep the endpoints with all possible extensions.
n00bRAT: Remote Administration Toolkit (or Trojan) for POSiX (Linux/Unix) system working as a Web Service
Kali-Linux-Tools-Interface: Graphical Web interface developed to facilitate the use of security information tools.
aau-security: Web application security project
X_INSTA: X_INSTA Powerful INSTAGRAM Password Brute Force Tool For Windows
ProxyLogon: ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF->GetWebShell)
kics: Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
UniTools-Termux: Instalador hacking para termux
Defender.Net: This is a project of the DevSec team, and I am their mentor Yaroslav. Defender.NET is a service that provides consultations, diagnostics and any help to secure your PC.
tpm2-tools: The source repository for the Trusted Platform Module (TPM2.0) tools
FlowMeter: ⭐ ⭐ Use ML to classify flows and packets as benign or malicious. ⭐ ⭐
pOSINT: Gather Open-Source Intelligence using PowerShell.
wpgarlic: A proof-of-concept WordPress plugin fuzzer
npq: 🎖safely* install packages with npm or yarn by auditing them as part of your install process
CVE-2019-8561: Proof of concept exploit for CVE-2019-8561 discovered by @jbradley89
iSOC: 📊 Deploy an "illegal" SOC to manage vulnerabilities on your city servers in minutes.
python_hacking_tools: A set of hacking tools written in Python
HackingVigenereCipher: Hacking using Markov chains and Python
UAC-Bypass: Bypassing windows uac, however its an old approach/method but its still unpatched ¯_(ツ)_/¯
pyWhat: 🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙♀️
centos7-tutorial: 
CentOS 7 运维实战🎬💥
Sojobo: A binary analysis framework
DLC-2018: Application of deep learning for cyber security
Crips: IP Tools To quickly get information about IP Address's, Web Pages and DNS records.
kubernetes-security-best-practice: Kubernetes Security - Best Practice Guide
Exploit-Vulnerabilities: Where can I find exploits and how to use them ?
samlists: Free, libre, effective, and data-driven wordlists for all!
icestick-lpc-tpm-sniffer: FPGA-based LPC bus sniffing tool for Lattice iCEstick Evaluation Kit
js-pp-poc: Proof of concept for prototype pollution attack on Redis drivers (node-redis & ioredis) for Node.js
awsEnum: Enumerate AWS cloud resources based on provided credential
blueborne-dockerized: Repo code for the related post on SecSI Blog: https://secsi.io/blog/blueborne-kill-chain-on-dockerized-android
vulners-agent: Agent scanner for vulners.com
ufw-docker: To fix the Docker and UFW security flaw without disabling iptables
scant3r: ScanT3r - Module based Bug Bounty Automation Tool
MalwareScripts: Malware scripts coded in C++ and BATCH.
DiamondHardLAMP: A script to build and manage a Diamond Hard secure Linux, Apache MariaDB, PHP(LAMP) Webhosting server. Builds and configure a LAMP stack with AppArmor, ModSecurity, ClamAV, LetsEncrypt, Fail2Ban, OSSEC, and UnattendedUpgrades.
CVE-2016-2098: Ruby On Rails unrestricted render() exploit
nanoid: Golang port of ai/nanoid (originally written in JavaScript)
printix-CVE-2022-25089: An "Incorrect Use of a Privileged API" vulnerability in PrintixService.exe, in Printix's "Printix Secure Cloud Print Management", Version 1.3.1106.0 and below allows a Local Or Remote attacker the ability change all HKEY Windows Registry values as SYSTEM context via the UITasks.PersistentRegistryData parameter.
BoopSuite: A Suite of Tools written in Python for wireless auditing and security testing.
Application-Gateway: Janusec Application Gateway, an application security solution which provides ACME HTTPS, WAF (Web Application Firewall), CC defense, OAuth2 Authentication and load balancing. Janusec应用网关,提供ACME自动化证书与HTTPS接入、WAF (Web Application Firewall)、CC防御、OAuth2身份认证、负载均衡等功能。
ssltest-stls: 🛠️ Proof-of-concept code for Heartbleed a.k.a. CVE2014-0160 with STARTTLS support for various protocols
AngelSword: Python3编写的CMS漏洞检测框架
spring4shell: Spring4Shell RCE exploit
Pacman-DDOS-Script: Pentesting Website Pacman Version 1.0 DDOS
markransom: Simple but sharp ransomware
SpeckNet: C# implementation of Speck cipher
Python-ByteBeat: Run ByteBeat in python 3!
nix-security-box: Tool set for Information security professionals and all others
SWEP: SWEP - the open-source Web Exploit Project, the development of the project has stopped, and under a complete rework. The name of the new project will be NEKOThreat.
ASU: facebook hacking toolkit
linux-container-security-docs: A gitbook for doing a null Bangalore session on linux container security to discuss and teach namespaces, cgroups etc.
php-8.1.0-dev-backdoor-rce: PHP 8.1.0-dev Backdoor System Shell Script
Ukraine-infosec-conferences: Анонси, програми та архів матеріалів українських конференцій з кібер-безпеки.
Fuerza-Bruta: Un ataque de fuerza bruta es aquel donde se intenta recuperar una clave o contraseña probando todas las combinaciones posibles hasta encontrar la que permite el acceso. Por lo general, los ataques de fuerza bruta se combinan con ataques de diccionario, que consiste en intentar averiguar una clave o contraseña probando todas las palabras de un diccionario. Este último tipo de ataque suele ser exitoso cuando las contraseñas están formadas por palabras comunes.
twofactorauth: List of sites with two factor auth support which includes SMS, email, phone calls, hardware, and software.
Analyst-Tool: Analyst Tool to automate some of an analyst's daily investigation tasks. In both python script and Jupyter Notebook format.
psvita-webkit: PSVita Webkit Exploit
Penetration-Testing-Tools: A collection of more than 170+ tools, scripts, cheatsheets and other loots that I've developed over years for Red Teaming/Pentesting/IT Security audits purposes.
CyberPhish: A heavily armed customizable phishing tool for educational purpose only
b2k4: B2K4 - New Facebook OLD Id Cloner Tool | 2003-2011 Facebook Account Cloner | Custom Cloner Maker | Number + UID Cloner | Crack From Friendlist | Crack From Public | Crack From File | File Cloner | Without Login Cloner | With 50+ Extra Passwords Cracker | No Checkpoint JUST NOW LOGIN | All New APIs For Cracking | [ PAID + FREE TOOL ]
anonfiles-xss-0day: anonfiles.com XSS 0day exploit
Android-SSL-Pinning-WebViews: A simple demo app that demonstrates Certificate pinning and scheme/domain whitelisting in Android WebViews
c-jwt-cracker: JWT brute force cracker written in C
JSShell: An interactive multi-user web JS shell
HtmlSmuggling: HTML smuggling is a malicious technique used by hackers to hide malware payloads in an encoded script in a specially crafted HTML attachment or web page. The malicious script decodes and deploys the payload on the targeted device when the victim opens/clicks the HTML attachment/link. The HTML smuggling technique leverages legitimate HTML5 and JavaScript features to hide malicious payloads and evade security detections. The HTML smuggling method is highly evasive. It could bypass standard perimeter security controls like web proxies and email gateways, which only check for suspicious attachments like EXE, DLL, ZIP, RAR, DOCX or PDF
shakeitoff: Windows MSI Installer LPE (CVE-2021-43883)
springShodanBash: Bash Script for Enumerating Spring Applications
SecureFolderFS: Powerful, secure, modern way to keep your files protected.
webkiller: Tool Information Gathering Write By Python.
Hive2Hive: Java library for secure, distributed, P2P-based file synchronization and sharing.
express-gateway: A microservices API Gateway built on top of Express.js
checkforce.js: 💪 A library that helps to perform tasks to test strength of passwords
CVE-2020-0688_EXP: CVE-2020-0688_EXP Auto trigger payload & encrypt method
PyCPU: Central Processing Unit Information Gathering Tool
Crypto-OpSec-SelfGuard-RoadMap: Here we collect and discuss the best DeFi,Blockchain and crypto-related OpSec researches and data terminals - contributions are welcome.
rawsec-cybersecurity-inventory: An inventory of tools and resources about CyberSecurity that aims to help people to find everything related to CyberSecurity.
njsscan: njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
laravel-zxcvbn: @dropbox Zxcvbn Password validation rule for Laravel 9 and above
A-New-Approach-of-Image-Encryption-Using-3D
cakephp3-captcha: Cakephp 3 Captcha Plugin - Image Captcha, Google Recaptcha & Simple Match Question Challenge to protect form submission data from spam
Vulny-Code-Static-Analysis: Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex
WhiteHat: Information about my experiences in cybersecurity 💀
device_google_coral: Pixel 4 and Pixel 4 XL device sources.
phuck: Single-file shell to f__k vulnerable PHP servers, solely for educational and research purposes. Powered by Bootstrap and React.js, features a file browser and browser based, SSH like terminal.
dropwizard-pac4j: A Dropwizard bundle for securing REST endpoints using pac4j
hacktricks: Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
Protocol-Analyzer: Fuzz testing framework for network protocols.
linux-rootkits-red-blue-teams: Linux Rootkits (4.x Kernel)
testssl.sh-alerts: Alerting engine (slack etc) for testssl.sh JSON result output files
VisualBasicObfuscator: Visual Basic Code universal Obfuscator intended to be used during penetration testing assignments.
CaptfEncoder: Captfencoder is a rapid cross platform network security tool suite, providing network security related code conversion, classical cryptography, cryptography, asymmetric encryption, miscellaneous tools, and aggregating all kinds of online tools.
cs-suite: Cloud Security Suite - One stop tool for auditing the security posture of AWS/GCP/Azure infrastructure.
IPRotate_Burp_Extension: Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.
udemy-PythonOffensivePentesting: https://www.udemy.com/python-for-offensive-security-practical-course
sublert: Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.
MetaInject: Inject Metasploit Shell Code in Legitimate Process
dawnscanner: Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.
JAFE: Just Another Fifa Exploit: Unsigned code execution for FIFA Soccer 06 (USA) for the NDS
shhgit: Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories: www.shhgit.com
awesome-privacy: 🦄 A curated list of privacy & security-focused software and services
steampipe: Use SQL to instantly query your cloud services (AWS, Azure, GCP and more). Open source CLI. No DB required.
LAZYPARIAH: A tool for generating reverse shell payloads on the fly.
eyeballer: Convolutional neural network for analyzing pentest screenshots
kernel_google_coral_techpack_audio: Pixel 4, Pixel 4 XL and Pixel 4a audio driver sources.
security-apis: A collective list of public APIs for use in security. Contributions welcome
AMDH: Android Mobile Device Hardening
CodeTest: 脚本工具合集GUI版本,内置漏洞验证、利用模块,可自定义脚本实现批量验证。
web-fuzz-wordlists: Common Web Managers Fuzz Wordlists
blokada: The official repo for Blokada for Android and iOS.
maching-learning-CDAC-Technopark: Maching learning workshop at CDAC, Technopark, Thiruvananthapuram
binserve: A fast production-ready static web server with TLS (HTTPS), routing, hot reloading, caching, templating, and security in a single-binary you can set up with zero code. ⚡
phishing-frenzy: Ruby on Rails Phishing Framework
NTLMRecon: Enumerate information from NTLM authentication enabled web endpoints 🔎
CertEagle: Weaponizing Live CT logs for automated monitoring of assets
Amphetamine: A Browser corruption Exploit written in JS FIXED!
overwatch-aimbot: 🔫🎮 An OpenCV based Overwatch Aimbot for Windows
CVE-2021-36260: 海康威视RCE漏洞 批量检测和利用工具
docker-k8s-practica-2020: Ejercicio práctico para demostrar los conocimientos adquiridos sobre Docker, Kubernetes y buenas prácticas de seguridad
tetragon: eBPF-based Security Observability and Runtime Enforcement
Hacking-With-Golang: Golang安全资源合集
Cybercrime-Report-Template: Template to use when you've fallen victim of a cybercrime.
O-MEGA_VIRUS_2: O-MEGA VIRUS_V2
mona-ropshell: For all loaded modules (DLLs), fetch ROP gadgets querying Ropshell DB
eReKon: Yet another web recon tool But beautiful
Memory-Hacking-Class: Easy-to-use class to read and modify other processes memory.
HTTPUploadExfil: A simple HTTP server for delivering and exfiltrating files/data during, for example, CTFs.
PocOrExp_in_Github: 聚合Github上已有的Poc或者Exp,CVE信息来自CVE官网。Auto Collect Poc Or Exp from Github by CVE ID.
hacl-star: HACL*, a formally verified cryptographic library written in F*
metin2-akira-metasploit: Hybrid client emulator (python and C++) for Metin2.
spookey: SpooKey is a keylogger written in C++ that uses kernel-level APIs to capture keystrokes (Linux only. Windows is a work in progress)
magicRecon: MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.
vmware_guest_auth_bypass: Proof of concept of VMSA-2017-0012
mageni: ⚡️ Zero-friction Vulnerability Management
sandmap: Nmap on steroids. Simple CLI with the ability to run pure Nmap engine, 31 modules with 459 scan profiles.
DNS-Discovery: DNS-Discovery is a multithreaded subdomain bruteforcer.
nodebb-demo: Fork of NodeBB project v1.7.5 optimized for Kubernetes with Bluefyre
SATANKLGR: ⛤Keylogger Generator for Windows written in Python⛤
PHISHLET-EVILGINX2-: PHISHLET [EVILGINX2] Settings for phishing sites are written in the yaml language. This is a long development of my collection that I have been working on for the last 3 months due to changes in site security rules in particular scripts for bypassing the CloudFlare security. 🙌 I PRESENT to you my collection from the sites : 1Password / Binance / Bitfinex / Bittrex / Bitwarden / Blockchain / Cex.io / Coinbase / Dashlane / Enpass / Enterprise WebAccountManager / Exmo / FTX Trading / Google / Huobi / Keeper / Korbit / Kraken / LastPass / MultiPassword / O365 / Yahoo Contributing If you are interested in creating an email or phishing website template, contact me at [twitter or tlgrm] DEVELOPER DO NOT SUPPORT ANY OF THE ILLEGAL ACTIVITIES. Contact Me on telegram or twitter: https://twitter.com/TrewisScotch / https://t.me/HiroSCOTCH
threat-modelling: Threat Modelling Assets (STRIDE, DREAD, etc. cheat sheets)
DevSecOps-Playbook: This is a step-by-step guide to implementing a DevSecOps program for any size organization
THE_HIVE: A public repository for red team/blue team stuff
heapinspect: 🔍Heap analysis tool for CTF pwn.
CTF-Write-UP: 澳門網絡安全暨奪旗競賽協會(Macau Cyber Security and Capture The Flag Association)MOCSCTF/MOCTF
wafparan01d3: Quick WAF "paranoid" Doctor Evaluation | WAFPARAN01D3 Tool
metabigor: Intelligence tool but without API key
ApkAnalyser: 一键提取安卓应用中可能存在的敏感信息。
Carilana: Scripts developed for the LiquidBounce script api.
SublimeXssEncode: Converts characters from one encoding to another using a transformation.
laravel-acl: This package helps you to associate users with permissions and permission groups with laravel framework
Python-Metasploit-Framework-Database-Management: Python - Metasploit-Framework Database Management
RootTheBox: A Game of Hackers (CTF Scoreboard & Game Manager)
BeeF-Over-Wan: Browser Exploitation Framework is a Open-source penetration testing tool that focuses on browser-based vulnerabilities .This Python Script does the changes Required to make hooked Linked Accessible Over WAN .So anyone can use this framework and Attack Over WAN without Port Forwarding [NGROK or any Localhost to Webhost Service Required ]
Log-killer: Clear all your logs in [linux/windows] servers 🛡️
Biometric-Attack: This project has been created as a Final project for my B.A. in CS. The project attempts to find the actual security of state-of-the-art facial recognition technologies, and attempts to prove that they are vulnerable to fairly complex brute-force attacks.
wahh_extras: The Web Application Hacker's Handbook - Extra Content
Vxscan: python3写的综合扫描工具,主要用来存活验证,敏感文件探测(目录扫描/js泄露接口/html注释泄露),WAF/CDN识别,端口扫描,指纹/服务识别,操作系统识别,POC扫描,SQL注入,绕过CDN,查询旁站等功能,主要用来甲方自测或乙方授权测试,请勿用来搞破坏。
CyberMachine: Detects cyber threats to the end user with machine learning. This tool can do malware analysis of given exe file, spam analysis of given url and mail.
aleph-docker: An docker compose to quickly load your Aleph for malware analysis.
sa-secure-audit-rkhunter: rkhunter (Rootkit Hunter) is a Unix-based tool that scans for rootkits, backdoors and possible local exploits. It does this by comparing SHA-1 hashes of important files with known good ones in online databases, searching for default directories (of rootkits), wrong permissions, hidden files, suspicious strings in kernel modules, and special tests for Linux and FreeBSD.
HCSystem: Hacker Combat is an experimental game environment enabling head-to-head competition using Cyber Security, and Computer Science
dooked: DNS and Target HTTP History Local Storage and Search
WSO-SHELL: W.S.O Is A Php Based WebShell. With The Help Of This Shell You Can Bypass Many Web Server.
verimqtt: verimqtt, a formally verified mqtt library written in F*.一定の条件下であればバグがないMQTT実装。
Malware_Classification_Final_Project: Yossi Mandil & Tomer Gill's Bachelor Degree Final Project under the BIU Cyber Center - Malware & Benign File Classification using Machine Learning & Deep Learning
DiscordDataGrabber: 🔧 The program that allows you to grab certain info about the victim
apple-knowledge: A collection of reverse engineered Apple things, as well as a machine-readable database of Apple hardware
laravel-firewall: Web Application Firewall (WAF) package for Laravel
awesome-phishing: Collection of resources related to phishing
hexo-leancloud-counter-security: A plugin to fix a serious security bug in leancloud visitor counter for NexT.
shodanalyzer: Ports scanner, web technologies viewer, CVEs tracker and geolocator, based on shodan.io
Mailpile: A free & open modern, fast email client with user-friendly encryption and privacy features
CVE-2022-30780-lighttpd-denial-of-service: CVE-2022-30780 - lighttpd remote denial of service
caldera_pathfinder: Pathfinder is a plugin for mapping network vulnerabilities, scanned by CALDERA or imported by a supported network scanner, and translating those scans into adversaries for network traversal.
GScan: 本程序旨在为安全应急响应人员对Linux主机排查时提供便利,实现主机侧Checklist的自动全面化检测,根据检测结果自动数据聚合,进行黑客攻击路径溯源。
rabbit-shell: Rabbit shell reverse shell tool.
SecurityTools: 渗透测试工具包 | 开源安全测试工具 | 网络安全工具
snow-crash: 42 | Privilege escalation exercices on a system image
linux-smart-enumeration: Linux enumeration tool for pentesting and CTFs with verbosity levels
zeek-plugin-bacnet: Zeek network security monitor plugin that enables parsing of the BACnet standard building controls protocol
VMR-MDK-K2-2017R-012x4: VMR-MDK is a script/tool for hacking wps wireless networks
SSAM: The Server-based Security Architecture Model (SSAM) - OMNeT++ 4.1
ARL-plus-docker: 基于斗象灯塔ARL修改后的版本。相比原版,增加了OneForAll、中央数据库,修改了altDns
awesome-detection-engineering: A list of useful Detection Engineering-related resources.
bottle-cork: Authentication module for the Bottle and Flask web frameworks
xiu: A simple and secure live media server in pure Rust (RTMP/HTTP-FLV/HLS/Relay).🦀
projeto_python: Projeto Python segundo o livro da casa do código
cicd-goat: A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
kepler: NIST-based CVE lookup store and API powered by Rust.
socialfake: A powerful tool for carrying out social engineering attacks.
nocom-viewer: High memory usage reference implementation.
better-errors-rce: Shows off an RCE with better_errors w/ binding_of_caller using DNS Rebinding
SLAE: SecurityTube Linux Assembly Expert x86 Exam
afl_pidgin: Fuzz pidgin dbus by using AFL++ and clang's ASAN
VAnalyzer: VAnalyzer is a python tool designed to automate the reconnaissance or information gathering process.
inseca: INSECA is a set of tools to build and manage very secure live Linux based endpoint systems.
CVE-2013-2028-Exploit: CVE-2013-2028 python exploit
keystone: Keystone assembler framework: Core (Arm, Arm64, Hexagon, Mips, PowerPC, Sparc, SystemZ & X86) + bindings
SECR: Application security made easy
pakcrack: All in 1 Pakisthani Facebook Cloner [ 7/8/9/10/11 DIGIT ]
dc-sonar: Analyzing AD domains for security risks related to user accounts
webappsec-trusted-types: A browser API to prevent DOM-Based Cross Site Scripting in modern web applications.
cuc-wiki: 个人教学 Wiki
d00r: Simple directory brute-force tool written with python.
homebridge-unifi-protect: 📹 Complete HomeKit integration for UniFi Protect with full support for most features including autoconfiguration, motion detection, and multiple controllers: https://homebridge.io
guia-ackercode: Guia Acker Code de Programação e Hacking
S.A.N.E.-AI: Repo for S.A.N.E. (more info can be found under the public project), this is my current project to assist in learning the basics of Python.
forthectf: A library of tools I assembled from various sources in preparation for the REDEYE hack night ctf
APACHE-2.4-CIS: CIS Baseline Ansible Role for Apache 2.4
PicoCTF2021-Writeup: Solutions (that we managed to find) for the 2021 PicoCTF
kraken: Kraken: A multi-platform distributed brute-force password cracking system
docker-slim: DockerSlim (docker-slim): Don't change anything in your Docker container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)
optiga-trust-x: OPTIGA™ Trust X Software Framework
svm: Program to perform vulnerability analysis and automatically generate a report
CTF-Solve
Port_Scanner: This is my take on creating a port scanner script. I kept different version for learning purposes
pie-my-vulns: Visualize your project security vulnerabilities as a pie chart in the terminal
google-translate-exploit: Google Translate Translation Exploit
IpHack: Track Location With Live Address And City in Termux
Elysian: Source code to Austins, "Elysian" exploit.
awesome-ml-for-threat-detection: A curated list of resources to deep dive into the intersection of applied machine learning and threat detection.
eks-creation-engine: The Amazon Elastic Kubernetes Service (EKS) Creation Engine (ECE) is a Python command-line program created by the Lightspin Office of the CISO to facilitate the creation and enablement of secure EKS Clusters.
clr-meterpreter: The full story of the CLR implementation of Meterpreter
DeadRinger: A proof of concept iPhone X lock screen spoof
PenTestKit: Tools, scripts and tips useful during Penetration Testing engagements.
Squid-Password-Bruteforcer: A Python snippet for Bruteforcing my University Squid Proxy server with a list of common passwords.
master_librarian: A simple tool to audit Unix/*BSD/Linux system libraries to find public security vulnerabilities
HackThisAI: Adversarial Machine Learning (AML) Capture the Flag (CTF)
Cyber-Tech-Articles: Repositório que a apresenta os meus artigos sobre tecnologia - Linux, Cibersegurança, Computação Forense e Gestão de Projectos
upi-recon-cli: UPI Reconnaissance tool
go-spyse: The official wrapper for spyse.com API, written in Go, aimed to help developers build their integrations with Spyse.
Login-System-API: AMXX Project
[SMB-Utility](https://github.com/Maseya/SMB