This is your work, valued

United States

Paul

Elite
@PaulSec

I can't promise anything but I'll do my best.

awesome-sec-talks. A collected list of awesome security talks

4.2k

awesome-windows-domain-hardening. A curated list of awesome Security Hardening techniques for Windows.

1.8k

twittor. A fully featured backdoor that uses Twitter as a C&C server

804

API-dnsdumpster.com. (Unofficial) Python API for https://dnsdumpster.com/

282

HQLmap. (Deprecated) HQLmap, Automatic tool to exploit HQL injections

231

Shodan.io-mobile-app. Official repository for the Shodan.io mobile Application

203

CSRFT. A lightweight CSRF Toolkit for easy Proof of concept

173

DET. (extensible) Data Exfiltration Toolkit (DET)

163

crt.sh. (Unofficial) Python API for https://crt.sh

152

Shodan-Firefox-Addon. Shodan Firefox Add-on

151

osint-facebook-reset-password. Python util to retrieve full display name and profile picture from a single email address

107

skype-osint. Python OSINT Tool to retrieve information from Skype

76

SPIPScan. SPIP (CMS) Scanner for penetration testing purpose written in Python

73

API-EZTV.it. (Unofficial) Python API for the torrent website EZTV.it

72

metasearch-public. Stop searching for sample hashes on 10 different sites.

66

API-malwr.com. (Unofficial) Python API for https://malwr.com/

62

cybercrime-tracker.net. (Unofficial) Python API for cybercrime-tracker.net

38

go-http-monitor. A (dead-simple) Golang utility allowing you to monitor HTTP endpoints

38

API-InstagramLocation. Python OSINT Tool to retrieve pictures from a specific location using Instagram API

37

pepito. Finds sensitive stuff in your git repository by specifying terms to look for

31

Shodan-mattermost. Mattermost - Shodan Slash command

31

VNWA. Vulnerable Node.js Web Application to pratice with your pentesting skills

21

API-namechk.com. (Unofficial) Python API for http://namechk.com

20

HTTP-traceroute. HTTP-traceroute in Go

19

exploitdb-json-api. JSON API for ExploitDB Website

17

ransomware-tracker. (Unofficial) Python API for http://ransomwaretracker.abuse.ch/tracker/

16

SearchShodan. This is a basic example of how to search into Shodan using the ShodanAPI.

15

API-netcraft.com. (Unofficial) Python API for http://netcraft.com

15

API-checkusernames.com. (Unofficial) Python API for http://checkusernames.com

13

passphrase-wordlist. Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

13

XSS-Callback. A lightweight HTTP Server that exploits XSS victim's session automatically

11

SSLBlackList. (Unofficial) Python API for https://sslbl.abuse.ch/

11

SecLists. SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

11

WhatHashIsIt. # Deprecated # "What hash is it?" service allows you to identify the hashing functions used of your hash(es) based on their characteristics.

10

Social-Markdown. "Dillinger.io clone" allowing live concurrent editing.

10

TVShowsManager. Basic manager to download your TV Shows automatically with EZTV.it website.

9

recon-scan. Recon tool using Yatedo and Pipl

9

paulsec.github.io. Repository containing my portfolio

8

AIL-framework. AIL framework - Analysis Information Leak framework

7

API-HaveIBeenPwned. (Unofficial) Python API for HaveIBeenPwned Website

7

Python-plugins. Quick Python project with a simple Plugin architecture

7

what-is-this-browser. Python script that tells you what's the potential configuration behind a User-Agent

6

ESPloitV2. WiFi Keystroke Injection Tool designed for an Atmega 32u4/ESP8266 Paired via Serial (Cactus WHID Firmware). Also features Serial, HTTP, and PASV FTP exfiltration methods and an integrated Credential Harvester Phishing tool called ESPortal.

6

drupal-enum-users. (Python) Quick script to enumerate users on a Drupal instance

6

censysio. Censysio Python wrapper

6

markovobfuscate. Python library and tools to obfuscate data based on Markov models built off the same data

6

burito. # Deprecated # Burito, Hydra-like tool to audit Web application using forms containing server-side generated params.

6

theHarvester. E-mail, subdomain and people names harvester

5

urh. Universal Radio Hacker: investigate wireless protocols like a boss

4

shellpot-nodejs. Honeypot written in Node.js for the Shellshock vulnerability

4

node-ip-info. Retrieves information about a specific IP

4

API-ShouldIChangeMyPassword. (Unofficial) Python API for ShouldIChangeMyPassword Website

4

gophish. Open-Source Phishing Toolkit

3

webhooks. :fishing_pole_and_fish: Webhook receiver for GitHub, Bitbucket, GitLab, Gogs

3

Empire. Empire is a PowerShell and Python post-exploitation agent.

2