This is your work, valued
Just another InfoSec ninja & bad coder! My latest ongoing project is AttackSurfaceMapper. Feedback & Suggestions are always welcome @superhedgy
AttackSurfaceMapper. AttackSurfaceMapper is a tool that aims to automate the reconnaissance process.
★ 1.4kmassSSL. A simple script for testing multiple hundred of hosts for SSL/TSL configuration.
★ 7sphinx. External Network Reconnaissance script
★ 5InfoSec-Black-Friday. All the deals for InfoSec related software/tools this Black Friday
★ 1prowler. Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains all CIS controls listed here https://d0.awsstatic.com/whitepapers/compliance/AWS_CIS_Foundations_Benchmark.pdf and more than 100 additional checks that help on GDPR, HIPAA and other security requirements.
★ 1Awesome-Black-Friday-Cyber-Monday. Awesome deals on Black Friday: Apps, SaaS, Books, Courses, etc.
★ 1Cheatsheets. A list of Cheatsheet compiled by CloudBreach Team
★ 49EnvWatch. A Go utility that scans your system for exposed secrets in environment variables and .env files.
★ 8DreadGOAD. Go
★ 87InfoSec-Black-Friday. All the deals for InfoSec related software/tools this Black Friday
★ 263aws_public_ips. Fetch all public IP addresses tied to your AWS account. Works with IPv4/IPv6, Classic/VPC networking, and across all AWS services
★ 642cobalt-arsenal. My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+
★ 1.1kRedWarden. Cobalt Strike C2 Reverse proxy that fends off Blue Teams, AVs, EDRs, scanners through packet inspection and malleable profile correlation
★ 997OffensiveCSharp. Collection of Offensive C# Tooling
★ 1.5kMSOLSpray. A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid, if MFA is enabled on the account, if a tenant doesn't exist, if a user doesn't exist, if the account is locked, or if the account is disabled.
★ 1.1kawesome-cloud-security. 🛡️ Awesome Cloud Security Resources ⚔️
★ 2.5kCVE-2022-22536. SAP memory pipes(MPI) desynchronization vulnerability CVE-2022-22536.
★ 51cve. Gather and update all available and newest CVEs with their PoC.
★ 7.9kntlm_theft. A tool for generating multiple types of NTLMv2 hash theft files by Jacob Wilkin (Greenwolf)
★ 1.4kcs-suite. Cloud Security Suite - One stop tool for auditing the security posture of AWS/GCP/Azure infrastructure.
★ 1.2kcharlotte. c++ fully undetected shellcode launcher ;)
★ 975ScoutSuite. Multi-Cloud Security Auditing Tool
★ 7.7kActive-Directory-Exploitation-Cheat-Sheet. A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
★ 6.7kTakeATest. JavaScript
★ 20lyncsmash. locate and attack Lync/Skype for Business
★ 345adfsbrute. A script to test credentials against Active Directory Federation Services (ADFS), allowing password spraying or bruteforce attacks.
★ 182Redcloud. Automated Red Team Infrastructure deployement using Docker
★ 1.3kCCSC-CTF-2021. Official challenge repository of CCSC CTF 2021
★ 10nmap-parse-output. Converts/manipulates/extracts data from a Nmap scan output.
★ 554azucar. Security auditing tool for Azure environments
★ 583invoke-atomicredteam. Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics) of Red Canary's Atomic Red Team project.
★ 1.1kBurpSuite_403Bypasser. Burpsuite Extension to bypass 403 restricted directory
★ 1.7kgitGraber. gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
★ 2.3kGhostwriter. The SpecterOps project management and reporting engine
★ 1.9kStormspotter. Azure Red Team tool for graphing Azure and Azure Active Directory objects
★ 1.7kfuzzdb. Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
★ 9koverlord. Overlord - Red Teaming Infrastructure Automation
★ 636CVE-2019-18935. RCE exploit for a .NET JSON deserialization vulnerability in Telerik UI for ASP.NET AJAX.
★ 373cloudsplaining. Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.
★ 2.2kNessus_Map. Parse .nessus file(s) and shows output in interactive UI
★ 163crackq. CrackQ: A Python Hashcat cracking queue system
★ 942public-pentesting-reports. A list of public penetration test reports published by several consulting firms and academic security groups.
★ 9.6klscript. The LAZY script will make your life easier, and of course faster.
★ 4.3kCCSC-CTF-2020. All challenges for the CCSC 2020 CTF
★ 10evilginx2. Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
★ 15kovisbot. Discord bot focused on managing and organising CTFs / Security stuff
★ 17SecLists. SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
★ 72kmedusa. Medusa is a speedy, parallel, and modular, login brute-forcer.
★ 874brutespray. Fast, multi-protocol credential brute-forcer. Parses Nmap, Nessus, and Nexpose output to automatically test default and custom credentials across 30+ protocols.
★ 2.5kAttackSurfaceMapper. AttackSurfaceMapper is a tool that aims to automate the reconnaissance process.
★ 1.4krequests-html. Pythonic HTML Parsing for Humans™
★ 14kBKScan. BlueKeep scanner supporting NLA
★ 166static-binaries. Various *nix tools built as statically-linked binaries
★ 3.7kmetasploit-framework. Metasploit Framework
★ 39kVHostScan. A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
★ 1.3kPhoton. Incredibly fast crawler designed for OSINT.
★ 13kCatMyPhish. Search for categorized domain
★ 462PandorasBox. Security tool to quickly audit Public Box files and folders.
★ 56CrackMapExec. A swiss army knife for pentesting networks
★ 9.2kaws-security-checks. AWS Security Checks
★ 41hackthebox-writeups. Writeups for HacktheBox 'boot2root' machines
★ 2kcisco_pwdecrypt. Simple Python tool to decrypt the "enc_GroupPwd" variable in PCF files (and type 5/7 passwords).
★ 108MITMf. Framework for Man-In-The-Middle attacks
★ 3.6kphishing_catcher. Phishing catcher using Certstream
★ 1.8kXSStrike. Most advanced XSS scanner.
★ 15kEyeWitness. EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
★ 5.8kDoHC2. DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH).
★ 450SlackExtract. A PowerShell script to download all files, messages and user profiles that a user has access to in slack.
★ 161LogRM. LogRM is a post exploitation powershell script which it uses windows event logs to gather information about internal network
★ 74email-Spoofer. Simple Email/MMS spoofer included mass mail attack feature and a compatible mobile version
★ 24SimpleEmailSpoofer. A simple Python CLI to spoof emails.
★ 562sheepl. Sheepl : Creating realistic user behaviour for supporting tradecraft development within lab environments
★ 401lanturtle-modules. The Official LAN Turtle Module Repository
★ 352AWSBucketDump. Security Tool to Look For Interesting Files in S3 Buckets
★ 1.5ksocial_mapper. A Social Media Enumeration & Correlation Tool by Jacob Wilkin(Greenwolf)
★ 4.1kNamechk. Osint tool based on namechk.com for checking usernames on more than 100 websites, forums and social networks.
★ 616ssh-auditor. The best way to scan for weak ssh passwords on your network
★ 622IntruderPayloads. A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
★ 4kgophish. Open-Source Phishing Toolkit
★ 14kAirachnid-Burp-Extension. A Burp Extension to test applications for vulnerability to the Web Cache Deception attack
★ 142ipv4Bypass. Using IPv6 to Bypass Security
★ 93awesome-threat-intelligence. A curated list of Awesome Threat Intelligence resources
★ 10knikto. Nikto web server scanner
★ 11kBloodHound-Legacy. Six Degrees of Domain Admin
★ 11kpentest_scripts. Python
★ 197GitTools. A repository with 3 tools for pwn'ing websites with .git repositories available
★ 4.2kPoSHBypass. C#
★ 25struts-pwn. An exploit for Apache Struts CVE-2017-5638
★ 444HELK. The Hunting ELK
★ 3.9kspaces-finder. A tool to hunt for publicly accessible DigitalOcean Spaces
★ 157masscan. TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
★ 26kPCredz. This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.
★ 2.5kDET. (extensible) Data Exfiltration Toolkit (DET)
★ 163spiderfoot. SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
★ 19kResponder. Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
★ 4.9kSpray. A Password Spraying tool for Active Directory Credentials by Jacob Wilkin(Greenwolf)
★ 764HostHunter. HostHunter a recon tool for discovering hostnames using OSINT techniques.
★ 1.2kip2hosts. Dirty bash script to obtain hosts given an IP address
★ 35httprecon-nse. Advanced web server fingerprinting for Nmap
★ 131wordlist. Collection of some common wordlists such as RDP password, user name list, ssh password wordlist for brute force. IP Cameras Default Passwords.
★ 1.8kgoGetBucket. A penetration testing tool to enumerate and analyse Amazon S3 Buckets owned by a domain.
★ 116altdns. Generates permutations, alterations and mutations of subdomains and then resolves them
★ 2.5kMastering-Modern-Web-Penetration-Testing. Code repository for Mastering Modern Web Penetration Testing, published by Packt
★ 73respounder. Respounder detects presence of responder in the network.
★ 324API-InstagramLocation. Python OSINT Tool to retrieve pictures from a specific location using Instagram API
★ 37massSSL. A simple script for testing multiple hundred of hosts for SSL/TSL configuration.
★ 7TeamViewer_Permissions_Hook_V1. A proof of concept injectable C++ dll, that uses naked inline hooking and direct memory modification to change your TeamViewer permissions.
★ 309steamer. For importing, searching, and managing public password breach data
★ 161sphinx. External Network Reconnaissance script
★ 5Prowl. Python
★ 278GRASSMARLIN. Provides situational awareness of Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) networks in support of network security assessments. #nsacyber
★ 1.1ksslscan. sslscan tests SSL/TLS enabled services to discover supported cipher suites
★ 2.6kModSecurity. ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.
★ 9.7kopenssl. General purpose TLS and crypto library
★ 30kmdns_recon. Multicast DNS and DNS service discovery daemons deployed on various systems across the Internet are misconfigured and reply to queries targeting their unicast addresses, including requests from their WAN interface. These daemons could be leveraged by attackers for sensitive information disclosure and potentially used in DDoS campaigns for reflection and in some cases amplification. This vulnerability was made public in cordination with CERT (http://www.kb.cert.org/vuls/id/550620)
★ 87bet2512. A custom Dockerfile, ooniprobe test deck and URL list compiled from different version of blocklists introduced in Cyprus.
★ 3Responder. Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
★ 6.5kwebshells. Various webshells. We accept pull requests for additions to this collection.
★ 1kdatasploit. An #OSINT Framework to perform various recon techniques on Companies, People, Phone Number, Bitcoin Addresses, etc., aggregate all the raw data, and give data in multiple formats.
★ 3.3kphp-webshells. Common PHP webshells you might need for your Penetration Testing assignments or CTF challenges. Do not host the file(s) on your server!
★ 2kIIS-ShortName-Scanner. latest version of scanners for IIS short filename (8.3) disclosure vulnerability
★ 1.7ksslyze. Fast and powerful SSL/TLS scanning library.
★ 3.8kzaproxy. The ZAP by Checkmarx Core project
★ 15kpupy. Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C
★ 9ksnoopy-ng. Snoopy v2.0 - modular digital terrestrial tracking framework
★ 443XSSChallengeWiki. Welcome to the XSS Challenge Wiki!
★ 1.6kdotcom. The mothership website for hack{cyprus}
★ 1sqlmap. Automatic SQL injection and database takeover tool
★ 38kPillow. Python Imaging Library (fork)
★ 14kp2p-adb. Phone to Phone Android Debug Bridge - A project for "debugging" phones... from other phones.
★ 600GeoTrust. Signing keys
★ 96beef. The Browser Exploitation Framework Project
★ 11ktestssl.sh. Testing TLS/SSL encryption anywhere on any port
★ 9.1kwifiphisher. The Rogue Access Point Framework
★ 15k