Trending repositories for topic infosec
Hunt down social media accounts by username across social networks
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
A smarter web fuzzing tool that combines local LLM models and ffuf to optimize directory and file discovery
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
The essential toolkit for reversing, malware analysis, and cracking
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
Here we collect and discuss the best DeFi, Blockchain and crypto-related OpSec researches and data terminals - contributions are welcome.
Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more
A smarter web fuzzing tool that combines local LLM models and ffuf to optimize directory and file discovery
Burp Suite extension for bypassing client-side encryption for pentesting and bug bounty in WebSocket
The essential toolkit for reversing, malware analysis, and cracking
A guide to using the Aircrack-ng suite for cracking 802.11 WEP and WPA/WPA2-PSK keys, including techniques like packet sniffing and injection attacks to test Wi-Fi network security.
This Python application is an OSINT (Open Source Intelligence) tool called "Ominis OSINT - Web Hunter." It performs online information gathering by querying Google for search results related to a user...
A good selection of Privacy & Infosec tools that will help you understand more about how to protect your online privacy and security.
InfoHound is an OSINT to extract a large amount of data given a web domain name.
Public Repository of Open Source Tools for Cyber Threat Intelligence Analysts and Researchers
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
Generate tens of thousands of subdomain combinations in a matter of seconds
A curated list of Awesome Threat Intelligence Blogs
Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more
List of CyberSecurity Resources and some different Sub-Domains of CyberSecurity
Hunt down social media accounts by username across social networks
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
A smarter web fuzzing tool that combines local LLM models and ffuf to optimize directory and file discovery
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
The essential toolkit for reversing, malware analysis, and cracking
This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
🔥 Web-application firewalls (WAFs) from security standpoint.
A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services.
Here we collect and discuss the best DeFi, Blockchain and crypto-related OpSec researches and data terminals - contributions are welcome.
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
A smarter web fuzzing tool that combines local LLM models and ffuf to optimize directory and file discovery
Burp Suite extension for bypassing client-side encryption for pentesting and bug bounty in WebSocket
A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services.
🧰 ESXi Testing Tookit is a command-line utility designed to help security teams test ESXi detections.
The essential toolkit for reversing, malware analysis, and cracking
Comprehensive domain blocklists for 🚨 threats (🕷malware, 🎣phishing, 🕵️spyware, 🤖botnets). Ideal for DNS-based filtering tools like Pi-Hole, AdGuard Home, Blocky.
A (hopefully) actively maintained activity-based-autosorted list of InfoSec Streamers
A good selection of Privacy & Infosec tools that will help you understand more about how to protect your online privacy and security.
A curated list of Awesome Threat Intelligence Blogs
XSSRocket it is a tool designed for offensive security and XSS (Cross-Site Scripting) attacks.
[WIP] A forked version of LLVM-18 that prioritizes MSVC compatibility. This version is tailored for Windows users.
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
Burp Suite extension for bypassing client-side encryption for pentesting and bug bounty in WebSocket
Hunt down social media accounts by username across social networks
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
Hide secrets with invisible characters in plain text securely using passwords 🧙🏻♂️⭐
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
A smarter web fuzzing tool that combines local LLM models and ffuf to optimize directory and file discovery
Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
Burp Suite extension for bypassing client-side encryption for pentesting and bug bounty in WebSocket
This repository updates latest Bug Bounty medium writeups every 10 minutes, https://readmedium.com/Medium_URL, https://archive.ph/Medium_URL, https://freedium.cfd/Medium_URL
A smarter web fuzzing tool that combines local LLM models and ffuf to optimize directory and file discovery
Embed a ZIP or JAR file within a PNG image to create a tweetable and "executable" PNG-ZIP/JAR polyglot. CLI / Web tool.
A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services.
🧰 ESXi Testing Tookit is a command-line utility designed to help security teams test ESXi detections.
ClatsCracker is a versatile Python password-cracking tool supporting over 15 hash algorithms. It offers dictionary or brute-force attacks, adjustable threads, salted hash verification, a user-friendly...
Study materials for the Certified Red Team Expert (CRTE) exam, covering essential concepts in red teaming and penetration testing.
A collection of agents that use Large Language Models (LLMs) to perform tasks common on our day to day jobs in cyber security.
A guide to using the Aircrack-ng suite for cracking 802.11 WEP and WPA/WPA2-PSK keys, including techniques like packet sniffing and injection attacks to test Wi-Fi network security.
Just load this .js module and it will start tracking all external calls by a JS-application
Generate a MITRE ATT&CK Navigator based on a list of CVEs. Database with CVE, CWE, CAPEC, and MITRE ATT&CK Techniques data is updated daily.
Comprehensive domain blocklists for 🚨 threats (🕷malware, 🎣phishing, 🕵️spyware, 🤖botnets). Ideal for DNS-based filtering tools like Pi-Hole, AdGuard Home, Blocky.
This Python application is an OSINT (Open Source Intelligence) tool called "Ominis OSINT - Web Hunter." It performs online information gathering by querying Google for search results related to a user...
A curated list of Awesome Threat Intelligence Blogs
Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.
A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services.
A smarter web fuzzing tool that combines local LLM models and ffuf to optimize directory and file discovery
Coeus 🌐 is an OSINT ToolBox empowering users with tools for effective intelligence gathering from open sources. From social media monitoring 📱 to data analysis 📊, it offers a centralized platform f...
Flexible LDAP proxy that can be used to inspect & transform all LDAP packets generated by other tools on the fly.
Generate a MITRE ATT&CK Navigator based on a list of CVEs. Database with CVE, CWE, CAPEC, and MITRE ATT&CK Techniques data is updated daily.
🧰 ESXi Testing Tookit is a command-line utility designed to help security teams test ESXi detections.
AuditForge is a pentest reporting application making it simple and easy to write your findings and generate a customizable report.
📸 an Instagram tracking script that logs any changes to an Instagram account (followers, following, posts, and bio) written in Python.
Stratosphere Cyber Range to learn cybersecurity attacking and defending techniques locally in your computer
Burp Suite extension for bypassing client-side encryption for pentesting and bug bounty in WebSocket
ClatsCracker is a versatile Python password-cracking tool supporting over 15 hash algorithms. It offers dictionary or brute-force attacks, adjustable threads, salted hash verification, a user-friendly...
CLI tool for fetching URLs from Wayback Machine, Common Crawl, and VirusTotal.
Subdosec is a fast, accurate subdomain takeover scanner with no false positives. It also offers a database of sites vulnerable to subdomain takeover (public results), along with detailed metadata like...
This repository updates latest Bug Bounty medium writeups every 10 minutes, https://readmedium.com/Medium_URL, https://archive.ph/Medium_URL, https://freedium.cfd/Medium_URL
Hunt down social media accounts by username across social networks
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon...
This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
Applied offensive security with Rust - https://kerkour.com/black-hat-rust
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
A collection of awesome security hardening guides, tools and other resources
Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
:computer:🛡️ A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
Sasori is a dynamic web crawler powered by Puppeteer, designed for lightning-fast endpoint discovery.
Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.
This Python application is an OSINT (Open Source Intelligence) tool called "Ominis OSINT - Web Hunter." It performs online information gathering by querying Google for search results related to a user...
Pentesting and Bug Bounty Notes, Cheetsheets and Guide for Ethical Hacker, Whitehat Pentesters and CTF Players.
A powerful scanner to scan your Filesystem, S3, MySQL, Redis, Google Cloud Storage and Firebase storage for PII and sensitive data.
The project serves as a strategic advisory tool, capitalizing on the ZySec series of AI models to amplify the capabilities of security professionals in cyber defense and intelligence.
List of CyberSecurity Resources and some different Sub-Domains of CyberSecurity
Odinova Digital Tiger is an advanced application designed for Open-Source Intelligence (OSINT), equipped with versatile tools and a user-friendly interface to streamline investigative workflows and en...
Modern web-based distributed hashcracking solution, built on hashcat
Just load this .js module and it will start tracking all external calls by a JS-application
collectvars collects JavaScript variables, highlights risky ones, and helps you understand code structure, while you casually browse.
Study materials for the Certified Red Team Expert (CRTE) exam, covering essential concepts in red teaming and penetration testing.
A curated list of wordlists for discovery, enumeration, fuzzing, and exploitation.