Trending repositories for topic infosec
Hunt down social media accounts by username across social networks
Active Directory ACL Visualizer and Explorer - who's really Domain Admin? (Commerical versions available from NetSection)
A powerful scanner to scan your Filesystem, S3, MySQL, Redis, Google Cloud Storage and Firebase storage for PII and sensitive data.
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services.
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon...
A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.
:arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
A curated list of awesome social engineering resources.
A list of interesting payloads, tips and tricks for bug bounty hunters.
A powerful scanner to scan your Filesystem, S3, MySQL, Redis, Google Cloud Storage and Firebase storage for PII and sensitive data.
A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services.
A collection of agents that use Large Language Models (LLMs) to perform tasks common on our day to day jobs in cyber security.
A curated list of wordlists for discovery, enumeration, fuzzing, and exploitation.
Active Directory ACL Visualizer and Explorer - who's really Domain Admin? (Commerical versions available from NetSection)
A smarter web fuzzing tool that combines local LLM models and ffuf to optimize directory and file discovery
Pentesting and Bug Bounty Notes, Cheetsheets and Guide for Ethical Hacker, Whitehat Pentesters and CTF Players.
Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in this exciting journey and add your expertise to our collective eff...
🚀 This is a collection of hacking🔥 and pentesting 🧐 scripts to help with enumeration, OSINT, exploitation and post exploitation automated scripts to make hacking easier🌠. Have fun!😎
This Python application is an OSINT (Open Source Intelligence) tool called "Ominis OSINT - Web Hunter." It performs online information gathering by querying Google for search results related to a user...
Modular penetration testing platform that enables you to write, test, and execute exploit code.
Bringing you the best of the worst files on the Internet.
Simple Windows and Linux keystroke injection tool that exfiltrates stored WiFi data (SSID and password).
List of CyberSecurity Resources and some different Sub-Domains of CyberSecurity
A large repository of malware samples with 2500+ malware samples & source codes for a variety of platforms by Cryptware Apps.
Bug Bounty ~ Awesomes | Books | Cheatsheets | Checklists | Tools | Wordlists | More
Hunt down social media accounts by username across social networks
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
A powerful scanner to scan your Filesystem, S3, MySQL, Redis, Google Cloud Storage and Firebase storage for PII and sensitive data.
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
Active Directory ACL Visualizer and Explorer - who's really Domain Admin? (Commerical versions available from NetSection)
🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon...
:arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
A collection of awesome security hardening guides, tools and other resources
A list of interesting payloads, tips and tricks for bug bounty hunters.
A powerful scanner to scan your Filesystem, S3, MySQL, Redis, Google Cloud Storage and Firebase storage for PII and sensitive data.
A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services.
A collection of agents that use Large Language Models (LLMs) to perform tasks common on our day to day jobs in cyber security.
Flexible LDAP proxy that can be used to inspect & transform all LDAP packets generated by other tools on the fly.
A guide to using the Aircrack-ng suite for cracking 802.11 WEP and WPA/WPA2-PSK keys, including techniques like packet sniffing and injection attacks to test Wi-Fi network security.
A curated list of wordlists for discovery, enumeration, fuzzing, and exploitation.
collectvars collects JavaScript variables, highlights risky ones, and helps you understand code structure, while you casually browse.
Generate a MITRE ATT&CK Navigator based on a list of CVEs. Database with CVE, CWE, CAPEC, and MITRE ATT&CK Techniques data is updated daily.
Active Directory ACL Visualizer and Explorer - who's really Domain Admin? (Commerical versions available from NetSection)
Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in this exciting journey and add your expertise to our collective eff...
🚀 This is a collection of hacking🔥 and pentesting 🧐 scripts to help with enumeration, OSINT, exploitation and post exploitation automated scripts to make hacking easier🌠. Have fun!😎
An auto-updating list of shodan dorks with info on the amount of results they return!
Pentesting and Bug Bounty Notes, Cheetsheets and Guide for Ethical Hacker, Whitehat Pentesters and CTF Players.
A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.
Modular penetration testing platform that enables you to write, test, and execute exploit code.
A large repository of malware samples with 2500+ malware samples & source codes for a variety of platforms by Cryptware Apps.
Study materials for the Certified Red Team Expert (CRTE) exam, covering essential concepts in red teaming and penetration testing.
Bringing you the best of the worst files on the Internet.
Just load this .js module and it will start tracking all external calls by a JS-application
Hunt down social media accounts by username across social networks
Applied offensive security with Rust - https://kerkour.com/black-hat-rust
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
A powerful scanner to scan your Filesystem, S3, MySQL, Redis, Google Cloud Storage and Firebase storage for PII and sensitive data.
Active Directory ACL Visualizer and Explorer - who's really Domain Admin? (Commerical versions available from NetSection)
Flexible LDAP proxy that can be used to inspect & transform all LDAP packets generated by other tools on the fly.
🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
A smarter web fuzzing tool that combines local LLM models and ffuf to optimize directory and file discovery
A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services.
Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
:arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
Just load this .js module and it will start tracking all external calls by a JS-application
A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services.
A powerful scanner to scan your Filesystem, S3, MySQL, Redis, Google Cloud Storage and Firebase storage for PII and sensitive data.
A smarter web fuzzing tool that combines local LLM models and ffuf to optimize directory and file discovery
collectvars collects JavaScript variables, highlights risky ones, and helps you understand code structure, while you casually browse.
Applied offensive security with Rust - https://kerkour.com/black-hat-rust
Generate a MITRE ATT&CK Navigator based on a list of CVEs. Database with CVE, CWE, CAPEC, and MITRE ATT&CK Techniques data is updated daily.
A collection of agents that use Large Language Models (LLMs) to perform tasks common on our day to day jobs in cyber security.
A curated list of wordlists for discovery, enumeration, fuzzing, and exploitation.
This Python application is an OSINT (Open Source Intelligence) tool called "Ominis OSINT - Web Hunter." It performs online information gathering by querying Google for search results related to a user...
A guide to using the Aircrack-ng suite for cracking 802.11 WEP and WPA/WPA2-PSK keys, including techniques like packet sniffing and injection attacks to test Wi-Fi network security.
Coeus 🌐 is an OSINT ToolBox empowering users with tools for effective intelligence gathering from open sources. From social media monitoring 📱 to data analysis 📊, it offers a centralized platform f...
BusKill's main CLI/GUI app for arming/disarming/configuring the BusKill laptop kill cord
📸 an Instagram tracking script that logs any changes to an Instagram account (followers, following, posts, and bio) written in Python.
My useful files for penetration tests, security assessments, bug bounty and other security related stuff
Active Directory ACL Visualizer and Explorer - who's really Domain Admin? (Commerical versions available from NetSection)
Pentesting and Bug Bounty Notes, Cheetsheets and Guide for Ethical Hacker, Whitehat Pentesters and CTF Players.
Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.
A smarter web fuzzing tool that combines local LLM models and ffuf to optimize directory and file discovery
Coeus 🌐 is an OSINT ToolBox empowering users with tools for effective intelligence gathering from open sources. From social media monitoring 📱 to data analysis 📊, it offers a centralized platform f...
Flexible LDAP proxy that can be used to inspect & transform all LDAP packets generated by other tools on the fly.
A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services.
A collection of agents that use Large Language Models (LLMs) to perform tasks common on our day to day jobs in cyber security.
📸 an Instagram tracking script that logs any changes to an Instagram account (followers, following, posts, and bio) written in Python.
Generate a MITRE ATT&CK Navigator based on a list of CVEs. Database with CVE, CWE, CAPEC, and MITRE ATT&CK Techniques data is updated daily.
Stratosphere Cyber Range to learn cybersecurity attacking and defending techniques locally in your computer
AuditForge is a pentest reporting application making it simple and easy to write your findings and generate a customizable report.
NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg
The project serves as a strategic advisory tool, capitalizing on the ZySec series of AI models to amplify the capabilities of security professionals in cyber defense and intelligence.
CLI tool for fetching URLs from Wayback Machine, Common Crawl, and VirusTotal.
Hunt down social media accounts by username across social networks
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon...
🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
Applied offensive security with Rust - https://kerkour.com/black-hat-rust
This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
🕵️ OSINT Tools for gathering information and actions forensics 🕵️
A collection of awesome security hardening guides, tools and other resources
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
:computer:🛡️ A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.
This Python application is an OSINT (Open Source Intelligence) tool called "Ominis OSINT - Web Hunter." It performs online information gathering by querying Google for search results related to a user...
A good selection of Privacy & Infosec tools that will help you understand more about how to protect your online privacy and security.
Pentesting and Bug Bounty Notes, Cheetsheets and Guide for Ethical Hacker, Whitehat Pentesters and CTF Players.
Sasori is a dynamic web crawler powered by Puppeteer, designed for lightning-fast endpoint discovery.
Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.
Odinova Digital Tiger is an advanced application designed for Open-Source Intelligence (OSINT), equipped with versatile tools and a user-friendly interface to streamline investigative workflows and en...
An auto-updating list of shodan dorks with info on the amount of results they return!
List of CyberSecurity Resources and some different Sub-Domains of CyberSecurity
Modern web-based distributed hashcracking solution, built on hashcat
A powerful scanner to scan your Filesystem, S3, MySQL, Redis, Google Cloud Storage and Firebase storage for PII and sensitive data.
collectvars collects JavaScript variables, highlights risky ones, and helps you understand code structure, while you casually browse.
Just load this .js module and it will start tracking all external calls by a JS-application
A curated list of wordlists for discovery, enumeration, fuzzing, and exploitation.
