0x90n's Stars
projectdiscovery/nuclei
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
trufflesecurity/trufflehog
Find, verify, and analyze leaked credentials
urbanadventurer/Android-PIN-Bruteforce
Unlock an Android phone (or device) by bruteforcing the lockscreen PIN. Turn your Kali Nethunter phone into a bruteforce PIN cracker for Android devices! (no root, no adb)
pry0cc/axiom
The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!
lc/gau
Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
tomnomnom/waybackurls
Fetch all the URLs that the Wayback Machine knows about for a domain
RhinoSecurityLabs/cloudgoat
CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool
dafthack/CloudPentestCheatsheets
This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage cloud providers.
SnaffCon/Snaffler
a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax )
dirkjanm/ROADtools
A collection of Azure AD/Entra tools for offensive and defensive security purposes
koutto/pi-pwnbox-rogueap
Homemade Pwnbox :rocket: / Rogue AP :satellite: based on Raspberry Pi — WiFi Hacking Cheatsheets + MindMap :bulb:
Azure/Stormspotter
Azure Red Team tool for graphing Azure and Azure Active Directory objects
hausec/PowerZure
PowerShell framework to assess Azure security
proseltd/Telepathy-Community
Public release of Telepathy, an OSINT toolkit for investigating Telegram chats.
RUB-SysSec/DroneSecurity
DroneSecurity (NDSS 2023)
dafthack/PowerMeta
PowerMeta searches for publicly available files hosted on various websites for a particular domain by using specially crafted Google, and Bing searches. It then allows for the download of those files from the target domain. After retrieving the files, the metadata associated with them can be analyzed by PowerMeta. Some interesting things commonly found in metadata are usernames, domains, software titles, and computer names.
cclabsInc/RFCrack
A Software Defined Radio Attack Tool
RhinoSecurityLabs/GCP-IAM-Privilege-Escalation
A collection of GCP IAM privilege escalation methods documented by the Rhino Security Labs team.
MAVProxyUser/CIAJeepDoors
mxm0z/awesome-sec-s3
A collection of awesome AWS S3 tools that collects and enumerates exposed S3 buckets
BishopFox/dufflebag
Search exposed EBS volumes for secrets
ANG13T/DroneXtract
DroneXtract is a digital forensics suite for DJI drones 🔍. Analyze sensor values, visualize flight maps, and audit for criminal activity 🗺
aliasrobotics/RVD
Robot Vulnerability Database. An archive of robot vulnerabilities and bugs.
r0r0x-xx/Red-Team-OPS-Modern-Adversary
Ginsberg5150/Web3
This is where we dump all the web 3 infromation
SecureStackCo/actions-secrets
Adding this GitHub Action will scan your repository for sensitive data in your source code. We find things like passwords, server host strings, API keys, .env and config files and more
SecureStackCo/actions-exposure
A GitHub Action that scans your public web applications after every deployment. Add this to your dev, staging and prod steps and SecureStack will make sure that what you've just deployed is secure and meets your requirements.
SecureStackCo/actions-code
A GitHub Action for using SecureStack to analyse a repository codebase for vulnerabilities in library dependencies (software composition analysis).
d34db33f-1007/grayhat
Python library for grayhatwarfare.com with small hacks
KonradIT/dji-nfz-tracker
Tracking DJI No Fly Zones