Chan9390's Stars
gojue/ecapture
Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.
BishopFox/sliver
Adversary Emulation Framework
HavocFramework/Havoc
The Havoc Framework
mitre/caldera
Automated Adversary Emulation Platform
Permify/permify
An open-source authorization as a service inspired by Google Zanzibar, designed to build and manage fine-grained and scalable authorization systems for any application.
bigb0sss/RedTeam-OffensiveSecurity
Tools & Interesting Things for RedTeam Ops
bats3c/shad0w
A post exploitation framework designed to operate covertly on heavily monitored environments
WithSecureLabs/C3
Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits.
dai-shi/excalidraw-animate
A tool to animate Excalidraw drawings
j3ssie/metabigor
OSINT tools and more but without API key
alphasoc/flightsim
A utility to safely generate malicious network traffic patterns and evaluate controls.
zeon-studio/hugoplate
Hugoplate is a free starter template built with Hugo and TailwindCSS that will save you hours of work.
ahmedkhlief/Ninja
Open source C2 server created for stealth red team operations
xx0hcd/Malleable-C2-Profiles
Cobalt Strike - Malleable C2 Profiles. A collection of profiles used in different projects using Cobalt Strike https://www.cobaltstrike.com/.
OpenBAS-Platform/openbas
Open Breach and Attack Simulation Platform
hausec/Bloodhound-Custom-Queries
Custom Query list for the Bloodhound GUI based off my cheatsheet
Aegrah/PANIX
Customizable Linux Persistence Tool for Security Research and Detection Engineering.
sse-secure-systems/connaisseur
An admission controller that integrates Container Image Signature Verification into a Kubernetes cluster
facebookincubator/TTPForge
The TTPForge is a Cybersecurity Framework for developing, automating, and executing attacker Tactics, Techniques, and Procedures (TTPs).
tokern/piicatcher
Scan databases and data warehouses for PII data. Tag tables and columns in data catalogs like Amundsen and Datahub
WithSecureLabs/cloud-security-vm
Ansible/Vagrant/Packer files to create a virtual machine with the tooling needed to perform cloud security assessments
facebookincubator/ForgeArmory
ForgeArmory provides TTPs that can be used with the TTPForge (https://github.com/facebookincubator/ttpforge).
DataDog/undocumented-aws-api-hunter
A tool to uncover undocumented APIs from the AWS Console.
IncludeSecurity/c2-vulnerabilities
PoCs of RCEs against open source C2 servers
matthewdfuller/safer-scps
Safer AWS SCP deployments via real-time monitoring
offensive-actions/azure-storage-reverse-shell
This GitHub Action sends a reverse shell from a runner via Azure Storage Account blobs
mchaffe/cloudprefixes
Recon tool to query cloud prefixes for services associated with an IP address
lmoratti/risky-records
Given a list of domains and known IP and buckets that are owned, which might be susceptible to domain hijacking?
SecurityRunners/cloud-exposure-catalog
A catalog of services that can be publicly exposed within different cloud providers.
chrnorm/build-your-own-cloudtrail