Pinned Repositories
asn
ASN / RPKI validity / BGP stats / IPv4v6 / Prefix / URL / ASPath / Organization / IP reputation / IP geolocation / IP fingerprinting / Network recon / lookup API server / Web traceroute server
azucar
Security auditing tool for Azure environments
BeRoot
Privilege Escalation Project - Windows / Linux / Mac
ccat
Cisco Config Analysis Tool
check-smb-signing
Shell script to automate running the Nmap smb-security-mode.nse or RunFinger.py by lgandx and parse results into counts and lists of hosts that have message signing disabled, supported, and required.
cloudsploit
Cloud Security Posture Management (CSPM)
cupp
Common User Passwords Profiler (CUPP)
cvssjs
CVSS (Common Vulnerability Scoring System) v3.1 Javascript calculator toolkit
DHCPig
DHCP exhaustion script written in python using scapy network library
DVWA
Damn Vulnerable Web Application (DVWA)
OC-M's Repositories
OC-M/asn
ASN / RPKI validity / BGP stats / IPv4v6 / Prefix / URL / ASPath / Organization / IP reputation / IP geolocation / IP fingerprinting / Network recon / lookup API server / Web traceroute server
OC-M/BeRoot
Privilege Escalation Project - Windows / Linux / Mac
OC-M/cloudsploit
Cloud Security Posture Management (CSPM)
OC-M/cupp
Common User Passwords Profiler (CUPP)
OC-M/DVWA
Damn Vulnerable Web Application (DVWA)
OC-M/EyeWitness
EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
OC-M/GitHacker
🕷️ A Git source leak exploit tool that restores the entire Git repository, including data from stash, for white-box auditing and analysis of developers' mind
OC-M/goproxy
🔥 Proxy is a high performance HTTP(S) proxies, SOCKS5 proxies,WEBSOCKET, TCP, UDP proxy server implemented by golang. Now, it supports chain-style proxies,nat forwarding in different lan,TCP/UDP port forwarding, SSH forwarding.Proxy是golang实现的高性能http,https,websocket,tcp,socks5代理服务器,支持内网穿透,链式代理,通讯加密,智能HTTP,SOCKS5代理,黑白名单,限速,限流量,限连接数,跨平台,KCP支持,认证API。
OC-M/Goreport
A Python script to collect campaign data from Gophish and generate a report
OC-M/gowitness
🔍 gowitness - a golang, web screenshot utility using Chrome Headless
OC-M/Incident-Response-Armoury
A curated list of tools for incident response.
OC-M/kubeaudit
kubeaudit helps you audit your Kubernetes clusters against common security controls
OC-M/Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
OC-M/monkey365
Monkey365 provides a tool for security consultants to easily conduct not only Microsoft 365, but also Azure subscriptions and Azure Active Directory security configuration reviews.
OC-M/Objection
📱 objection - runtime mobile exploration
OC-M/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
OC-M/PowerZure
PowerShell framework to assess Azure security
OC-M/purple-team-exercise-framework
Purple Team Exercise Framework
OC-M/pwnedOrNot
OSINT Tool for Finding Passwords of Compromised Email Addresses
OC-M/QuickBuck
Ransomware simulator written in Golang
OC-M/rbac-police
Evaluate the RBAC permissions of Kubernetes identities through policies written in Rego
OC-M/Responder
Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
OC-M/ScoutSuite
Multi-Cloud Security Auditing Tool
OC-M/SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
OC-M/SpiderFoot-OSINT
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
OC-M/Testssl.sh
Testing TLS/SSL encryption anywhere on any port
OC-M/thc-hydra
hydra
OC-M/Whois-check
Bash script which performs checks for domain name availability.
OC-M/wifiphisher
The Rogue Access Point Framework
OC-M/WPA3-dragondrain-and-dragontime