Pinned Repositories
API-Security-Checklist
Checklist of the most important security countermeasures when designing, testing, and releasing your API
eko15
Material utilizado en el Workshop de Red Teaming en el 2019 para la edicion 15 de la Eko
ekoparty2015
Material utilizado en los Workshops de Ekoparty 2015
h8mail
Email OSINT and password breach hunting. Use h8mail to find passwords through different breach and reconnaissance services, or the infamous Breached Compilation torrent
LinEnum
Scripted Local Linux Enumeration & Privilege Escalation Checks
Open-SecTraining
Scripts usados en los entrenamientos de Open-Sec - Publicos y modificados o creados por el Core Team de Open-Sec.
OSEH
Open-Sec Ethical Hacker
Pentesting
RedTeaming
Open-Sec's Repositories
Open-Sec/censys-command-line
Command-line tool for Censys! Quickly investigate suspicious hosts or answer complex questions about your infrastructure using Censys right from the command-line!
Open-Sec/SUDO_KILLER
A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo
Open-Sec/CHAOS
:fire: CHAOS is a PoC that allow generate payloads and control remote operating systems.
Open-Sec/dart
DART is a test documentation tool created by the Lockheed Martin Red Team to document and report on penetration tests, especially in isolated network environments.
Open-Sec/dirble
Fast directory scanning and scraping tool
Open-Sec/Excel4-DCOM
PowerShell and Cobalt Strike scripts for lateral movement using Excel 4.0 / XLM macros via DCOM (direct shellcode injection in Excel.exe)
Open-Sec/fireprox
AWS API Gateway management tool for creating on the fly HTTP pass-through proxies for unique IP rotation
Open-Sec/GitTools
A repository with 3 tools for pwn'ing websites with .git repositories available
Open-Sec/gophish
Open-Source Phishing Toolkit
Open-Sec/HostHunter
HostHunter a recon tool for discovering hostnames using OSINT techniques.
Open-Sec/house
A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.
Open-Sec/Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Open-Sec/PoshC2_Python
Python Server for PoshC2
Open-Sec/purple-team-attack-automation
Praetorian's public release of our Metasploit automation of MITRE ATT&CK™ TTPs
Open-Sec/pwndb
Search for leaked credentials
Open-Sec/pyjwt
JSON Web Token implementation in Python
Open-Sec/pyscripter-er
A framework built on top of Burp's Python Scripter extension.
Open-Sec/RedELK
Red Team's SIEM - easy deployable tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
Open-Sec/santet-online
Open-Sec/SecLists
SecLists is the security tester's companion. It is a collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more.
Open-Sec/SharpAllowedToAct
Computer object takeover through Resource-Based Constrained Delegation (msDS-AllowedToActOnBehalfOfOtherIdentity)
Open-Sec/SharpGPOAbuse
SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.
Open-Sec/SharpShooter
Payload Generation Framework
Open-Sec/SPartan
Frontpage and Sharepoint fingerprinting and attack tool.
Open-Sec/SprayingToolkit
Scripts to make password spraying attacks against Lync/S4B & OWA a lot quicker, less painful and more efficient
Open-Sec/sshuttle
Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.
Open-Sec/TrustMeAlready
Disable SSL verification and pinning on Android, system-wide
Open-Sec/vpc-vpn-pivot
Pivot into private VPC networks using a VPN connection
Open-Sec/ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
Open-Sec/ysoserial.net
Deserialization payload generator for a variety of .NET formatters