Pinned Repositories
API-Security-Checklist
Checklist of the most important security countermeasures when designing, testing, and releasing your API
eko15
Material utilizado en el Workshop de Red Teaming en el 2019 para la edicion 15 de la Eko
ekoparty2015
Material utilizado en los Workshops de Ekoparty 2015
h8mail
Email OSINT and password breach hunting. Use h8mail to find passwords through different breach and reconnaissance services, or the infamous Breached Compilation torrent
LinEnum
Scripted Local Linux Enumeration & Privilege Escalation Checks
Open-SecTraining
Scripts usados en los entrenamientos de Open-Sec - Publicos y modificados o creados por el Core Team de Open-Sec.
OSEH
Open-Sec Ethical Hacker
Pentesting
RedTeaming
Open-Sec's Repositories
Open-Sec/h8mail
Email OSINT and password breach hunting. Use h8mail to find passwords through different breach and reconnaissance services, or the infamous Breached Compilation torrent
Open-Sec/DVSA
a Damn Vulnerable Serverless Application
Open-Sec/adapt
ADAPT is a tool that performs automated Penetration Testing for WebApps.
Open-Sec/bitvijays.github.io-sphinx
Sphinx
Open-Sec/BlackHoodie-2018-Workshop
Slides and challenges for my binary exploitation workshop at BlackHoodie 2018.
Open-Sec/Convoluted-Phishing-Payload-CPP
Batch file code for the convoluted phishing payload blog post at www.acenyethehackerguy.com
Open-Sec/Covenant
Covenant is a .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive .NET tradecraft easier, and serve as a collaborative command and control platform for red teamers.
Open-Sec/CredSniper
CredSniper is a phishing framework written with the Python micro-framework Flask and Jinja2 templating which supports capturing 2FA tokens.
Open-Sec/DarthSidious
Building an Active Directory domain and hacking it
Open-Sec/DEFCON26
Open-Sec/evilginx
PLEASE USE NEW VERSION: https://github.com/kgretzky/evilginx2
Open-Sec/evilginx2
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
Open-Sec/gitleaks
Audit git repos for secrets 🔑
Open-Sec/Internal-Monologue
Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS
Open-Sec/Inveigh
Windows PowerShell ADIDNS/LLMNR/mDNS/NBNS spoofer/man-in-the-middle tool
Open-Sec/OffensiveCSharp
Collection of Offensive C# Tooling
Open-Sec/OffensiveDLR
Toolbox containing research notes & PoC code for weaponizing .NET's DLR
Open-Sec/PasteJacker
Add PasteJacking to web-delivery attacks
Open-Sec/Phantom-Evasion
Python AV evasion tool capable to generate FUD executable even with the most common 32 bit metasploit payload(exe/elf/dmg/apk)
Open-Sec/proxycannon-ng
A private botnet using multiple cloud environments for pentesters and red teamers. - Built by the community during a hackathon at the WWHF 2018 security conference
Open-Sec/Raccoon
A high performance offensive security tool for reconnaissance and vulnerability scanning
Open-Sec/Red-Team-Curation-List
A list to discover work of red team tooling and methodology for penetration testing and security assessment
Open-Sec/Rubeus
Trying to tame the three-headed dog.
Open-Sec/Seatbelt
Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.
Open-Sec/SILENTTRINITY
A post-exploitation agent powered by Python, IronPython, C# and .NET's DLR
Open-Sec/SintinePowerOutlook
Malicious (Meterpreter) Add-in for Outlook
Open-Sec/tutorials
Additional Resources For Securing The Stack Tutorials
Open-Sec/unicorn
Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18.
Open-Sec/WMImplant
This is a PowerShell based tool that is designed to act like a RAT. Its interface is that of a shell where any command that is supported is translated into a WMI-equivalent for use on a network/remote machine. WMImplant is WMI based.
Open-Sec/WPSeku
WPSeku - Wordpress Security Scanner