Pinned Repositories
apidetector
APIDetector: Efficiently scan for exposed Swagger endpoints across web domains and subdomains. Supports HTTP/HTTPS, multi-threading, and flexible input/output options. Ideal for API security testing.
awesome-pentest-tools-in-colab
A curated list of awesome Penetration Testing Tools ported to Google Colab to make faster and easier to execute and test.
brinhosa-nuclei-templates
CVE-2022-22963-Spring-cloud-function-SpEL-RCE
Spring-cloud-function-SpEL-RCE 批量检测脚本,反弹shell_EXP,欢迎师傅们试用
devsecops
github_cves_search
Find CVEs associated to Linux and public exploits on github
payloads
Payloads for Web Application Security Testing
spring4shell-CVE-2022-22965-massive-scan
tools
workshop-desenvolvimento-seguro
brinhosa's Repositories
brinhosa/spring4shell-CVE-2022-22965-massive-scan
brinhosa/workshop-desenvolvimento-seguro
brinhosa/CVE-2022-22963-Spring-cloud-function-SpEL-RCE
Spring-cloud-function-SpEL-RCE 批量检测脚本,反弹shell_EXP,欢迎师傅们试用
brinhosa/awesome-oneliner-bugbounty
A collection of awesome one-liner scripts especially for bug bounty tips.
brinhosa/workshop-devsecops
La intención de la workshop es mostrar y orientar a los equipos de desarrollo, seguridad y devops (entre otros) que quieran comenzar en DevSecOps, a segurar sus aplicaciones o bien a conocer un poco más acerca del desarrollo seguro, para esto, estaremos otorgando algunos tips e información que fuimos aprendiendo para armar un Pipeline DevSecOps básico.
brinhosa/atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
brinhosa/awesome-list-of-secrets-in-environment-variables
🦄🔒 Awesome list of secrets in environment variables 🖥️
brinhosa/aws-automated-incident-response-and-forensics
brinhosa/BLUESPAWN
An Active Defense and EDR software to empower Blue Teams
brinhosa/cloc
cloc counts blank lines, comment lines, and physical lines of source code in many programming languages.
brinhosa/cloudsplaining
Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.
brinhosa/commix
Automated All-in-One OS Command Injection Exploitation Tool.
brinhosa/coraza-caddy
brinhosa/DevSecOps-Playbook
This is a step-by-step guide to implementing a DevSecOps program for any size organization
brinhosa/freq
This is go CLI tool for send fast Multiple get HTTP request.
brinhosa/invoke-atomicredteam
Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics) of Red Canary's Atomic Red Team project.
brinhosa/Jeeves
Jeeves SQLI Finder
brinhosa/linux-tools
A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
brinhosa/Nuclei-Templates-Collection
Nuclei Templates Collection
brinhosa/PhishingTemplates
This is a collection of phishing templates and a landing page to be used with goPhish
brinhosa/puliczek
My profile on Github 🙂👍
brinhosa/python_devops_book
[Book-2020] Python For DevOps: Learn Ruthlessly Effective Automation
brinhosa/questions
pentest-standard.org docs redesign
brinhosa/reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
brinhosa/RegexPassive
👁 Collection of regexp pattern for security passive scanning
brinhosa/Smap
a drop-in replacement for Nmap powered by shodan.io
brinhosa/spring4shell
Operational information regarding the Spring4Shell vulnerability in the Spring Core Framework
brinhosa/spring4shell-scan
A fully automated, reliable, and accurate scanner for finding Spring4Shell and Spring Cloud RCE vulnerabilities
brinhosa/VAmPI
Vulnerable REST API with OWASP top 10 vulnerabilities for security testing
brinhosa/wrongsecrets
Examples with how to not use secrets