erminmemic's Stars
swisskyrepo/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
danielmiessler/SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
OWASP/CheatSheetSeries
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
RustScan/RustScan
🤖 The Modern Port Scanner 🤖
PowerShellMafia/PowerSploit
PowerSploit - A PowerShell Post-Exploitation Framework
OWASP/owasp-mastg
The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
trustedsec/social-engineer-toolkit
The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.
BloodHoundAD/BloodHound
Six Degrees of Domain Admin
redcanaryco/atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
offensive-security/exploitdb
The legacy Exploit Database repository - New repo located at https://gitlab.com/exploit-database/exploitdb
trustedsec/ptf
The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.
hak5/bashbunny-payloads
The Official Bash Bunny Payload Repository
dirkjanm/ROADtools
A collection of Azure AD/Entra tools for offensive and defensive security purposes
offensive-security/exploitdb-bin-sploits
The legacy Exploit Database repository - New repo located at https://gitlab.com/exploit-database/exploitdb-bin-sploits
center-for-threat-informed-defense/adversary_emulation_library
An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.
dirkjanm/mitm6
pwning IPv4 via IPv6
rsmudge/Malleable-C2-Profiles
Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x.
harleyQu1nn/AggressorScripts
Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources
Coalfire-Research/Red-Baron
Automate creating resilient, disposable, secure and agile infrastructure for Red Teams.
redcanaryco/invoke-atomicredteam
Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics) of Red Canary's Atomic Red Team project.
BloodHoundAD/SharpHound
C# Data Collector for BloodHound
ch33r10/EnterprisePurpleTeaming
Purple Team Resources for Enterprise Purple Teaming: An Exploratory Qualitative Study by Xena Olsen.
Tuhinshubhra/ExtAnalysis
Browser Extension Analysis Framework - Scan, Analyze Chrome, firefox and Brave extensions for vulnerabilities and intels
BloodHoundAD/AzureHound
Azure Data Exporter for BloodHound
bluscreenofjeff/Malleable-C2-Randomizer
A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls