Pinned Repositories
Amass
In-depth Attack Surface Mapping and Asset Discovery
assessment-mindset
Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.
dnSpy
.NET debugger and assembly editor
Firewall-iptables-with-log
A simple iptables firewall to setup mypentest lab and try to protect myself from other users
fuzzapi
Fuzzapi is a tool used for REST API pentesting and uses API_Fuzzer gem
pentest-book
SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
unicorn
Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18.
XSStrike
Most advanced XSS detection suite.
xvwa
XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.
fthomasella's Repositories
fthomasella/pentest-book
fthomasella/Amass
In-depth Attack Surface Mapping and Asset Discovery
fthomasella/assessment-mindset
Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.
fthomasella/awesome-bugbounty-tools
A curated list of various bug bounty tools
fthomasella/BurpBounty
Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that improve an active and passive scanner by yourself. This extension requires Burp Suite Pro.
fthomasella/cloc
cloc counts blank lines, comment lines, and physical lines of source code in many programming languages.
fthomasella/CVE-2019-11708
Full exploit chain (CVE-2019-11708 & CVE-2019-9810) against Firefox on Windows 64-bit.
fthomasella/eslint-plugin-security
ESLint rules for Node Security
fthomasella/evilginx2
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
fthomasella/Firmware_Slap
Discovering vulnerabilities in firmware through concolic analysis and function clustering.
fthomasella/keepnote
Quick and Dirty Penetration Testing Notes
fthomasella/Linux-Privilege-Escalation
This cheatsheet is aimed at the OSCP aspirants to help them understand the various methods of Escalating Privilege on Linux based Machines and CTFs with examples.
fthomasella/lscript
The LAZY script will make your life easier, and of course faster.
fthomasella/MARA_Framework
MARA is a Mobile Application Reverse engineering and Analysis Framework. It is a toolkit that puts together commonly used mobile application reverse engineering and analysis tools to assist in testing mobile applications against the OWASP mobile security threats.
fthomasella/Mobile-Security-Framework-MobSF
Mobile Security Framework is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static analysis, dynamic analysis, malware analysis and web API testing.
fthomasella/nodebestpractices
:white_check_mark: The largest Node.js best practices list (September 2019)
fthomasella/path-auditor
fthomasella/Pentest-Tools
fthomasella/pentest-wiki
PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.
fthomasella/PENTESTING-BIBLE
This repository was created and developed by Ammar Amer @cry__pto Only. Updates to this repository will continue to arrive until the number of links reaches 10000 links & 10000 pdf files .Learn Ethical Hacking and penetration testing .hundreds of ethical hacking & penetration testing & red team & cyber security & computer science resources.
fthomasella/phpggc
PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.
fthomasella/prowler
Prowler is an Open Source security tool to perform cloud security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 240 controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.
fthomasella/randomrepo
Repo for random stuff
fthomasella/ScoutSuite
Multi-Cloud Security Auditing Tool
fthomasella/sshuttle
Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.
fthomasella/SUDO_KILLER
A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo
fthomasella/Toolies
Ad hoc collection of Red Teaming & Active Directory tooling.
fthomasella/validator.js
String validation
fthomasella/WebShell
Webshell && Backdoor Collection
fthomasella/windows-kernel-exploits
windows-kernel-exploits Windows平台提权漏洞集合