gfalisa's Stars
OJ/gobuster
Directory/File, DNS and VHost busting tool written in Go
lintstar/About-Attack
一个旨在通过应用场景 / 标签对 Github 红队向工具 / 资源进行分类收集,降低红队技术门槛的手册【持续更新】
0xJin/awesome-bugbounty-builder
Awesome Bug bounty builder Project
initstring/cloud_enum
Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
fofapro/Hosts_scan
这是一个用于IP和域名碰撞匹配访问的小工具,旨意用来匹配出渗透过程中需要绑定hosts才能访问的弱主机或内部系统。
gh0x0st/Invoke-PSObfuscation
An in-depth approach to obfuscating the individual components of a PowerShell payload whether you're on Windows or Kali Linux.
HackTricks-wiki/hacktricks-cloud
bcoe/which-cloud
given an ip address, return which cloud provider it belongs to (AWS, GCE, etc)
bugcrowd/HUNT
blark/aiodnsbrute
Python 3.5+ DNS asynchronous brute force utility
inonshk/31-days-of-API-Security-Tips
This challenge is Inon Shkedy's 31 days API Security Tips.
pr0xh4ck/web-recon
All About Web Recon & OSINT
opsdisk/pagodo
pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching
nccgroup/azucar
Security auditing tool for Azure environments
brutella/hc
hc is a lightweight framework to develop HomeKit accessories in Go.
sensepost/gowitness
🔍 gowitness - a golang, web screenshot utility using Chrome Headless
karanpratapsingh/system-design
Learn how to design systems at scale and prepare for system design interviews
Idov31/Sandman
Sandman is a NTP based backdoor for red team engagements in hardened networks.
t3l3machus/hoaxshell
A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.
AlbusSec/Penetration-List
Penetration-List: A comprehensive resource for testers, covering all types of vulnerabilities and materials used in Penetration Testing. Includes payloads, dorks, fuzzing materials, and offers in-depth theory sections. Visit our Medium profile for more information.
visma-prodsec/confused
Tool to check for dependency confusion vulnerabilities in multiple package management systems
Cyber-Guy1/Subdomainer
Automated tool for domains & subdomains gathering
Ravaan21/Chandrahasa
A solid recon tool I use personally.
maK-/parameth
This tool can be used to brute discover GET and POST parameters
ilmila/J2EEScan
J2EEScan is a plugin for Burp Suite Proxy. The goal of this plugin is to improve the test coverage during web application penetration tests on J2EE applications.
elastic/protections-artifacts
Elastic Security detection content for Endpoint
badchars/AzureAD-Pentest
AzureAD Pentest
h33tlit/secret-regex-list
List of regex for scraping secret API keys and juicy information.
p0dalirius/Awesome-RCE-techniques
Awesome list of step by step techniques to achieve Remote Code Execution on various apps!
xnl-h4ck3r/waymore
Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan & VirusTotal!