hexcat's Stars
google/magic-github-proxy
An access-limiting stateless GitHub API Proxy
nicholasaleks/CrackQL
CrackQL is a GraphQL password brute-force and fuzzing utility.
mzfr/liffy
Local file inclusion exploitation tool
devploit/nomore403
Tool to bypass 403/40X response codes.
tenable/routeros
RouterOS Security Research Tooling and Proof of Concepts
BishopFox/cloudfox
Automating situational awareness for cloud penetration tests.
cogsec-collaborative/AMITT
AMITT (Adversarial Misinformation and Influence Tactics and Techniques) framework for describing disinformation incidents. Includes TTPs and countermeasures.
Neo23x0/sysmon-config
Sysmon configuration file template with default high-quality event tracing
epinna/weevely3
Weaponized web shell
yogeshojha/rengine
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
yunemse48/403bypasser
cryptohack/ctf_archive
Hosting awesome cryptography CTF challenges from past CTFs
alan2207/bulletproof-react
🛡️ ⚛️ A simple, scalable, and powerful architecture for building production ready React applications.
codecrafters-io/build-your-own-x
Master programming by recreating your favorite technologies from scratch.
ly4k/Certipy
Tool for Active Directory Certificate Services enumeration and abuse
sickcodes/security
Collection of CVEs from Sick Codes, or collaborations on https://sick.codes security research & advisories.
assetnote/kiterunner
Contextual Content Discovery Tool
xajkep/wordlists
Infosec Wordlists and more.
aws-samples/aws-customer-playbook-framework
This repository provides sample templates for security playbooks against various scenarios when using Amazon Web Services.
mvelazc0/PurpleSharp
PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monitored Windows environments
OWASP/NodeGoat
The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.
trustedsec/ptf
The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.
laluka/bypass-url-parser
bypass-url-parser
h3xduck/TripleCross
A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
sleuthkit/sleuthkit
The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.
Hack-with-Github/Free-Security-eBooks
Free Security and Hacking eBooks
prowler-cloud/prowler
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
zeek/zeek
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
kleiton0x00/Advanced-SQL-Injection-Cheatsheet
A cheat sheet that contains advanced queries for SQL Injection of all types.
bayotop/off-by-slash
Burp extension to detect alias traversal via NGINX misconfiguration at scale.