hexcat's Stars
ashirt-ops/ashirt-server
Adversary Simulators High-Fidelity Intelligence and Reporting Toolkit
d0ge/sign-saboteur
SignSaboteur is a Burp Suite extension for editing, signing, verifying various signed web tokens
nccgroup/ScoutSuite
Multi-Cloud Security Auditing Tool
Stratus-Security/Subdominator
The Internets #1 Subdomain Takeover Tool
kkrypt0nn/wordlists
📜 A collection of wordlists for many different usages
BC-SECURITY/Moriarty
Moriarty is designed to enumerate missing KBs, detect various vulnerabilities, and suggest potential exploits for Privilege Escalation in Windows environments.
Mazars-Tech/AD_Miner
AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security weaknesses
D00Movenok/BounceBack
↕️🤫 Stealth redirector for your red team operation security
hoodoer/JS-Tap
JavaScript payload and supporting software to be used as XSS payload or post exploitation implant to monitor users as they use the targeted application. Also includes a C2 for executing custom JavaScript payloads in clients, and a "mimic" feature that automatically generates custom payloads.
byt3bl33d3r/OffensiveDLR
Toolbox containing research notes & PoC code for weaponizing .NET's DLR
x1trap/websec-answers
Websec interview questions by tib3rius answered
reddelexc/hackerone-reports
Top disclosed reports from HackerOne
S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
klezVirus/vortex
VPN Overall Reconnaissance, Testing, Enumeration and eXploitation Toolkit
ustayready/fireprox
AWS API Gateway management tool for creating on the fly HTTP pass-through proxies for unique IP rotation
indianajson/can-i-take-over-dns
"Can I take over DNS?" — a list of DNS providers and how to claim vulnerable domains.
trufflesecurity/xsshunter
API-Security/APIKit
APIKit:Discovery, Scan and Audit APIs Toolkit All In One.
nemesida-waf/waf-bypass
Check your WAF before an attacker does
jpillora/chisel
A fast TCP/UDP tunnel over HTTP
hashcat/hashcat
World's fastest and most advanced password recovery utility
ostif-org/OSTIF
Security Work and Manual Reviews facilitated by Open Source Technology Improvement Fund, aka OSTIF
Legit-Labs/legitify
Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets
jmdx/TLS-poison
aquasecurity/trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
darkoperator/dnsrecon
DNS Enumeration Script
sherlock-project/sherlock
Hunt down social media accounts by username across social networks
WebBreacher/WhatsMyName
This repository has the JSON file required to perform user enumeration on various websites.
Lissy93/personal-security-checklist
🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2024
gitleaks/gitleaks
Protect and discover secrets using Gitleaks 🔑