lexcilius's Stars
s4n7h0/xvwa
XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.
rapid7/hackazon
A modern vulnerable web app
jivoi/awesome-osint
:scream: A curated list of amazingly awesome OSINT
spacehuhn/esp8266_beaconSpam
Creates up to a thousand WiFi access points with custom SSIDs.
BasuCert/WinboxPoC
Proof of Concept of Winbox Critical Vulnerability (CVE-2018-14847)
threat9/routersploit
Exploitation Framework for Embedded Devices
BigNerd95/WinboxExploit
Proof of Concept of Winbox Critical Vulnerability
jadiaz/MikroTik
Scripts for use with various Mikrotik routerboards
BigNerd95/Chimay-Red
Working POC of Mikrotik exploit from Vault 7 CIA Leaks
0ki/mikrotik-tools
Tools for Mikrotik devices
Payfast/laravel-validate-pwned-password
Laravel validator rule that checks if a password has been pwned in any public data breaches. This uses Troy Hunt's Pwned Password API https://haveibeenpwned.com/API/v2 to check for pwned passwords.
capt-meelo/Telewreck
A Burp extension to detect and exploit versions of Telerik Web UI vulnerable to CVE-2017-9248.
clonemeagain/awesome-osticket
A curated list of awesome osTicket resources, plugins, tutorials and other nice things.
snipe/snipe-it
A free open source IT asset/license management system
barryvdh/laravel-debugbar
Debugbar for Laravel (Integrates PHP Debug Bar)
digininja/DVWA
Damn Vulnerable Web Application (DVWA)
RedSiege/EyeWitness
EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
dafthack/MailSniper
MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can be used as a non-administrative user to search their own email, or by an administrator to search the mailboxes of every user in a domain.
ustayready/CredSniper
CredSniper is a phishing framework written with the Python micro-framework Flask and Jinja2 templating which supports capturing 2FA tokens.
ustayready/CredKing
Password spraying using AWS Lambda for IP rotation
laradock/laradock
Full PHP development environment for Docker.
Adldap2/Adldap2-Laravel
LDAP Authentication & Management for Laravel
MicrosoftDocs/sysinternals
Content for sysinternals.com
hvqzao/report-ng
Generate MS Word template-based reports with HP WebInspect / Burp Suite Pro input, own custom data and knowledge base.
thinkst/opencanary
Modular and decentralised honeypot
jekyll/jekyll
:globe_with_meridians: Jekyll is a blog-aware static site generator in Ruby
CISOfy/lynis
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
cuckoosandbox/cuckoo
Cuckoo Sandbox is an automated dynamic malware analysis system
guardicore/monkey
Infection Monkey - An open-source adversary emulation platform
lgandx/Responder
Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.