lstatro's Stars
mesquidar/ForensicsTools
A list of free and open forensics analysis tools and other resources
sadreck/Spartacus
Spartacus DLL/COM Hijacking Toolkit
Th0h0/autopoisoner
Web cache poisoning vulnerability scanner.
lgandx/Responder
Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
webhooksite/webhook.site
⚓️ Easily test HTTP webhooks with this handy tool that displays requests instantly.
enaqx/awesome-pentest
A collection of awesome penetration testing resources, tools and other shiny things
pwndoc/pwndoc
Pentest Report Generator
corny/dnscheck
Nameserver check for public-dns.info
Telmate/terraform-provider-proxmox
Terraform provider plugin for proxmox
insanitywholesale/home-infra
Homelab automation
rustdesk/rustdesk
An open-source remote desktop application designed for self-hosting, as an alternative to TeamViewer.
ladjs/supertest
🕷 Super-agent driven library for testing node.js HTTP servers using a fluent API. Maintained for @forwardemail, @ladjs, @spamscanner, @breejs, @cabinjs, and @lassjs.
MandConsultingGroup/porch-pirate
Porch Pirate is the most comprehensive Postman recon / OSINT client and framework that facilitates the automated discovery and exploitation of API endpoints and secrets committed to workspaces, collections, requests, users and teams. Porch Pirate can be used as a client or be incorporated into your own applications.
osamahamad/FUZZING
Collected fuzzing payloads from different resources
arch3rPro/PentestTools
Awesome Pentest Tools Collection
danielmiessler/fabric
fabric is an open-source framework for augmenting humans using AI. It provides a modular framework for solving specific problems using a crowdsourced set of AI prompts that can be used anywhere.
m4ll0k/SecretFinder
SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files
zseano/JS-Scan
a .js scanner, built in php. designed to scrape urls and other info
devoteam-cybertrust/burpcollaborator-docker
This repository includes a set of scripts to install a Burp Collaborator Server in a docker environment, using a LetsEncrypt wildcard certificate. The objective is to simplify as much as possible the process of setting up and maintaining the server.
RetireJS/retire.js
scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.
ossf/wg-vulnerability-disclosures
The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by helping mature and advocate well-managed vulnerability reporting and communication.
boostsecurityio/poutine
boostsecurityio/poutine
righteousgambit/quiet-riot
Unauthenticated enumeration of AWS, Azure, and GCP Principals
dwisiswant0/wadl-dumper
Dump all available paths and/or endpoints on WADL file.
projectdiscovery/public-bugbounty-programs
Community curated list of public bug bounty and responsible disclosure programs.
HumanSignal/awesome-data-labeling
A curated list of awesome data labeling tools
moniik/poc_salesforce_lightning
Academic purposes only. Attack against Salesforce lightning with guest privilege.
swisskyrepo/GraphQLmap
GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)
swisskyrepo/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Cobalt-Strike/bof_template
A Beacon Object File (BOF) is a compiled C program, written to a convention that allows it to execute within a Beacon process and use internal Beacon APIs. BOFs are a way to rapidly extend the Beacon agent with new post-exploitation features.