m3ssap0's Stars
tomdev/teh_s3_bucketeers
jobertabma/virtual-host-discovery
A script to enumerate virtual hosts on a server.
jivoi/awesome-osint
:scream: A curated list of amazingly awesome OSINT
00theway/Ghostcat-CNVD-2020-10487
Ghostcat read file/code execute,CNVD-2020-10487(CVE-2020-1938)
hadolint/hadolint
Dockerfile linter, validate inline bash, written in Haskell
eliasgranderubio/dagda
a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities
anchore/anchore-engine
A service that analyzes docker images and scans for vulnerabilities
aquasecurity/trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
microsoft/ApplicationInspector
A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.
CoatiSoftware/Sourcetrail
Sourcetrail - free and open-source interactive source explorer
RsaCtfTool/RsaCtfTool
RSA attack tool (mainly for ctf) - retrieve private key from weak public key and/or uncipher data
GrrrDog/Java-Deserialization-Cheat-Sheet
The cheat sheet about Java Deserialization vulnerabilities
wsargent/docker-cheat-sheet
Docker Cheat Sheet
BloodHoundAD/BloodHound
Six Degrees of Domain Admin
rebootuser/LinEnum
Scripted Local Linux Enumeration & Privilege Escalation Checks
swisskyrepo/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
mauilion/blackhat-2019
WebGoat/WebGoat
WebGoat is a deliberately insecure application
juice-shop/juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
twosixlabs/acsploit
A tool for generating worst-case inputs to commonly used algorithms
docker/docker-bench-security
The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production.
ytisf/theZoo
A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
sundowndev/phoneinfoga
Information gathering framework for phone numbers
s0md3v/Striker
Striker is an offensive information and vulnerability scanner.
danielmiessler/SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
qll/shit
Stego Helper Identification Tool
OWASP/CheatSheetSeries
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
kost/dvcs-ripper
Rip web accessible (distributed) version control systems: SVN/GIT/HG...
ambionics/phpggc
PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.
frohoff/ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.