magistermundisum's Stars
terrastruct/d2
D2 is a modern diagram scripting language that turns text to diagrams.
OWASP/owasp-mastg
The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
semgrep/semgrep
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
netbootxyz/netboot.xyz
Your favorite operating systems in one place. A network-based bootable operating system installer based on iPXE.
graphql-kit/graphql-voyager
🛰️ Represent any GraphQL API as an interactive graph
projectdiscovery/httpx
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
LOLBAS-Project/LOLBAS
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
infobyte/faraday
Open Source Vulnerability Management Platform
Splode/pomotroid
:tomato: Simple and visually-pleasing Pomodoro timer
0xRadi/OWASP-Web-Checklist
OWASP Web Application Security Testing Checklist
tomnomnom/meg
Fetch many paths for many hosts - without killing the hosts
Keriew/augustus
An open source re-implementation of Caesar III
WADComs/WADComs.github.io
WADComs is an interactive cheat sheet, containing a curated list of offensive security tools and their respective commands, to be used against Windows/AD environments.
sighook/pixload
Image Payload Creating/Injecting tools
roottusk/vapi
vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.
tomnomnom/unfurl
Pull out bits of URLs provided on stdin
AlexCSDev/PatreonDownloader
Powerful tool for downloading content posted by creators on patreon.com. Supports content hosted on patreon itself as well as external sites (additional plugins might be required).
chrislockard/api_wordlist
A wordlist of API names for web application assessments
adrecon/ADRecon
ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.
testert1ng/hacker101-ctf
Hacker101 CTF Writeup
Secretmapper/combustion
Combustion is a sleek, modern web interface for Transmission
InsiderPhD/Generic-University
Vulnerable API
sensepost/mallet
Mallet is an intercepting proxy for arbitrary protocols
cameroncondry/cbc-kitten-scientists
Add-on for the wonderful incremental browser game: http://kittensgame.com/web/
six2dez/obsidian-pentesting-vault
Sample Obsidian's vault for web pentesting
vehemont/nvdlib
A simple wrapper for the National Vulnerability CVE/CPE API
david-kariuki/vmware-host-modules-builder-cli
This shell script downloads, builds and installs Vmware host modules for your Linux Vmware.
pwndoc-ng/pwndoc-ng-database
Collaborative vulnerability database for Pentesting & Pwndoc-Ng
fsctcommunity/Policies
oliversalzburg/cbc-kitten-scientists
Add-on for the wonderful incremental browser game: http://kittensgame.com/web/