manuel-sommer's Stars
trustedsec/social-engineer-toolkit
The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.
Orange-Cyberdefense/GOAD
game of active directory
blacklanternsecurity/bbot
A recursive internet scanner for hackers.
darkoperator/dnsrecon
DNS Enumeration Script
last-byte/PersistenceSniper
Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Official Twitter/X account @PersistSniper. Made with ❤️ by @last0x00 and @dottor_morte
D35m0nd142/LFISuite
Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner
cisagov/ScubaGear
Automation to assess the state of your M365 tenant against CISA's baselines
s0md3v/Corsy
CORS Misconfiguration Scanner
guacsec/guac
GUAC aggregates software security metadata into a high fidelity graph database.
screetsec/Dracnmap
Dracnmap is an open source program which is using to exploit the network and gathering information with nmap help. Nmap command comes with lots of options that can make the utility more robust and difficult to follow for new users. Hence Dracnmap is designed to perform fast scaning with the utilizing script engine of nmap and nmap can perform various automatic scanning techniques with the advanced commands.
OWASP/crAPI
completely ridiculous API (crAPI)
SpecterOps/BloodHound
Six Degrees of Domain Admin
yeswehack/PwnFox
PwnFox is a Firefox/Burp extension that provide usefull tools for your security audit.
xaitax/SploitScan
SploitScan is a sophisticated cybersecurity utility designed to provide detailed information on vulnerabilities and associated exploits.
mzfr/liffy
Local file inclusion exploitation tool
ghsec/webHunt
Web App bug hunting
whitel1st/docem
A tool to embed XXE and XSS payloads in docx, odt, pptx, xlsx files (oxml_xxe on steroids)
Err0r-ICA/Ransomware
Ransomwares Collection. Don't Run Them on Your Device.
0xDigimon/PenetrationTesting_Notes-
My Notes about Penetration Testing
AlteredSecurity/365-Stealer
365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack.
twseptian/oneliner-bugbounty
oneliner commands for bug bounties
aquasecurity/vuln-list
NVD, Ubuntu, Alpine
security-cheatsheet/metasploit-cheat-sheet
Metasploit Cheat Sheet 💣
undistro/zora
Zora is an open source solution that helps you achieve compliance with Kubernetes best practices recommended by industry-leading frameworks. By scanning your cluster with multiple plugins, Zora identifies potential issues, misconfigurations, and vulnerabilities.
SySS-Research/smbcrawler
smbcrawler is no-nonsense tool that takes credentials and a list of hosts and 'crawls' (or 'spiders') through those shares
Qazeer/FarsightAD
PowerShell script that aim to help uncovering (eventual) persistence mechanisms deployed by a threat actor following an Active Directory domain compromise
apisec-university/free-API-security-test-action
APIsec|SCAN - Free API security testing using Github actions
DependencyTrack/hyades
Incubating project for decoupling responsibilities from Dependency-Track's monolithic API server into separate, scalable services.
manuel-sommer/dependencytrack-pywrap
This is a python wrapper for the dependency track REST API.
manuel-sommer/Rusty-Hog-Wrapper
https://github.com/newrelic/rusty-hog