matheuswm

Amass

In-depth Attack Surface Mapping and Asset Discovery

anew

A tool for adding new lines to files, skipping duplicates

api-firewall

Fast and light-weight API proxy firewall for request and response validation by OpenAPI specs.

assetfinder

Find domains and subdomains related to a given domain

awesome-github-profile-readme

😎 A curated list of awesome GitHub Profile READMEs 📝

bug-bounty-platforms

A community-powered collection of all known bug bounty platforms, vulnerability disclosure platforms, and crowdsourced security platforms currently active on the Internet.

container-security-checklist

Checklist for container security - devsecops practices

ctfr

Abusing Certificate Transparency logs for getting HTTPS websites subdomains.

CVE-2021-1675

C# and Impacket implementation of PrintNightmare CVE-2021-1675/CVE-2021-34527

CVE-2021-26084

CVE-2021-26084 - Confluence Pre-Auth RCE | OGNL injection

matheuswm/Amass

In-depth Attack Surface Mapping and Asset Discovery

matheuswm/anew

A tool for adding new lines to files, skipping duplicates

matheuswm/api-firewall

Fast and light-weight API proxy firewall for request and response validation by OpenAPI specs.

matheuswm/assetfinder

Find domains and subdomains related to a given domain

matheuswm/awesome-github-profile-readme

😎 A curated list of awesome GitHub Profile READMEs 📝

matheuswm/bug-bounty-platforms

A community-powered collection of all known bug bounty platforms, vulnerability disclosure platforms, and crowdsourced security platforms currently active on the Internet.

matheuswm/container-security-checklist

Checklist for container security - devsecops practices

matheuswm/CVE-2021-41773_CVE-2021-42013

Apache HTTP Server 2.4.49, 2.4.50 - Path Traversal & RCE

matheuswm/DesenvolvimentoSeguro

Principios e Boas Práticas sobre Desenvolvimento Seguro

matheuswm/DevSecOps

Ultimate DevSecOps library

matheuswm/dvja

Damn Vulnerable Java (EE) Application

matheuswm/dvna

Damn Vulnerable NodeJS Application

matheuswm/ESP32Marauder

A suite of WiFi/Bluetooth offensive and defensive tools for the ESP32

matheuswm/Findomain

The complete solution for domain recognition. Supports screenshoting, port scan, HTTP check, data import from other tools, subdomain monitoring, alerts via Discord, Slack and Telegram, multiple API Keys for sources and much more.

matheuswm/git-secrets

Prevents you from committing secrets and credentials into git repositories

matheuswm/horusec-examples-vulnerabilities

Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.

matheuswm/kubernetes-security-checklist

Awesome resources about Security in Kubernetes

matheuswm/marshalsec

matheuswm/Mobile-Security-Framework-MobSF

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

matheuswm/PANOSGraylogExtractor

Extractors for PAN-OS TRAFFIC, THREAT, SYSTEM and CONFIG syslog for Graylog

matheuswm/petereport

PeTeReport is an open-source application vulnerability reporting tool.

matheuswm/pi-hole

A black hole for Internet advertisements

matheuswm/Practical-Ethical-Hacking-Resources

Compilation of Resources from TCM's Practical Ethical Hacking Udemy Course

matheuswm/pwndoc

Pentest Report Generator

matheuswm/roxy-wi

Web interface for managing Haproxy, Nginx and Keepalived servers

matheuswm/SOC-OpenSource

This is a Project Designed for Security Analysts and all SOC audiences who wants to play with implementation and explore the Modern SOC architecture.

matheuswm/Sonar-Exporter

matheuswm/subfinder

Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.

matheuswm/theHarvester

E-mails, subdomains and names Harvester - OSINT

matheuswm/trivy

Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues and hard-coded secrets