nmalcolm
Here I am, brain the size of a planet, and they ask me to take you to the bridge. Call that job satisfaction, 'cause I don't.
Earth
nmalcolm's Stars
aquasecurity/trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
projectdiscovery/nuclei
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
owasp-amass/amass
In-depth attack surface mapping and asset discovery
dgryski/go-perfbook
Thoughts on Go performance optimization
michenriksen/aquatone
A Tool for Domain Flyovers
streaak/keyhacks
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
almandin/fuxploider
File upload vulnerability scanner and exploitation tool.
Voorivex/pentest-guide
Penetration tests guide based on OWASP including test cases, resources and examples.
tomnomnom/hacks
A collection of hacks and one-off scripts
haccer/subjack
Subdomain Takeover tool written in Go
ihebski/A-Red-Teamer-diaries
RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
trustedsec/hate_crack
A tool for automating cracking methodologies through Hashcat from the TrustedSec team.
doyensec/inql
InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.
BishopFox/GitGot
Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.
bjornd/jvectormap
maK-/parameth
This tool can be used to brute discover GET and POST parameters
PhrozenIO/win-brute-logon
Crack any Microsoft Windows users password without any privilege (Guest account included)
wireghoul/dotdotpwn
DotDotPwn - The Directory Traversal Fuzzer
yassineaboukir/sublert
Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.
mxrch/penglab
🐧 Abuse of Google Colab for cracking hashes.
assetnote/commonspeak2
Leverages publicly available datasets from Google BigQuery to generate content discovery and subdomain wordlists
appsecco/the-art-of-subdomain-enumeration
This repository contains all the supplement material for the book "The art of sub-domain enumeration"
trustedsec/cve-2019-19781
This is a tool published for the Citrix ADC (NetScaler) vulnerability. We are only disclosing this due to others publishing the exploit code first.
assetnote/commonspeak2-wordlists
Wordlists that have been compiled using Commonspeak2. This repo is updated every time new wordlists are generated.
WithSecureLabs/captcha22
CAPTCHA22 is a toolset for building, and training, CAPTCHA cracking models using neural networks.
sp00ks-git/hat
HAT (Hashcat Automation Tool) - An Automated Hashcat Tool for common wordlists and rules to speed up the process of cracking hashes during engagements. Created for Linux based systems
arbazkiraak/certasset
Takes ip range, Scan all open SSL Certs, Grab Cnames
pwnwiki/webappurls
A public list of URLs generally useful to webapp testers and pentesters
nccgroup/go-pillage-registries
Pentester-focused Docker registry tool to enumerate and pull images
epixoip/cudaMergeSort
Highly parallel, GPU-accelerated hybrid mergesort with mmap'd IO