phaz0n

phaz0n's Stars

• swisskyrepo/PayloadsAllTheThings

  A list of useful payloads and bypass for Web Application Security and Pentest/CTF

  Language:Python63.5k1.9k015.1k

• owasp-amass/amass

  In-depth attack surface mapping and asset discovery

  Language:Go12.5k2226641.9k

• fuzzdb-project/fuzzdb

  Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

  Language:PHP8.4k3661532.1k

• projectdiscovery/httpx

  httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

  Language:Go8.2k78659875

• michenriksen/aquatone

  A Tool for Domain Flyovers

  Language:Go5.7k1350886

• lgandx/Responder

  Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.

  Language:Python5.7k144194788

• trustedsec/ptf

  The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.

  Language:Python5.2k3242431.2k

• RedSiege/EyeWitness

  EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

  Language:Python5.2k144454862

• arainho/awesome-api-security

  A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.

  3.2k700538

• joeyism/linkedin_scraper

  A library that scrapes Linkedin for user data

  Language:Python2.3k44163615

• haccer/subjack

  Subdomain Takeover tool written in Go

  Language:Go1.9k4963342

• DataDog/stratus-red-team

  :cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud

  Language:Go1.9k36194227

• threatexpress/malleable-c2

  Cobalt Strike Malleable C2 Design and Reference Guide

  1.7k4213297

• threatexpress/domainhunter

  Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names

  Language:Python1.6k6025290

• SecurityRiskAdvisors/VECTR

  VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios

  1.4k69280165

• austinsonger/Incident-Playbook

  GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]

  1.4k70143253

• assetnote/wordlists

  Automated & Manual Wordlists provided by Assetnote

  Language:CSS1.4k275145

• roottusk/vapi

  vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

  Language:HTML1.2k2028314

• OWASP/crAPI

  completely ridiculous API (crAPI)

  Language:Java1.2k24100375

• erev0s/VAmPI

  Vulnerable REST API with OWASP top 10 vulnerabilities for security testing

  Language:Python9671325390

• maldevel/EmailHarvester

  Email addresses harvester

  Language:Python8463643179

• hausec/Bloodhound-Custom-Queries

  Custom Query list for the Bloodhound GUI based off my cheatsheet

  766205125

• Cgboal/SonarSearch

  A rapid API for the Project Sonar dataset

  Language:Go643194597

• Mr-Un1k0d3r/CatMyPhish

  Search for categorized domain

  Language:Python44323286

• 3CORESec/MAL-CL

  MAL-CL (Malicious Command-Line)

  30922043

• mantvydasb/Red-Team-Infrastructure-Automation

  Disposable and resilient red team infrastructure with Terraform

  Language:HCL26011384

• jhaddix/KingOfBugBountyTips

  1787048

• BankSecurity/Threat_Hunting

  Some Threat Hunting queries useful for blue teamers

  1254024

• xpn/DemoLab

  A very simple lab to demo some Terraform, DSC, Inspec and Gitlab CI

  Language:PowerShell896033

• Internon/GitDorker

  A Python program to scrape secrets from GitHub through usage of a large repository of dorks.

  Language:Python6200