pop36's Stars
danielmiessler/SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
owasp-amass/amass
In-depth attack surface mapping and asset discovery
projectdiscovery/subfinder
Fast passive subdomain enumeration tool.
bottlerocket-os/bottlerocket
An operating system designed for hosting containers
decalage2/awesome-security-hardening
A collection of awesome security hardening guides, tools and other resources
Orange-Cyberdefense/GOAD
game of active directory
jpetazzo/container.training
Slides and code samples for training, tutorials, and workshops about Docker, containers, and Kubernetes.
jtesta/ssh-audit
SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)
RhinoSecurityLabs/cloudgoat
CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool
6mile/DevSecOps-Playbook
This is a step-by-step guide to implementing a DevSecOps program for any size organization
cipher387/API-s-for-OSINT
List of API's for gathering information about phone numbers, addresses, domains etc
IvanGlinkin/Fast-Google-Dorks-Scan
The OSINT project, the main idea of which is to collect all the possible Google dorks search combinations and to find the information about the specific web-site: common admin panels, the widespread file types and path traversal. The 100% automated.
austinsonger/Incident-Playbook
GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]
OWASP/wrongsecrets
Vulnerable app with examples showing how to not use secrets
Viralmaniar/Passhunt
Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.
stackrox/stackrox
The StackRox Kubernetes Security Platform performs a risk analysis of the container environment, delivers visibility and runtime alerts, and provides recommendations to proactively improve security by hardening the environment.
ksoclabs/awesome-kubernetes-security
A curated list of awesome Kubernetes security resources
Puliczek/awesome-list-of-secrets-in-environment-variables
🦄🔒 Awesome list of secrets in environment variables 🖥️
ninoseki/mihari
A query aggregator for OSINT based threat hunting
aquasecurity/chain-bench
An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.
SummitRoute/csp_security_mistakes
This repo has been replaced by https://www.cloudvulndb.org
aquasecurity/cloud-security-remediation-guides
Security Remediation Guides
ramimac/aws-customer-security-incidents
A repository of breaches of AWS customers
chainguard-dev/ssc-reading-list
A reading list for software supply-chain security.
SummitRoute/aws_exposable_resources
Resource types that can be publicly exposed on AWS
koenbuyens/Vulnerable-OAuth-2.0-Applications
vulnerable OAuth 2.0 applications: understand the security implications of your OAuth 2.0 decisions.
koenbuyens/oauth-2.0-security-cheat-sheet
oauth security guidelines
chughes757/SecureSoftwareSupplyChain
This repo is a consolidation of Secure Software Supply Chain resources, such as talks, whitepapers, conferences and more.
Ginsberg5150/Web3
This is where we dump all the web 3 infromation
mikoiv/MicrosoftSentinel-ShodanMonitor
Ingesting Shodan Monitor Alerts to Microsoft Sentinel