strupo's Stars
primer/octicons
A scalable set of icons handcrafted with <3 by GitHub
SonarSource/sonar-loc-count
juice-shop/multi-juicer
Host and manage multiple Juice Shop instances for security trainings and Capture The Flags
6mile/DevSecOps-Playbook
This is a step-by-step guide to implementing a DevSecOps program for any size organization
clr2of8/SlackExtract
A PowerShell script to download all files, messages and user profiles that a user has access to in slack.
ossf/scorecard
OpenSSF Scorecard - Security health metrics for Open Source
securisec/cliam
Cloud agnostic IAM permissions enumerator
jeremylong/DependencyCheck
OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
madhavbhatt/DetectionNavigator
nyxgeek/AzureAD_Autologon_Brute
Brute force attack tool for Azure AD Autologon/Seamless SSO - Source: https://arstechnica.com/information-technology/2021/09/new-azure-active-directory-password-brute-forcing-flaw-has-no-fix/
trustoncloud/threatmodel-for-aws-s3
ThreatModel for Amazon S3 - Library of all the attack scenarios on Amazon S3, and how to mitigate them following a risk-based approach
ripienaar/free-for-dev
A list of SaaS, PaaS and IaaS offerings that have free tiers of interest to devops and infradev
BishopFox/smogcloud
Find cloud assets that no one wants exposed 🔎 ☁️
gracenolan/Notes
domain-protect/domain-protect
OWASP Domain Protect - prevent subdomain takeover
irsl/gcp-dhcp-takeover-code-exec
Google Compute Engine (GCE) VM takeover via DHCP flood - gain root access by getting SSH keys added by google_guest_agent
brompwnie/botb
A container analysis and exploitation tool for pentesters and engineers.
orlyjamie/mimikittenz
A post-exploitation powershell tool for extracting juicy info from memory.
chipik/SAP_RECON
PoC for CVE-2020-6287, CVE-2020-6286 (SAP RECON vulnerability)
internetwache/GitTools
A repository with 3 tools for pwn'ing websites with .git repositories available
OlivierLaflamme/Cheatsheet-God
Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
carnal0wnage/weirdAAL
WeirdAAL (AWS Attack Library)
RhinoSecurityLabs/pacu
The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
andresriancho/enumerate-iam
Enumerate the permissions associated with AWS credential set
ReverendThing/Carnivore
Microsoft External Attack Tool
jpillora/chisel
A fast TCP/UDP tunnel over HTTP
dirkjanm/ldapdomaindump
Active Directory information dumper via LDAP
pandasec888/taowu-cobalt_strike
Binject/backdoorfactory
A from-scratch rewrite of The Backdoor Factory - a MitM tool for inserting shellcode into all types of binaries on the wire.
Gallopsled/pwntools
CTF framework and exploit development library