strupo

strupo's Stars

• primer/octicons

  A scalable set of icons handcrafted with <3 by GitHub

  Language:JavaScript8.2k827

• SonarSource/sonar-loc-count

  Language:PowerShell3624

• juice-shop/multi-juicer

  Host and manage multiple Juice Shop instances for security trainings and Capture The Flags

  Language:JavaScript262117

• 6mile/DevSecOps-Playbook

  This is a step-by-step guide to implementing a DevSecOps program for any size organization

  1.8k312

• clr2of8/SlackExtract

  A PowerShell script to download all files, messages and user profiles that a user has access to in slack.

  Language:PowerShell13717

• ossf/scorecard

  OpenSSF Scorecard - Security health metrics for Open Source

  Language:Go4.2k460

• securisec/cliam

  Cloud agnostic IAM permissions enumerator

  Language:Go13111

• jeremylong/DependencyCheck

  OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

  Language:Java6k1.2k

• madhavbhatt/DetectionNavigator

  Language:CSS8

• nyxgeek/AzureAD_Autologon_Brute

  Brute force attack tool for Azure AD Autologon/Seamless SSO - Source: https://arstechnica.com/information-technology/2021/09/new-azure-active-directory-password-brute-forcing-flaw-has-no-fix/

  Language:Python9724

• trustoncloud/threatmodel-for-aws-s3

  ThreatModel for Amazon S3 - Library of all the attack scenarios on Amazon S3, and how to mitigate them following a risk-based approach

  14720

• ripienaar/free-for-dev

  A list of SaaS, PaaS and IaaS offerings that have free tiers of interest to devops and infradev

  Language:HTML85.5k9.3k

• BishopFox/smogcloud

  Find cloud assets that no one wants exposed 🔎 ☁️

  Language:Go32838

• gracenolan/Notes

  1.6k354

• domain-protect/domain-protect

  OWASP Domain Protect - prevent subdomain takeover

  Language:Python37760

• irsl/gcp-dhcp-takeover-code-exec

  Google Compute Engine (GCE) VM takeover via DHCP flood - gain root access by getting SSH keys added by google_guest_agent

  Language:Go52936

• brompwnie/botb

  A container analysis and exploitation tool for pentesters and engineers.

  Language:Go61261

• orlyjamie/mimikittenz

  A post-exploitation powershell tool for extracting juicy info from memory.

  Language:PowerShell1.8k336

• chipik/SAP_RECON

  PoC for CVE-2020-6287, CVE-2020-6286 (SAP RECON vulnerability)

  Language:Python21564

• internetwache/GitTools

  A repository with 3 tools for pwn'ing websites with .git repositories available

  Language:Shell3.8k610

• OlivierLaflamme/Cheatsheet-God

  Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

  4.8k1.2k

• carnal0wnage/weirdAAL

  WeirdAAL (AWS Attack Library)

  Language:Python76392

• RhinoSecurityLabs/pacu

  The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

  Language:Python4.2k675

• andresriancho/enumerate-iam

  Enumerate the permissions associated with AWS credential set

  Language:Python1k167

• ReverendThing/Carnivore

  Microsoft External Attack Tool

  Language:C#17815

• jpillora/chisel

  A fast TCP/UDP tunnel over HTTP

  Language:Go12.4k1.3k

• dirkjanm/ldapdomaindump

  Active Directory information dumper via LDAP

  Language:Python1.1k183

• pandasec888/taowu-cobalt_strike

  1.8k334

• Binject/backdoorfactory

  A from-scratch rewrite of The Backdoor Factory - a MitM tool for inserting shellcode into all types of binaries on the wire.

  Language:Go36664

• Gallopsled/pwntools

  CTF framework and exploit development library

  Language:Python11.7k1.7k