misconfiguration

There are 34 repositories under misconfiguration topic.

  • aquasecurity/trivy

    Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

    Language:Go28.9k1842.9k2.8k
  • tfsec

    aquasecurity/tfsec

    Tfsec is now part of Trivy

    Language:Go6.9k700552
  • SUDO_KILLER

    TH3xACE/SUDO_KILLER

    A tool designed to exploit a privilege escalation vulnerability in the sudo program on Unix-like systems. It takes advantage of a specific misconfiguration or flaw in sudo to gain elevated privileges on the system, essentially allowing a regular user to execute commands as the root user.

    Language:Shell2.4k5011257

  • aquasecurity/trivy-operator

    Kubernetes-native security toolkit

    Language:Go1.6k11769247

  • nickvourd/Windows-Local-Privilege-Escalation-Cookbook

    Windows Local Privilege Escalation Cookbook

    Language:PowerShell1.2k152184

  • firefart/stunner

    Stunner is a tool to test and exploit STUN, TURN and TURN over TCP servers.

    Language:Go820161847

  • aquasecurity/chain-bench

    An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.

    Language:Go758124666

  • b3rito/yotter

    yotter - bash script that performs recon and then uses dirb to discover directories that might lead to information leakage

    Language:Shell1246018

  • fatihtokus/scan2html

    A Trivy plugin that scans and outputs the results (vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more) to an interactive html file.

    Language:HTML10736111

  • Vinum-Security/yandex-cloud-security

    ⛅️🔐 Security Requirements for Yandex.Cloud configuration: IAM, network access, key management, Kubernetes, audit logs.

    40104

  • padok-team/yatas-aws

    Plugin for YATAS that audits AWS accounts for misconfiguration and security issues

    Language:Go145123

  • K3ysTr0K3R/DroidSniper

    DroidSniper - Misconfigured Android Debug Bridge Scanner

    Language:Python12101

  • Kloudle/aws-iam-large-account-security

    Security insights for AWS IAM in large-scale accounts (20K+ users), bypassing CSPM limitations.

    70

  • root4031/cors_scanner

    Fast CORS Misconfiguration Scanner

    Language:Shell6

  • 4lch3mis7/XGiF

    A tool to find .git folder exposed due to server misconfiguration.

    Language:Go5102

  • sicpa-foundations/secretKeeper

    SecretKeeper is a tool for detecting secrets and misconfigurations on your Git repositories (Bitbucket and GitHub).

    Language:Python4000

  • cehuda1/env-breaker

    Env Breaker adalah Pemindaian dan deteksi file .env pada situs-situs target. Skrip ini membantu mengidentifikasi kemungkinan kebocoran informasi sensitif yang terkait dengan file .env

    Language:PHP3100

  • padok-team/yatas-gcp

    Plugin for YATAS that audits GCP projects for misconfiguration and security issues

    Language:Go3330

  • Rozan312/Cloud-Service-Hunting

    This script automate exploit only cloud service

    Language:Python3000

  • secshubhamsharma/FireSploit

    FireSploit is a powerful tool for ethical hackers, developers, and security researchers. It helps find and fix misconfigured Firebase databases that are exposing sensitive data to the public. By scanning for open read/write access, it helps you secure your applications and prevent data breaches.

    Language:Python3

  • Archive-Puma/nucleo

    ⚛️ nucleo is a script that checks common vulnerabilities and security misconfigurations, strongly inspired by nuclei.

    Language:Shell2100

  • codershiyar/WinPrivilegeEscalation

    This repository provides easy-to-follow methods for gaining admin rights (privilege escalation) on Windows 10, 11, and newer systems. Learn how to identify and exploit misconfigurations, weak permissions, and common security flaws to escalate user privileges. Perfect for ethical hackers, penetration testers, and security researchers looking to test

    Language:HTML210

  • Elymaro/mailynx

    Bash script to detect SPF, DKIM, and DMARC issues that expose domains to spoofing

    Language:Shell20

  • fagci/gmf

    Global Misconfig Finder (web)

    Language:Python220

  • ShackWove/NetGun

    NetGun is a free and open source tool for port scanning, services enumeration, misconfigurations testing and CVE research. This is only for testing, official repository: https://github.com/MyCr4ck/NetGun_Classe03

    Language:HTML2000

  • killukeren/Hosti

    Automation tools untuk mendeteksi celah misconfig Host Header injection

    Language:Python1

  • gsscoder/configinsights

    Azure services configuration analyzer

    Language:C#0201

  • javelinsoft/CORS-Misconfiguration-test

    CORS Misconfiguration Test

    Language:HTML0100

  • ace-83/simple-wp-checker

    simple wordpress checker

    Language:Python

  • AWS-Security-Portfolio/s3-security

    Securing S3 buckets: Test public access, apply policies and encryption, and detect misconfigurations with AWS Trusted Advisor. Includes screenshots, policy examples, and clear documentation.

  • covertlabsaus/S3eker

    A Firebase security scanner that checks for common misconfigurations in Auth, RTDB, Firestore, and Storage, reporting risks in a clear JSON format.

    Language:Go

  • dafneb/MiCloudPurple

    Microsoft Cloud Purple tool

    Language:Python

  • MottaSec/Argus-AD

    Argus-AD is a comprehensive Active Directory security assessment tool designed for SYSADMINs and IT Admins to identify misconfigurations, privilege escalation paths, lateral movement opportunities, and hybrid identity issues in their Active Directory environments.

    Language:PowerShell

  • UsamaMatrix/cloud-exploit-framework

    ⚠️ Description only - code is confidential. Automates cloud security assessments for AWS, Azure, and GCP to detect misconfigurations and perform controlled exploitation.