vinegrep's Stars
breenmachine/RottenPotatoNG
New version of RottenPotato as a C++ DLL and standalone C++ binary - no need for meterpreter or other tools.
infosecn1nja/Red-Teaming-Toolkit
This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
Neo23x0/yarGen
yarGen is a generator for YARA rules
prowler-cloud/prowler
Prowler is an Open Cloud Security tool for AWS, Azure, GCP and Kubernetes. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more.
FabioBaroni/awesome-exploit-development
A curated list of resources (books, tutorials, courses, tools and vulnerable applications) for learning about Exploit Development
sodium-friends/learntocrypto
Learn to crypto workshop
sektioneins/pcc
PHP Secure Configuration Checker
immunIT/drupwn
Drupal enumeration & exploitation tool
yeyintminthuhtut/Awesome-Red-Teaming
List of Awesome Red Teaming Resources
redcanaryco/atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
redhuntlabs/RedHunt-OS
Virtual Machine for Adversary Emulation and Threat Hunting
mdsecactivebreach/SharpShooter
Payload Generation Framework
gdedrouas/Exchange-AD-Privesc
Exchange privilege escalations to Active Directory
andresriancho/w3af
w3af: web application attack and audit framework, the open source web vulnerability scanner.
UnaPibaGeek/ctfr
Abusing Certificate Transparency logs for getting HTTPS websites subdomains.
xairy/linux-kernel-exploitation
A collection of links related to Linux kernel security and exploitation
lgandx/Responder
Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
bontchev/pcodedmp
A VBA p-code disassembler
0x4D31/awesome-threat-detection
✨ A curated list of awesome threat detection and hunting resources 🕵️♂️
danielmiessler/SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
OJ/gobuster
Directory/File, DNS and VHost busting tool written in Go
byt3bl33d3r/CrackMapExec
A swiss army knife for pentesting networks
cSploit/android
cSploit - The most complete and advanced IT security professional toolkit on Android.
hasherezade/pe-sieve
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
Ekultek/WhatWaf
Detect and bypass web application firewalls and protection systems
clong/DetectionLab
Automate the creation of a lab environment complete with security tooling and logging best practices
hardentools/hardentools
Hardentools simply reduces the attack surface on Microsoft Windows computers by disabling low-hanging fruit risky features.
wtsxDev/reverse-engineering
List of awesome reverse engineering resources
secfigo/Awesome-Fuzzing
A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis.
mykter/afl-training
Exercises to learn how to fuzz with American Fuzzy Lop