yowie's Stars
PortSwigger/aws-security-checks
AWS Security Checks
samdenty/injectify
Perform advanced MiTM attacks on websites with ease 💉
ash47/HashCrackingExperiment
A thought experiment to see if it's possible to leverage google's indexing service to crack hashes.
ash47/EnterpriseWifiPasswordRecover
This is a tool that recovers WPA2 Enterprise Wifi Credentials from a machine.
peewpw/Invoke-WCMDump
PowerShell Script to Dump Windows Credentials from the Credential Manager
Sysinternals/ProcDump-for-Linux
A Linux version of the ProcDump Sysinternals tool
yeyintminthuhtut/Awesome-Red-Teaming
List of Awesome Red Teaming Resources
sensepost/birp
Big Iron Recon & Pwnage
xmendez/wfuzz
Web application fuzzer
nahamsec/lazys3
prowler-cloud/prowler
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
sensepost/objection
📱 objection - runtime mobile exploration
earthquake/XFLTReaT
XFLTReaT tunnelling framework
Hack-with-Github/Powerful-Plugins
Powerful plugins and add-ons for hackers
codingo/Reconnoitre
A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
allfro/BurpKit
Next-gen BurpSuite penetration testing tool
shieldfy/API-Security-Checklist
Checklist of the most important security countermeasures when designing, testing, and releasing your API
jordanpotti/AWSBucketDump
Security Tool to Look For Interesting Files in S3 Buckets
nccgroup/LazyDroid
bash script to facilitate some aspects of an Android application assessment
DenizParlak/Zeus
AWS Auditing & Hardening Tool
DataSploit/datasploit
An #OSINT Framework to perform various recon techniques on Companies, People, Phone Number, Bitcoin Addresses, etc., aggregate all the raw data, and give data in multiple formats.
twelvesec/JDSer-DComp
A Burp Extender plugin that will allow you to tamper with requests containing compressed, serialized java objects.
PaulSec/awesome-windows-domain-hardening
A curated list of awesome Security Hardening techniques for Windows.
samartzidis/WinAppleKey
Apple Magic Keyboard Driver (A1644) for Windows 10
OWASP/owasp-mastg
The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
orlyjamie/mimikittenz
A post-exploitation powershell tool for extracting juicy info from memory.
funoverip/mcafee-sitelist-pwd-decryption
Password decryption tool for the McAfee SiteList.xml file
1N3/IntruderPayloads
A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
aboul3la/Sublist3r
Fast subdomains enumeration tool for penetration testers
mdsecresearch/Publications
A list of published research documents