yowie's Stars
promptfoo/promptfoo
Test your prompts, agents, and RAGs. Red teaming, pentesting, and vulnerability scanning for LLMs. Compare performance of GPT, Claude, Gemini, Llama, and more. Simple declarative configs with command line and CI/CD integration.
dabeaz-course/python-mastery
Advanced Python Mastery (course by @dabeaz)
sigp/siren
User interface for Lighthouse
RedSiege/EyeWitness
EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
irsl/curlshell
reverse shell using curl
doyensec/wsrepl
WebSocket REPL for pentesters
MrEmpy/mantra
「🔑」A tool used to hunt down API key leaks in JS files and pages
jassics/security-interview-questions
Security interview questions with possible explanation for roles in AppSec, Pentesting, Cloud Security, DevSecOps, Network Security and so on
anirudhbiyani/findmytakeover
find dangling domains in a multi cloud environment
cisagov/pen-testing-findings
A collection of Active Directory, phishing, mobile technology, system, service, web application, and wireless technology weaknesses that may be discovered during a penetration test.
bitquark/shortscan
An IIS short filename enumeration tool
sensepost/gowitness
🔍 gowitness - a golang, web screenshot utility using Chrome Headless
invictus-ir/aws-cheatsheet
A cheatsheet containing AWS CloudTrail events that can be used for Incident Response purposes or Detection Engineering.
BishopFox/jsluice
Extract URLs, paths, secrets, and other interesting bits from JavaScript
awslabs/threat-composer
A simple threat modeling tool to help humans to reduce time-to-value when threat modeling
tenable/awesome-llm-cybersecurity-tools
A curated list of large language model tools for cybersecurity research.
matro7sh/BypassAV
This map lists the essential techniques to bypass anti-virus and EDR
projectdiscovery/alterx
Fast and customizable subdomain wordlist generator using DSL
prateek147/DVIA-v2
Damn Vulnerable iOS App (DVIA) is an iOS application that is damn vulnerable. Its main goal is to provide a platform to mobile security enthusiasts/professionals or students to test their iOS penetration testing skills in a legal environment. This project is developed and maintained by @prateekg147. The vulnerabilities and solutions covered in this app are tested up to iOS 11. The current version is writen in Swift and has the following vulnerabilities.
s0md3v/Photon
Incredibly fast crawler designed for OSINT.
dirkjanm/ROADtools
A collection of Azure AD/Entra tools for offensive and defensive security purposes
hardbyte/netchecks
Tool to validate assumptions about the network
assetnote/ghostbuster
Eliminate dangling elastic IPs by performing analysis on your resources within all your AWS accounts.
projectdiscovery/httpx
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
fyoorer/ShadowClone
Unleash the power of cloud
scythe-io/purple-team-exercise-framework
Purple Team Exercise Framework
vanhoefm/macstealer
MattKeeley/Spoofy
Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
oguzhan-yilmaz/balcony
cli tool to read any resource off of AWS API. Also generates Terraform import-blocks, and actual Terraform Resource code.
cloudflare/flan
A pretty sweet vulnerability scanner