yowie's Stars
domain-protect/domain-protect-gcp
Protect against subdomain takeover
Fortiphyd/GRFICSv2
Version 2 of the Graphical Realism Framework for Industrial Control Simulation (GRFICS)
NetSPI/gcpwn
Enumeration/exploit/analysis/download/etc pentesting framework for GCP; modeled like Pacu for AWS; a product of numerous hours via @WebbinRoot
myugan/awesome-cicd-security
:books: A curated list of awesome CI CD security resources
nccgroup/SteppingStones
A Red Team Activity Hub
OWASP/OFFAT
The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towards completion.
TupleType/awesome-cicd-attacks
Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.
mrwadams/stride-gpt
An AI-powered threat modeling tool that leverages OpenAI's GPT models to generate threat models for a given application based on the STRIDE methodology.
mitre/caldera
Automated Adversary Emulation Platform
p0dalirius/Coercer
A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.
cookiecutter/cookiecutter
A cross-platform command-line utility that creates projects from cookiecutters (project templates), e.g. Python package projects, C projects.
Littlehack3r/awesome-gcp-pentesting
Tools and blogs I use to perform GCP red teams
careyjames/dns-scout
DNS Scout is a DNS troubleshooting tool that gets your email to the inbox. Checks SPF, DMARC, DKIM and MX records, for InfoSec Pros and Normies. Compatible with macOS, Ubuntu, Raspberry Pi and Kali Linux.
microsoft/ics-forensics-tools
Microsoft ICSpector (ICS Forensics Tools framework) is an open-source forensics framework that enables the analysis of Industrial PLC metadata and project files.
canix1/PIMSCAN
Tool for creating reports on Entra ID Role Assignments
c6fc/npk
A mostly-serverless distributed hash cracking platform
tldrsec/awesome-secure-defaults
Awesome secure by default libraries to help you eliminate bug classes!
RedefiningReality/Cobalt-Strike
Various resources to enhance Cobalt Strike's functionality and its ability to evade antivirus/EDR detection
pilcrowOnPaper/copenhagen
A basic guideline on implementing auth for the web
HackingLZ/IndicatorOfCanary
Canary Detection
furgoose/Pocket-Casts
Unofficial API for pocket casts built in python 3
Warxim/deluder
Deluder is a tool for intercepting traffic of proxy unaware applications. Currently, Deluder supports OpenSSL, GnuTLS, SChannel, WinSock and Linux Sockets out of the box. ⚡
linexjlin/GPTs
leaked prompts of GPTs
Ostorlab/KEV
Ostorlab KEV: One-command to detect most remotely known exploitable vulnerabilities. Sourced from CISA KEV, Google's Tsunami, Ostorlab's Asteroid and Bug Bounty programs.
MayankPandey01/Jira-Lens
Fast and customizable vulnerability scanner For JIRA written in Python
Xacone/BestEdrOfTheMarket
Little user-mode AV/EDR evasion lab for training & learning purposes
vulnerable-apps/awesome-vulnerable
A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.
padok-team/cognito-scanner
A simple script which implements different Cognito attacks such as Account Oracle or Priviledge Escalation
georgesotiriadis/Chimera
Automated DLL Sideloading Tool With EDR Evasion Capabilities
APKLab/APKLab
Android Reverse-Engineering Workbench for VS Code