Security related resources

python security related resources

Newest releases

klezVirus Modern Penetration testing and Red Teaming often requires to bypass common AV/EDR appliances in order to execute code on a target. With time, defenses are becoming more complex and inherently more difficult to bypass consistently.

sec-it Company Passwords Profiler (aka ComPP) helps making a bruteforce wordlist for a targeted company.

adanalvarez Python script that takes a config.json file as config and uses Burp Suite Pro to scan a list of websites.

capt-meelo Beaconator is an aggressor script for Cobalt Strike used to generate a raw stageless shellcode and packing the generated shellcode using PEzor.

mvt-project Mobile Verification Toolkit (MVT) is a collection of utilities to simplify and automate the process of gathering forensic traces helpful to identify a potential compromise of Android and iOS devices.

HuskyHacks Pure Nim implementation for exploiting CVE-2021-36934, the SeriousSAM Local Privilege Escalation (LPE). Nothing fancy, basically just a wrapper for PowerShell copy, but does save some time if you're triaging vulnerable hosts. Not

JustYoomoon Send CVE information to the specified mailbox (from Github)

BeetleChunks A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.

pwnwikiorg Use FOFA automatic vulnerability scanning tool

byt3bl33d3r A PrintNightmare (CVE-2021-34527) Python Scanner. Scan entire subnets for hosts vulnerable to the PrintNightmare RCE

Cerbrutus-BruteForcer Modular brute force tool written in Python, for very fast password spraying SSH, and in the near future other network services.

CRED-CLUB ARTIF is a new advanced real time threat intelligence framework built that adds another abstraction layer on the top of MISP to identify threats and malicious web traffic on the basis of IP reputation and historical data. It also

k4yt3x OrbitalDump - A simple multi-threaded distributed SSH brute-forcing tool written in Python.

Tencent 面向开发人员梳理的C/C++安全指南、JavaScript安全指南、Node安全指南、Go安全指南、Java安全指南、Python安全指南

ItIsMeCall911 📚 A Curated List of Awesome Telegram OSINT Tools, Sites & Resources

0vercl0k Proof of concept for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely.

memprocfshunt This script is a memory forensic wrapper to MemProcFS for memory speed analysis. It's includes several hunting modules and ELK import with pre built hunting dashboards. It's have cool features like metadata and imports detection.

brant-ruan Metarget = meta- + target, a framework providing automatic constructions of vulnerable infrastructures, used to deploy simple or complicated vulnerable cloud native targets swiftly and automatically.

pyupio Safety checks your installed dependencies for known security vulnerabilities

RomanMichaelPaolucci A Python library for mathematical finance

brant-ruan awesome resources about cloud native security 🐿

gaasedelen Tenet is an IDA Pro plugin for exploring execution traces. The goal of this plugin is to provide more natural, human controls for navigating execution traces against a given binary. The basis of this work stems from the desire to

Rog3rSm1th Profil3r Profil3r is an OSINT tool that allows you to find potential profiles of a person on social networks, as well as their email addresses. This p

Al1ex Vuln Impact This vulnerability allows for unauthenticated attackers with network access to the iControl REST interface, through the BIG-IP management

m4ll0k Infoga is a tool gathering email accounts informations (ip,hostname,country,...) from different public source (search engines, pgp key servers and shodan) and check if emails was leaked using API. Is a really si

DomainTools DomainCAT (Domain Connectivity Analysis Tool) Domain Connectivity Analysis Tool is used to analyze aggregate connectivity patterns across a set of dom

GONZOsint gitrecon OSINT tool to get information from a Github or Gitlab profile and find user's email addresses leaked on commits. 📚 How does this work? GitHu

timwhitez Doge-Defense-Evasion-Ref Defense Evasion | Bypass AntiVirus Reference Github Repositories

Gamma-laboratory This is a js front-end encryption blasting account and password tools,Because it calls JS in a clever way without us having to analyze the whole project

mrrothe A set of Python scripts for finding threats in Office365

nccgroup Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using the APIs exposed by cloud providers, Scout Suite gathers configuration data for manual inspec

zumbov2 Land doesn't vote, people do. This is a version of the famous visualization «Land doesn't vote, people do» by Karim Douïeb for Switzerland written in