Security related resources

python security related resources

Newest releases

0xdekster Web Application Security Automation Framework which recons the target for various assets to maximize the attack surface for security professionals & bug-hunters

0neb1n This vulnerability occurs in Outlook 2019 (16.0.13231.20262) installed on Windows 10 1909 x64

PaulRBerg Off-the-shelf Solidity smart contracts. Built with my beloved Solidity template.

advanced-threat-research CVE-2020-16899 - Microsoft Windows TCP/IP Vulnerability Detection Logic and Rule

vxunderground Collection of malware source code for a variety of platforms in an array of different programming languages.

iearn-finance Yearn Protocol is a set of Ethereum Smart Contracts focused on creating a simple way to generate high risk-adjusted returns for depositors of various assets via best-in-class lending protocols, liquidity pools, and community-made

advanced-threat-research CVE-202-16898 (Bad Neighbor) Microsoft Windows TCP/IP Vulnerability Detection Logic and Rule

tprynn Methodology for high-quality web application security testing

zhzyker Vulmap is a vulnerability scanning tool that can scan for vulnerabilities in Web containers, Web servers, Web middleware, and CMS and other Web programs, and has vulnerability exploitation functions. Relevant testers can use vulma

PaytmLabs NERVE is a vulnerability scanner tailored to find low-hanging fruit level vulnerabilities, in specific application configurations, network services, and unpatched services.

milesmcc Modern, privacy-friendly, and detailed web analytics that works without cookies or JS.

theLSA burpsuite extension for check unauthorized vulnerability

lk-geimfari A Clojure library designed to generate secure random numbers for managing secrets. This project is a Python's secret module implementation for Clojure, based on Java's standard library.

vulnersCom mikrot8over: Fast exploitation tool for Mikrotik RouterOS up to 6.38.4

maximelafarie This project was created in order to fight against spammers who are rotting what Hacktoberfest was created for.

abdennour References for CKS Exam Objectives - Certified Kubernetes Security Specialist

R0X4R An automation tool that scans sub-domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters.

fifikobayashi Smart contract that flash borrows from Aave and uses the flash liquidity for arbitrage between Sushiswap and UniswapV2 within the same transaction

zeronetworks Demonstrates that CVE-2020-1472 can be done via RPC/SMB, and not only over RPC/TCP.

Mr-Un1k0d3r Dlls that can be used for side loading and other attack vectors. This Dll will not cause deadlock since it only use functions that are DllMain safe as described below.

bb00 Abuse CVE-2020-1472 (Zerologon) to take over a domain and then repair the local stored machine account password.

dirkjanm PoC for Zerologon - all research credits go to Tom Tervoort of Secura

blackarrowsec Collection of PoC and offensive techniques used by the BlackArrow Red Team

risksense Exploit for zerologon cve-2020-1472

VoidSec Checker & Exploit Code for CVE-2020-1472 aka Zerologon.Tests whether a domain controller is vulnerable to the Zerologon attack, if vulnerable, it will resets the Domain Controller's account password to an empty string.

CyberSecurityUP Hackthebox, Vulnhub, TryHackMe and Real World PenTest

m4ll0k Certificate Transparency (CT) is an experimental IETF standard. The goal of it was to allow the public to audit which certificates were created by Certificate Authorities (CA). TLS has a weakness that comes from the large list of

SecuraBV A Python script that uses the Impacket library to test vulnerability for the Zerologon exploit (CVE-2020-1472).

0xroman1 Stash for Binary Exploitation and Reverse Engineering Resources

withdk Proof of concept tool to test for the existence of Pulse Secure RCE (CVE-2020-8218) and to encourage further research. This tool was built around the POC from the GoSecure advisory. All credit to them for the finding.

intrackeable This is a simple program designed in Python, to learn about how some ransomware works, using AES symmetric encryption.

BlackFan Content-Type that can be used for XSS and some related tricks

s0md3v Some HTTP parameter names are more commonly associated with one functionality than the others. For example, the parameter ?url= usually contains URLs as the value and hence often falls victim to file inclusion, open redirect and S