Security related resources

python security related resources

Newest releases

Insane-Forensics Dispatches from Drovorub: Network Threat Hunting for Russia GRU GTsSS' Malware at Scale Recently, the National Security Agency and Federal Bureau of I
 

KathanP19 HowToHunt Some Tutorials and Things to Do while Hunting That Particular Vulnerability. Note: You Can Help Me Complete This List By Making Pull Request
 

aqme Nuclei is an open-source web application security scanner developed by ProjectDiscovery.io. Its template engine empowers a community of cybersecurity
 

pwn0sec A Python based scanner to find potential SSRF parameters in a web application.
 

FSecureLABS Description N1QLMap is an N1QL exploitation tool. Currently works with Couchbase database. The tool supports data extraction and performing SSRF attac
 

radioactivetobi Geo-Recon An OSINT CLI tool desgined to fast track IP Reputation and Geo-locaton look up for Security Analysts. Setup This tool is compactible with: A
 

TheNittam RPOscanner By @TheNittam Relative Path Overwrite Vulnerability Scanner - Version 1 Follow : @CryptoGenNepal Ever heard about RPO Attack? If not here i
 

justakazh mass_cve-2021-41773 MASS CVE-2021-41773 Screenshot Usage ! python3 -m pip install requests pyyhon3 cve-2021-41773.py urlist.txt pool Note ! results wi
 

Vulnmachines cve-2021-41773 CVE-2021-41773 Path Traversal vulnerability in Apache 2.4.49. Follow Twitter YouTube Online learning platform Vulnmachines.com RCE POC
 

ptswarm This framework helps with Flutter apps reverse engineering using the patched version of the Flutter library which is already compiled and ready for ap
 

hashlookup hashlookup-forensic-analyser Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public
 

htrgouvea Lab CVE-2021-41773 Container lab to play/learn with CVE-2021-41773 File disclosure: $ docker build -t apache-default default_conf $ docker run -dit --
 

p0dalirius ipsourcebypass This Python script can be used to bypass IP source restrictions using HTTP headers. Features 17 HTTP headers. Multithreading. JSON expo
 

BirdSecurity Instagram Exploitation Framework What is IEF? IEF, also known as Instagram Exploitation Framework is as you can tell from the name, it's a exploitatio
 

long2ice alarmer Alarmer is a tool focus on error reporting for your application. Installation pip install alarmer Usage It's simple to integrate alarmer in yo
 

katiehuangx 📚 How to Create a GitHub Portfolio Hi there, I'm Katie! 🙋🏻‍♀️ This is a fuss-free, simple guide to create your GitHub portfolio. It's perfect for B
 

PiotrMachowski Xiaomi Cloud Tokens Extractor This tool/script retrieves tokens for all devices connected to Xiaomi cloud. You will need to provide: username (e-mail
 

ovh The Bastion Bastions are a cluster of machines used as the unique entry point by operational teams (such as sysadmins, developers, database admins, ..
 

saeidshirazi Awesome-Android-Security Table of Contents Blog How To's Paper Books Course Tools Static Analysis Tools Dynamic Analysis Tools Online APK Analyzers On
 

swisscom Threat intelligence and threat detections This repo contains threat intelligence information and threat detection indicators (IOC, IOA) shared by Swis
 

pine64 Pine64’s BLE602 reverse engineering working group Notes The blobs were compiled using riscv32-unknown-elf-gcc_8.3.0 -march=rv32imfc -mabi=ilp32f -gdwa
 

ShilpeshTrivedi Malware/IR-Tools-Resources This Repo contains resource for following: 1] Malware Analysis 2] Threat Hunting 3] Incident Response 4] Threat Intellige
 

mercadolibre PoLP Fiction Abstract Polp Fiction is an in-house tool developed at Mercadolibre that aims expose metrics of the current situation regarding privilege
 

rtcatc Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.
 

login-securite DonPAPI Dumping revelant information on compromised targets without AV detection DPAPI dumping Lots of credentials are protected by DPAPI. We aim at l
 

emalderson ThePhish ThePhish is an automated phishing email analysis tool based on TheHive, Cortex and MISP. It is a web application written in Python 3 and base
 

wealeson1 FBbypass 403 Bypass 工具参数说明 Options: -t, --target 目标URL或者目标文件路径 使用例子 python ./FBbypass.py -t http://target.com/target/ python ./FBbypass.p
 

sting8k 403Bypasser An burpsuite extension to bypass 403 restricted directory. By using PassiveScan (default enabled), each 403 request will be automatically
 

cedowens C2-JARM A list of JARM hashes for different ssl implementations used by some C2 tools. Also adding other useful red team tools that use ssl (ex: EvilG
 

ferreiraklet ReconTracer A Tool for subdomain scan with other tools ReconTracer Find subdomains by using another amazing sources!. What ReconTracer can do? Actuall
 

dsopas MindAPI Bringing order to API hacking chaos! View Online · Report Bug · Request Feature Table of Contents About The Project Built With Roadmap Contrib
 

impost0r Rotten-Apples macOS codesigning translocation vulnerability. (10.x -> 11.3.1, bandaid fix applied in 11.4) Original article: https://occamsec.com/rott
 

dorkerdevil CVE-2021-22986-Poc This is a Poc for BIGIP iControl unauth RCE POC :~ curl -ksu admin:[redacted] https://192.168.123.134/mgmt/tm/access/bundle-install