Security related resources

Modern Penetration testing and Red Teaming often requires to bypass common AV/EDR appliances in order to execute code on a target. With time, defenses are becoming more complex and inherently more difficult to bypass consistently.

Company Passwords Profiler (aka ComPP) helps making a bruteforce wordlist for a targeted company.

Python script that takes a config.json file as config and uses Burp Suite Pro to scan a list of websites.

Beaconator is an aggressor script for Cobalt Strike used to generate a raw stageless shellcode and packing the generated shellcode using PEzor.

Mobile Verification Toolkit (MVT) is a collection of utilities to simplify and automate the process of gathering forensic traces helpful to identify a potential compromise of Android and iOS devices.

Pure Nim implementation for exploiting CVE-2021-36934, the SeriousSAM Local Privilege Escalation (LPE). Nothing fancy, basically just a wrapper for PowerShell copy, but does save some time if you're triaging vulnerable hosts. Not

Send CVE information to the specified mailbox (from Github)

A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.

Use FOFA automatic vulnerability scanning tool

A PrintNightmare (CVE-2021-34527) Python Scanner. Scan entire subnets for hosts vulnerable to the PrintNightmare RCE

Modular brute force tool written in Python, for very fast password spraying SSH, and in the near future other network services.

ARTIF is a new advanced real time threat intelligence framework built that adds another abstraction layer on the top of MISP to identify threats and malicious web traffic on the basis of IP reputation and historical data. It also

OrbitalDump - A simple multi-threaded distributed SSH brute-forcing tool written in Python.

面向开发人员梳理的C/C++安全指南、JavaScript安全指南、Node安全指南、Go安全指南、Java安全指南、Python安全指南

📚 A Curated List of Awesome Telegram OSINT Tools, Sites & Resources

Proof of concept for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely.

This script is a memory forensic wrapper to MemProcFS for memory speed analysis. It's includes several hunting modules and ELK import with pre built hunting dashboards. It's have cool features like metadata and imports detection.

Metarget = meta- + target, a framework providing automatic constructions of vulnerable infrastructures, used to deploy simple or complicated vulnerable cloud native targets swiftly and automatically.

Safety checks your installed dependencies for known security vulnerabilities

A Python library for mathematical finance

awesome resources about cloud native security 🐿

Tenet is an IDA Pro plugin for exploring execution traces. The goal of this plugin is to provide more natural, human controls for navigating execution traces against a given binary. The basis of this work stems from the desire to

UFONet - Denial of Service Toolkit

Profil3r Profil3r is an OSINT tool that allows you to find potential profiles of a person on social networks, as well as their email addresses. This p

Vuln Impact This vulnerability allows for unauthenticated attackers with network access to the iControl REST interface, through the BIG-IP management

Infoga is a tool gathering email accounts informations (ip,hostname,country,...) from different public source (search engines, pgp key servers and shodan) and check if emails was leaked using haveibeenpwned.com API. Is a really si

DomainCAT (Domain Connectivity Analysis Tool) Domain Connectivity Analysis Tool is used to analyze aggregate connectivity patterns across a set of dom

gitrecon OSINT tool to get information from a Github or Gitlab profile and find user's email addresses leaked on commits. 📚 How does this work? GitHu

Doge-Defense-Evasion-Ref Defense Evasion | Bypass AntiVirus Reference Github Repositories https://github.com/BishopFox/sliver https://github.com/optiv

This is a js front-end encryption blasting account and password tools，Because it calls JS in a clever way without us having to analyze the whole project

A set of Python scripts for finding threats in Office365

Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using the APIs exposed by cloud providers, Scout Suite gathers configuration data for manual inspec

Land doesn't vote, people do. This is a version of the famous visualization «Land doesn't vote, people do» by Karim Douïeb for Switzerland written in