Security related resources
python security related resources
Newest releases
Dispatches from Drovorub: Network Threat Hunting for Russia GRU GTsSS' Malware at Scale Recently, the National Security Agency and Federal Bureau of I
HowToHunt Some Tutorials and Things to Do while Hunting That Particular Vulnerability. Note: You Can Help Me Complete This List By Making Pull Request
Nuclei is an open-source web application security scanner developed by ProjectDiscovery.io. Its template engine empowers a community of cybersecurity
A Python based scanner to find potential SSRF parameters in a web application.
Description N1QLMap is an N1QL exploitation tool. Currently works with Couchbase database. The tool supports data extraction and performing SSRF attac
Geo-Recon An OSINT CLI tool desgined to fast track IP Reputation and Geo-locaton look up for Security Analysts. Setup This tool is compactible with: A
RPOscanner By @TheNittam Relative Path Overwrite Vulnerability Scanner - Version 1 Follow : @CryptoGenNepal Ever heard about RPO Attack? If not here i
mass_cve-2021-41773 MASS CVE-2021-41773 Screenshot Usage ! python3 -m pip install requests pyyhon3 cve-2021-41773.py urlist.txt pool Note ! results wi
cve-2021-41773 CVE-2021-41773 Path Traversal vulnerability in Apache 2.4.49. Follow Twitter YouTube Online learning platform Vulnmachines.com RCE POC
This framework helps with Flutter apps reverse engineering using the patched version of the Flutter library which is already compiled and ready for ap
hashlookup-forensic-analyser Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public
Lab CVE-2021-41773 Container lab to play/learn with CVE-2021-41773 File disclosure: $ docker build -t apache-default default_conf
$ docker run -dit --
ipsourcebypass This Python script can be used to bypass IP source restrictions using HTTP headers. Features 17 HTTP headers. Multithreading. JSON expo
Instagram Exploitation Framework What is IEF? IEF, also known as Instagram Exploitation Framework is as you can tell from the name, it's a exploitatio
alarmer Alarmer is a tool focus on error reporting for your application. Installation pip install alarmer Usage It's simple to integrate alarmer in yo
📚 How to Create a GitHub Portfolio Hi there, I'm Katie! 🙋🏻♀️ This is a fuss-free, simple guide to create your GitHub portfolio. It's perfect for B
Xiaomi Cloud Tokens Extractor This tool/script retrieves tokens for all devices connected to Xiaomi cloud. You will need to provide: username (e-mail
The Bastion Bastions are a cluster of machines used as the unique entry point by operational teams (such as sysadmins, developers, database admins, ..
Awesome-Android-Security Table of Contents Blog How To's Paper Books Course Tools Static Analysis Tools Dynamic Analysis Tools Online APK Analyzers On
Threat intelligence and threat detections This repo contains threat intelligence information and threat detection indicators (IOC, IOA) shared by Swis
Pine64’s BLE602 reverse engineering working group Notes The blobs were compiled using riscv32-unknown-elf-gcc_8.3.0 -march=rv32imfc -mabi=ilp32f -gdwa
Malware/IR-Tools-Resources This Repo contains resource for following: 1] Malware Analysis
2] Threat Hunting
3] Incident Response
4] Threat Intellige
PoLP Fiction Abstract Polp Fiction is an in-house tool developed at Mercadolibre that aims expose metrics of the current situation regarding privilege
Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.
DonPAPI Dumping revelant information on compromised targets without AV detection DPAPI dumping Lots of credentials are protected by DPAPI. We aim at l
ThePhish ThePhish is an automated phishing email analysis tool based on TheHive, Cortex and MISP. It is a web application written in Python 3 and base
FBbypass 403 Bypass 工具参数说明 Options:
-t, --target 目标URL或者目标文件路径
使用例子 python ./FBbypass.py -t http://target.com/target/
python ./FBbypass.p
403Bypasser An burpsuite extension to bypass 403 restricted directory. By using PassiveScan (default enabled), each 403 request will be automatically
C2-JARM A list of JARM hashes for different ssl implementations used by some C2 tools. Also adding other useful red team tools that use ssl (ex: EvilG
ReconTracer A Tool for subdomain scan with other tools ReconTracer Find subdomains by using another amazing sources!. What ReconTracer can do? Actuall
MindAPI Bringing order to API hacking chaos! View Online · Report Bug · Request Feature Table of Contents About The Project Built With Roadmap Contrib
Rotten-Apples macOS codesigning translocation vulnerability. (10.x -> 11.3.1, bandaid fix applied in 11.4) Original article: https://occamsec.com/rott
CVE-2021-22986-Poc This is a Poc for BIGIP iControl unauth RCE POC :~ curl -ksu admin:[redacted] https://192.168.123.134/mgmt/tm/access/bundle-install
