0x90n

nuclei

Fast and customizable vulnerability scanner based on simple YAML based DSL.

trufflehog

Find and verify secrets

axiom

The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!

Android-PIN-Bruteforce

Unlock an Android phone (or device) by bruteforcing the lockscreen PIN. Turn your Kali Nethunter phone into a bruteforce PIN cracker for Android devices! (no root, no adb)

gau

Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.

waybackurls

Fetch all the URLs that the Wayback Machine knows about for a domain

CloudPentestCheatsheets

This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage cloud providers.

cloudgoat

CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool

Snaffler

a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax )

ROADtools

A collection of Azure AD/Entra tools for offensive and defensive security purposes

pi-pwnbox-rogueap

Homemade Pwnbox :rocket: / Rogue AP :satellite: based on Raspberry Pi — WiFi Hacking Cheatsheets + MindMap :bulb:

Stormspotter

Azure Red Team tool for graphing Azure and Azure Active Directory objects

PowerZure

PowerShell framework to assess Azure security

Telepathy-Community

Public release of Telepathy, an OSINT toolkit for investigating Telegram chats.

DroneSecurity

DroneSecurity (NDSS 2023)

PowerMeta

PowerMeta searches for publicly available files hosted on various websites for a particular domain by using specially crafted Google, and Bing searches. It then allows for the download of those files from the target domain. After retrieving the files, the metadata associated with them can be analyzed by PowerMeta. Some interesting things commonly found in metadata are usernames, domains, software titles, and computer names.

RFCrack

A Software Defined Radio Attack Tool

GCP-IAM-Privilege-Escalation

A collection of GCP IAM privilege escalation methods documented by the Rhino Security Labs team.

CIAJeepDoors

dufflebag

Search exposed EBS volumes for secrets

awesome-sec-s3

A collection of awesome AWS S3 tools that collects and enumerates exposed S3 buckets

DroneXtract

DroneXtract is a digital forensics suite for DJI drones 🔍. Analyze sensor values, visualize flight maps, and audit for criminal activity 🗺

RVD

Robot Vulnerability Database. An archive of robot vulnerabilities and bugs.

Web3

This is where we dump all the web 3 infromation

Red-Team-OPS-Modern-Adversary

actions-secrets

Adding this GitHub Action will scan your repository for sensitive data in your source code. We find things like passwords, server host strings, API keys, .env and config files and more

actions-exposure

A GitHub Action that scans your public web applications after every deployment. Add this to your dev, staging and prod steps and SecureStack will make sure that what you've just deployed is secure and meets your requirements.

actions-code

A GitHub Action for using SecureStack to analyse a repository codebase for vulnerabilities in library dependencies (software composition analysis).

grayhat

Python library for grayhatwarfare.com with small hacks

dji-nfz-tracker

Tracking DJI No Fly Zones