CSbyGB

VulnDB

Vulnerability Database

firmwareXtraction

Leveraging UART, SPI and JTAG for firmware extraction

jwt_tool

:snake: A toolkit for testing, tweaking and cracking JSON Web Tokens

concierge

Repo for Concierge AI dev work

stalker

Stalker, the Extensible Attack Surface Management tool.

SecLists

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

toybox

toybox

pen-testing-findings

A collection of Active Directory, phishing, mobile technology, system, service, web application, and wireless technology weaknesses that may be discovered during a penetration test.

sparty

Sparty - MS Sharepoint and Frontpage Auditing Tool

sparty

Sparty - MS Sharepoint and Frontpage Auditing Tool [Unofficial]

Sparty-2.0

An MS Sharepoint and Frontpage Auditing Tool

SSH-Snake

SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.

pentest-bookmarks

a collection of handy bookmarks

OWASP-VWAD

The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.

nuclei-templates

Community curated list of templates for the nuclei engine to find security vulnerabilities.

dockerized-ansible-lab

Simple playbook to create a lab for learning ansible based in containers

ansible-kali-everlearning

ansible-kali-everlearning rebase

nim-mitm-proxy

Small http proxy implementation, to learn

clusterd

application server attack toolkit

websocat

Command-line client for WebSockets, like netcat (or curl) for ws:// with advanced socat-like functions

awesome-websocket-security

Awesome information for WebSockets security research

WebSockets-Playground

Jumpstart multiple WebSocket servers quickly

SecureCodingDojo

The Secure Coding Dojo is a platform for delivering secure coding knowledge.

Mindmaps

Azure mindmap for penetration tests

BChecks

BChecks to use within Burp Suite

GraphRunner

A Post-exploitation Toolset for Interacting with the Microsoft Graph API

AnalyseDynamiqueModulesKernel

Atelier Analyse dynamique de modules de kernel Windows NSEC 2023

dive

A tool for exploring each layer in a docker image

Prox-Ez

ParamSpider

Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing