Lelio Costa's repositories
presentations
Some presentations i've made so far.
Awesome-Red-Teaming
List of Awesome Red Teaming Resources
awesome-vulnerable
A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.
CheatSheetSeries
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
cipherscan
A very simple way to find out which SSL ciphersuites are supported by a target.
CyberChef
The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
DevSecOpsGuideline
The OWASP DevSecOps Guideline can help us to embedding security as a part of the development pipeline.
giskard
🐢 Open-Source Evaluation & Testing for LLMs and ML models
obs-studio
OBS Studio - Free and open source software for live streaming and screen recording
RedTeaming-Tactics-and-Techniques
Red Teaming Tactics and Techniques
hoppscotch
Open source API development ecosystem - https://hoppscotch.io (open-source alternative to Postman, Insomnia)
mitmproxy
An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
Nettacker
Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
offsec-tools
Compiled tools for internal assessments
owasp-mastg
The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
public-pentesting-reports
A list of public penetration test reports published by several consulting firms and academic security groups.
pwntools
CTF framework and exploit development library
PyRIT
The Python Risk Identification Tool for generative AI (PyRIT) is an open access automation framework to empower security professionals and machine learning engineers to proactively find risks in their generative AI systems.
Red-Team-Tools
Repo containing cracked red teaming tools.
red-toolkit
A toolkit for your red team operations
RedTeam-Tools
Tools and Techniques for Red Team / Penetration Testing
Sandman
Sandman is a NTP based backdoor for red team engagements in hardened networks.
theHarvester
E-mails, subdomains and names Harvester - OSINT
tls-scan
An Internet scale, blazing fast SSL/TLS scanner ( non-blocking, event-driven )
Top10
Official OWASP Top 10 Document Repository
Venom
Venom is a library that meant to perform evasive communication using stolen browser socket
WhatWeb
Next generation web scanner