OuiSouss

PayloadsAllTheThings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

SecLists

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

CheatSheetSeries

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

chisel

A fast TCP/UDP tunnel over HTTP

wpscan

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com

CrackMapExec

A swiss army knife for pentesting networks

fuzzdb

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

commando-vm

Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@mandiant.com

flare-vm

A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.

xss-payload-list

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

sql-injection-payload-list

🎯 SQL Injection Payload List

lsassy

Extract credentials from lsass remotely

PetitPotam

PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.

alloy

OpenTelemetry Collector distribution with programmable pipelines

SharpGPOAbuse

SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.

KeeThief

Methods for attacking KeePass 2.X databases, including extracting of encryption key material from memory.

spoofcheck

Simple script that checks a domain for email protections

pyGPOAbuse

Partial python implementation of SharpGPOAbuse

eos

Enemies Of Symfony - Debug mode Symfony looter

explore-logs

Repo for the Loki log exploration app

sprayhound

Password spraying tool and Bloodhound integration

netgrph

Models IP networks in the Neo4j Graph Database for network automation and troubleshooting.

cag

Crypto Audit Guidelines

netstat2neo4j

create cypher create statements for neo4j out of netstat files from multiple machines

EMVerify

A Tamarin model and analysis of EMV

dns-monitoring-scripts

Simple shell scripts for DNS and DNSSEC monitoring

ShareLocks

utdon

Self-hosted web application to monitor the obsolescence of your FOSS applications in production. UptoDateOrNot ???

EMVerify-PAN-routing

A Tamarin model and analysis of EMV contactless

blackhole

Routage vers trou noir piloté à distance. Construction d'une application web.