Alaa's starred repositories
entraid-bench
Microsoft Entra ID Security Assessment Tool
AutomatedEmulation
An automated Breach and Attack Simulation lab with terraform. Built for IaC stability, consistency, and speed.
Terrapin-Scanner
This repository contains a simple vulnerability scanner for the Terrapin attack present in the paper "Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation".
react-covid-19
This application represents the data of COVID-19 pandemic of all the countries in the world. It is built with React Hooks, Material UI and Chart.JS.
aws-eks-best-practices
A best practices guide for day 2 operations, including operational excellence, security, reliability, performance efficiency, and cost optimization.
prowler
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
Firefox-WebInject
Firefox webInjector capable of injecting codes into webpages using a mitmproxy.
Firefox-Grabber
Grab Firefox post requests by hooking PR_Write function from nss3.dll module using trampoline hook to get passwords and emails of users
hackerone-reports
Top disclosed reports from HackerOne
api-gateway-lamdba-dynamodb
Terraform managed API Gateway, Lambda, DynamoDB serving web app
API-Security
OWASP API Security Project
Awesome-CloudSec-Labs
Awesome free cloud native security learning labs. Includes CTF, self-hosted workshops, guided vulnerability labs, and research labs.
PentestGPT
A GPT-empowered penetration testing tool
chatgpt-prompts-bug-bounty
ChatGPT Prompts for Bug Bounty & Pentesting
can-i-take-over-xyz
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
cis-vsphere
A tool to assess the compliance of a VMware vSphere environment against the CIS Benchmark.
TCM-Security-Sample-Pentest-Report
Sample pentest report provided by TCM Security
focalboard
Focalboard is an open source, self-hosted alternative to Trello, Notion, and Asana.
attack-flow
Attack Flow helps executives, SOC managers, and defenders easily understand how attackers compose ATT&CK techniques into attacks by developing a representation of attack flows, modeling attack flows for a small corpus of incidents, and creating visualization tools to display attack flows.