b1ackmartian

DevSecOps-Playbook

This is a step-by-step guide to implementing a DevSecOps program for any size organization

securing-the-cloud-supplemental

Supplemental templates for securing the cloud.

cve

Gather and update all available and newest CVEs with their PoC.

aws-security-assessment-solution

An AWS tool to help you create a point in time assessment of your AWS account using Prowler.

Go

Algorithms and Data Structures implemented in Go for beginners, following best practices.

black-hat-rust

Applied offensive security with Rust - https://kerkour.com/black-hat-rust

my-arsenal-of-aws-security-tools

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

Dorks-collections-list

List of Github repositories and articles with list of dorks for different search engines

puredns

Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.

openapi-fuzzer

Black-box fuzzer that fuzzes APIs based on OpenAPI specification. Find bugs for free!

vulhub

Pre-Built Vulnerable Environments Based on Docker-Compose

awesome-go-security

A dedicated place for cool golang security projects

nocode

The best way to write secure and reliable applications. Write nothing; deploy nowhere.

sliver

Adversary Emulation Framework

rita-legacy

Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.

linux-smart-enumeration

Linux enumeration tool for pentesting and CTFs with verbosity levels

rsg

ReverShellGenerator - A tool to generate various ways to do a reverse shell

resources

Tools, data, and contact lists relevant to The disclose.io Project.

cyber-ops-with-bash

Script repository for the book Cybersecurity Ops with bash

dockerfile

Dockerfile best-practices for writing production-worthy Docker images.

GHunt

🕵️‍♂️ Offensive Google framework.

slipstream

NAT Slipstreaming allows an attacker to remotely access any TCP/UDP services bound to a victim machine, bypassing the victim’s NAT/firewall, just by anyone on the victim's network visiting a website

red_team_tool_countermeasures

egresscheck-framework

Used to check for TCP and UDP egress filtering on both windows and unix client systems

PacketWhisper

PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.

ffuf

Fast web fuzzer written in Go

cupp

Common User Passwords Profiler (CUPP)

SecLists

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

PayloadsAllTheThings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

AutoRecon

AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.