bradcausey-zz's starred repositories

owasp-mastg

The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).

Language:PythonLicense:CC-BY-SA-4.0Stargazers:11486Issues:430Issues:1086

checkov

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

Language:PythonLicense:Apache-2.0Stargazers:6773Issues:61Issues:1768

PRET

Printer Exploitation Toolkit - The tool that made dumpster diving obsolete.

Language:PythonLicense:GPL-2.0Stargazers:3823Issues:198Issues:69

container.training

Slides and code samples for training, tutorials, and workshops about Docker, containers, and Kubernetes.

Language:ShellLicense:NOASSERTIONStargazers:3579Issues:133Issues:93

powercat

netshell features all in version 2 powershell

Language:PowerShellLicense:Apache-2.0Stargazers:2094Issues:87Issues:23

PacketStreamer

:star: :star: Distributed tcpdump for cloud native environments :star: :star:

Language:GoLicense:Apache-2.0Stargazers:1864Issues:13Issues:15

mentalist

Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output the full wordlist as well as rules compatible with Hashcat and John the Ripper.

Language:PythonLicense:MITStargazers:1761Issues:42Issues:28

KrbRelayUp

KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).

Language:PythonLicense:Apache-2.0Stargazers:1372Issues:67Issues:14

VECTR

VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios

passphrase-wordlist

Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

Language:PythonLicense:MITStargazers:1177Issues:38Issues:5

stackrox

The StackRox Kubernetes Security Platform performs a risk analysis of the container environment, delivers visibility and runtime alerts, and provides recommendations to proactively improve security by hardening the environment.

Language:GoLicense:Apache-2.0Stargazers:1090Issues:29Issues:190

Security-Research

Exploits written by the Rhino Security Labs team

Language:PythonLicense:BSD-3-ClauseStargazers:1048Issues:62Issues:14

TREVORspray

TREVORspray is a modular password sprayer with threading, clever proxying, loot modules, and more!

Language:PythonLicense:GPL-3.0Stargazers:995Issues:17Issues:28

DPAT

Domain Password Audit Tool for Pentesters

Language:PythonLicense:MITStargazers:882Issues:50Issues:12

python-pty-shells

Python PTY backdoors - full PTY or nothing!

Language:PythonLicense:WTFPLStargazers:734Issues:33Issues:3

o365spray

Username enumeration and password spraying tool aimed at Microsoft O365.

Language:PythonLicense:MITStargazers:713Issues:8Issues:13

PurplePanda

Identify privilege escalation paths within and across different clouds

Language:PythonLicense:NOASSERTIONStargazers:649Issues:8Issues:6

GoMapEnum

User enumeration and password bruteforce on Azure, ADFS, OWA, O365, Teams and gather emails on Linkedin

Language:GoLicense:GPL-3.0Stargazers:418Issues:14Issues:7

frostbyte

FrostByte is a POC project that combines different defense evasion techniques to build better redteam payloads

cis-benchmarks-audit

Simple command line tool to check for compliance against CIS Benchmarks

Language:PythonLicense:NOASSERTIONStargazers:241Issues:12Issues:39

Jbin-website-secret-scraper

Jbin will gather all the URLs from the website and then it will try to expose the secret data from them such as API keys, API secrets, API tokens and many other juicy information.

SharpExfiltrate

Modular C# framework to exfiltrate loot over secure and trusted channels.

Language:C#Stargazers:121Issues:3Issues:0

amazon-linux-cis

Bootstrap script for Amazon Linux to comply CIS Amazon Linux Benchmark v2.0.0

Language:PythonLicense:MITStargazers:58Issues:9Issues:8
Language:PowerShellStargazers:53Issues:5Issues:0

MimeSpray

MimeCast Password Spraying Tool

Language:PythonLicense:BSD-3-ClauseStargazers:44Issues:0Issues:0

burpsuite-copy-as-xmlhttprequest

Copy as XMLHttpRequest BurpSuite extension

Language:JavaLicense:MITStargazers:31Issues:3Issues:0

pyndiff

Generate human-readable ndiff output when comparing 2 Nmap XML scan files

Language:PythonLicense:Apache-2.0Stargazers:7Issues:2Issues:0

Cheatsheet-God

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

Stargazers:3Issues:0Issues:0