fthomasella

pentest-book

Amass

In-depth Attack Surface Mapping and Asset Discovery

assessment-mindset

Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.

awesome-bugbounty-tools

A curated list of various bug bounty tools

BurpBounty

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that improve an active and passive scanner by yourself. This extension requires Burp Suite Pro.

cloc

cloc counts blank lines, comment lines, and physical lines of source code in many programming languages.

CVE-2019-11708

Full exploit chain (CVE-2019-11708 & CVE-2019-9810) against Firefox on Windows 64-bit.

eslint-plugin-security

ESLint rules for Node Security

evilginx2

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

Firmware_Slap

Discovering vulnerabilities in firmware through concolic analysis and function clustering.

keepnote

Quick and Dirty Penetration Testing Notes

Linux-Privilege-Escalation

This cheatsheet is aimed at the OSCP aspirants to help them understand the various methods of Escalating Privilege on Linux based Machines and CTFs with examples.

lscript

The LAZY script will make your life easier, and of course faster.

MARA_Framework

MARA is a Mobile Application Reverse engineering and Analysis Framework. It is a toolkit that puts together commonly used mobile application reverse engineering and analysis tools to assist in testing mobile applications against the OWASP mobile security threats.

Mobile-Security-Framework-MobSF

Mobile Security Framework is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static analysis, dynamic analysis, malware analysis and web API testing.

nodebestpractices

:white_check_mark: The largest Node.js best practices list (September 2019)

path-auditor

Pentest-Tools

pentest-wiki

PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.

PENTESTING-BIBLE

This repository was created and developed by Ammar Amer @cry__pto Only. Updates to this repository will continue to arrive until the number of links reaches 10000 links & 10000 pdf files .Learn Ethical Hacking and penetration testing .hundreds of ethical hacking & penetration testing & red team & cyber security & computer science resources.

phpggc

PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.

prowler

Prowler is an Open Source security tool to perform cloud security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 240 controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.

randomrepo

Repo for random stuff

ScoutSuite

Multi-Cloud Security Auditing Tool

sshuttle

Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.

SUDO_KILLER

A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo

Toolies

Ad hoc collection of Red Teaming & Active Directory tooling.

validator.js

String validation

WebShell

Webshell && Backdoor Collection

windows-kernel-exploits

windows-kernel-exploits Windows平台提权漏洞集合