fthomasella

amass

In-depth attack surface mapping and asset discovery

prowler

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more

wstg

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

ScoutSuite

Multi-Cloud Security Auditing Tool

awesome-shodan-queries

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

lscript

The LAZY script will make your life easier, and of course faster.

pentest-wiki

PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.

phpggc

PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.

awesome-api-security

A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.

OSINT

Collections of tools and methods created to aid in OSINT collection

OSCE3-Complete-Guide

OSWE, OSEP, OSED, OSEE

Checklists

Red Teaming & Pentesting checklists for various engagements

Active-Directory-Exploitation-Cheat-Sheet

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

WebShell

Webshell && Backdoor Collection

Lockdoor-Framework

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

Bug-Bounty-Wordlists

A repository that includes all the important wordlists used while bug hunting.

hash_extender

leaky-paths

A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.

assessment-mindset

Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.

Linux-Privilege-Escalation

This cheatsheet is aimed at the OSCP aspirants to help them understand the various methods of Escalating Privilege on Linux based Machines and CTFs with examples.

CVE-2019-11708

Full exploit chain (CVE-2019-11708 & CVE-2019-9810) against Firefox on Windows 64-bit.

MARA_Framework

MARA is a Mobile Application Reverse engineering and Analysis Framework. It is a toolkit that puts together commonly used mobile application reverse engineering and analysis tools to assist in testing mobile applications against the OWASP mobile security threats.

overlord

Overlord - Red Teaming Infrastructure Automation

Web-Application-Pentest-Checklist

keepnote

Quick and Dirty Penetration Testing Notes

information-security-relatory

Reports from various areas of information security

Books

Free Online Books

securefoundation

Secure components enabling application authentication, secure file storage, app level file-based keychain, and shredding for files on disk

o365creeper-ng

Python script that performs email address validation against Office 365 without submitting login attempts.

pentest-book