Fernando's starred repositories
prowler
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
ScoutSuite
Multi-Cloud Security Auditing Tool
awesome-shodan-queries
🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
pentest-wiki
PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.
awesome-api-security
A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.
OSCE3-Complete-Guide
OSWE, OSEP, OSED, OSEE
Checklists
Red Teaming & Pentesting checklists for various engagements
Active-Directory-Exploitation-Cheat-Sheet
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
Lockdoor-Framework
🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
Bug-Bounty-Wordlists
A repository that includes all the important wordlists used while bug hunting.
leaky-paths
A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
assessment-mindset
Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.
Linux-Privilege-Escalation
This cheatsheet is aimed at the OSCP aspirants to help them understand the various methods of Escalating Privilege on Linux based Machines and CTFs with examples.
CVE-2019-11708
Full exploit chain (CVE-2019-11708 & CVE-2019-9810) against Firefox on Windows 64-bit.
MARA_Framework
MARA is a Mobile Application Reverse engineering and Analysis Framework. It is a toolkit that puts together commonly used mobile application reverse engineering and analysis tools to assist in testing mobile applications against the OWASP mobile security threats.
information-security-relatory
Reports from various areas of information security
securefoundation
Secure components enabling application authentication, secure file storage, app level file-based keychain, and shredding for files on disk
o365creeper-ng
Python script that performs email address validation against Office 365 without submitting login attempts.