geoccifer

developer-roadmap

Interactive roadmaps, guides and other educational content to help developers grow in their careers.

SecLists

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

awesome-pentest

A collection of awesome penetration testing resources, tools and other shiny things

katana

A next-generation crawling and spidering framework.

proxychains-ng

proxychains ng (new generation) - a preloader which hooks calls to sockets in dynamically linked programs and redirects it through one or more socks/http proxies. continuation of the unmaintained proxychains project. the sf.net page is currently not updated, use releases from github release page instead.

security-study-plan

Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...

arsenal

Arsenal is just a quick inventory and launcher for hacking programs

MailSniper

MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can be used as a non-administrative user to search their own email, or by an administrator to search the mailboxes of every user in a domain.

Ethical-Hacking-Labs

Practical Ethical Hacking Labs 🗡🛡

Pentest-Cheat-Sheets

A collection of snippets of codes and commands to make your life easier!

Awesome-Cybersecurity-Handbooks

A huge chunk of my personal notes since I started playing CTFs and working as a Red Teamer.

awesome-industrial-control-system-security

A curated list of resources related to Industrial Control System (ICS) security.

Blue-Team-Notes

You didn't think I'd go and leave the blue team out, right?

MFASweep

A tool for checking if MFA is enabled on multiple Microsoft Services

Cloud-Security-Attacks

Azure and AWS Attacks

TREVORspray

TREVORspray is a modular password sprayer with threading, clever proxying, loot modules, and more!

osintui

OSINT from your favorite services in a friendly terminal user interface - integrations for Virustotal, Shodan, and Censys

AWSome-Pentesting

My cheatsheet notes to pentest AWS infrastructure

TokenTactics

Azure JWT Token Manipulation Toolset

GCTI

Getting-into-InfoSec-and-Cybersecurity

A shorter, less intimidating list of infosec resources helpful for anyone trying to learn.

CVE-2022-40684

A proof of concept exploit for CVE-2022-40684 affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager

PcapMonkey

PcapMonkey will provide an easy way to analyze pcap using the latest version of Suricata and Zeek.

JupyterPen

A Repository dedicated to creating modular and automated penetration testing frameworks utilizing Jupyter Notebooks

cve-2020-1350

Bash Proof-of-Concept (PoC) script to exploit SIGRed (CVE-2020-1350). Achieves Domain Admin on Domain Controllers running Windows Server 2003 up to Windows Server 2019.

jquery

CVE Collection of jQuery XSS Payloads

Fortigate

Extract Useful info from SSL VPN Directory Traversal Vulnerability (FG-IR-18-384)

Log4jShell_Scanner

Python script to tamper with pages to test for Log4J Shell vulnerability.

DataCamp_-_Track_-_Data_Scientist_with_R_-_Course_01_-_Introduction_to_R

Repository of DataCamp's "Introduction to R" course.

open-source-cs

Video discussing this curriculum: