ghostnostic

How-To-Secure-A-Linux-Server

An evolving how-to guide for securing a Linux server.

semgrep

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

httpx

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

ThreatHunter-Playbook

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

axiom

The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!

gau

Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.

dalfox

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

BruteShark

Network Analysis Tool

RE-iOS-Apps

A completely free, open source and online course about Reverse Engineering iOS Applications.

Stowaway

👻Stowaway -- Multi-hop Proxy Tool for pentesters

DefenderCheck

Identifies the bytes that Microsoft Defender flags on.

HUNT

dnsx

dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.

shad0w

A post exploitation framework designed to operate covertly on heavily monitored environments

Awesome-Asset-Discovery

List of Awesome Asset Discovery Resources

C3

Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits.

pwndb

Search for leaked credentials

red-team-scripts

A collection of Red Team focused tools, scripts, and notes

TREVORspray

TREVORspray is a modular password sprayer with threading, clever proxying, loot modules, and more!

Hacking_Tools_Cheat_Sheet

Damn_Vulnerable_C_Program

An example C program which contains vulnerable code for common types of vulnerabilities. It can be used to show fuzzing concepts.

Belati

The Traditional Swiss Army Knife for OSINT

commonspeak2-wordlists

Wordlists that have been compiled using Commonspeak2. This repo is updated every time new wordlists are generated.

LiveTargetsFinder

Generates lists of live hosts and URLs for targeting, automating the usage of MassDNS, Masscan and nmap to filter out unreachable hosts and gather service information

DNSCewl

A DNS Bruteforcing Wordlist Generator

APT06202001

Applied Purple Teaming - (ITOCI4hr) - Infrastructure, Threat Optics, and Continuous Improvement - June 6, 2020

o365creeper

Python script that performs email address validation against Office 365 without submitting login attempts.

pasties

A collection of random bits of information common to many individual penetration tests, red teams, and other assessments

Playbooks

rengine

reNgine is an automated reconnaissance framework meant for gathering information during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information.