imsroot's repositories
SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
lnxhardening
Script de automação para aplicação de hardening de servidores linux, seja para as distribuições da família RHEL ou distribuições baseadas em Debian, tendo por referência o CIS Benchmark.
subowner
SubOwner - A Simple tool check for subdomain takeovers.
SpideyX
SpideyX a multipurpose Web Penetration Testing tool with asynchronous concurrent performance with multiple mode and configurations.
feroxbuster
A fast, simple, recursive content discovery tool written in Rust.
trufflehog
Find, verify, and analyze leaked credentials
misp-training
MISP trainings, threat intel and information sharing training materials with source code
gitleaks
Protect and discover secrets using Gitleaks 🔑
PenetrationTesting_Notes-
My Notes about Penetration Testing
rengine
Rengine
nuclei-templates
Community curated list of templates for the nuclei engine to find security vulnerabilities.
searxng
SearXNG is a free internet metasearch engine which aggregates results from various search services and databases. Users are neither tracked nor profiled.
pdns
PowerDNS Authoritative, PowerDNS Recursor, dnsdist
HardenAD
Hardening Active Directory version 2
PowerDNS-Admin
A PowerDNS web interface with advanced features
Sn1per
Attack Surface Management Platform
KingOfBugBountyTips
Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wish to influence Onelinetips and explain the commands, for the better understanding of new hunters..
httpx
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
bypass-bot-detection
Burp Suite extension that mutates ciphers to bypass TLS-fingerprint based bot detection
BlueDucky
🚨 CVE-2023-45866 - BlueDucky Implementation (Using DuckyScript) 🔓 Unauthenticated Peering Leading to Code Execution (Using HID Keyboard)
gitGraber
gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
psudohash
Generates millions of keyword-based password mutations in seconds.
dnstwist
Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
awesome-lists
Awesome Security lists for SOC/CERT/CTI
ThreatHunting-Keywords-yara-rules
yara detection rules for hunting with the threathunting-keywords project
ThreatHunting-Keywords
Awesome list of keywords and artifacts for Threat Hunting sessions
grpc-pentest-suite
gRPC-Web Pentesting Suite + Burp Suite Extension
trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
tfsec
Tfsec is now part of Trivy
cloudsploit
Cloud Security Posture Management (CSPM)