irgoncalves

smbclient_cheatsheet

Useful commands/tricks using smbclient/nmap in a pentesting/auditing/redteaming

awesome-security-articles

This repository contains links to awesome security articles.

ms17-010

This contains a bundle with an executable to exploit ms17-010 remote or locally. It does not require Python.

f5-waf-enforce-sig-Spring4Shell

This enforces F5 WAF signatures for Spring4Shell and Spring Cloud vulnerabilities across all policies on a BIG-IP ASM device

f5-waf-enforce-sig-CVE-2021-44228

This enforces signatures for CVE-2021-44228 across all policies on a BIG-IP ASM device

gcp_security

Google Cloud Platform Security

jwtbf

Simple script to brute force JWT token signature

slowdos_detector

slowdos_detector is Python tool to detect Slow HTTP DoS Attack (GET and POST) on pcap files.

f5-asm-ip-exception-bulk-add

aws-signing-for-owasp-zap

A ZAP Help Add-On Script for signing requests to AWS

f5-waf-quick-patch-cve-2021-44228

This tool creates a custom signature set on F5 WAF and apply to policies in blocking mode

make-htdigest

This simple tool creates username/password combination for HTTP Digest Authentication. It can be used for password lookup during password auditing/assessment/pen-testing for WildFly / JBoss / Apache.

Awesome-WAF

🔥 Everything awesome about web-application firewalls (WAF).

irule-cve-2022-22965

barracuda-user-enum-exploit

Barracuda Platform (NGFW and ADC) brute force user enum using side channel

bugbounty-scans

aquatone results for sites with bug bountys

community-scripts

A collection of ZAP scripts provided by the community - pull requests very welcome!

container-security-checklist

Checklist for container security - devsecops practices

cryptonice

CryptoNice is both a command line tool and library which provides the ability to scan and report on the configuration of SSL/TLS for your internet or internal facing web services. Built using the sslyze API and ssl, http-client and dns libraries, cryptonice collects data on a given domain and performs a series of tests to check TLS configuration and supporting protocols such as HTTP2 and DNS.

f5-distributed-cloud-labs-101

Introduction to Volterra lab environment

f5-waf-quick-view

F5 Adv. WAF/ASM policies quick view.

f5-waf-tester

Web Application Firewall Security Testing Tool

f5_terraform

Terraform deployments for BIG-IP in public cloud environments (AWS, Azure, Google). F5 Automation Toolchain is used for easier device and app configuration.

open-source-web-scanners

A list of open source web security scanners

search

Search is a simple text search to look for various words within files on a give folder.

tempo

Username Enumeration tool using Side-Channel (Timing) over HTTP

terraform-gcp-bigip-module

Terraform module for Deploying BIG-IP in GCP

wstg

The Web Security Testing Guide is a comprehensive open source guide to testing the security of web applications and web services.