Stuart Gray's repositories
bounty-targets-data
This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports
CMSeeK
CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and 130 other CMSs
nsjail
A light-weight process isolation tool, making use of Linux namespaces and seccomp-bpf syscall filters (with help of the kafel bpf language)
JohnTheRipper
This is the official repo for the Jumbo version of John the Ripper. The "bleeding-jumbo" branch (default) is based on 1.8.0-Jumbo-1 (but we are literally several thousands of commits ahead of it).
tpotce
T-Pot Universal Installer and ISO Creator
glutton
All eating honeypot
django-DefectDojo
DefectDojo is an open-source application vulnerability correlation and security orchestration tool.
dorkbot
Command-line tool to scan Google search results for vulnerabilities
NodeGoat
The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.
SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
find-sec-bugs
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Groovy and Scala projects)
upx
UPX - the Ultimate Packer for eXecutables
whistle
HTTP, HTTP2, HTTPS, Websocket debugging proxy
trilium
Build your personal knowledge base with Trilium Notes
rengine
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with mi
oh-my-zsh
A delightful community-driven (with 1,200+ contributors) framework for managing your zsh configuration. Includes 200+ optional plugins (rails, git, OSX, hub, capistrano, brew, ant, php, python, etc), over 140 themes to spice up your morning, and an auto-update tool so that makes it easy to keep up with the latest updates from the community.
wifite2
Rewrite of the popular wireless network auditor, "wifite" - original source by @derv82 right over
PRET
Printer Exploitation Toolkit - The tool that made dumpster diving obsolete.
tornado
Anonymously Reverse Shell over Tor Network using Hidden services without Portforwarding.
linWinPwn
linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks
uro
declutters url lists for crawling/pentesting
crass
Code Review Audit Script Scanner
Bashark
Bash post exploitation toolkit
DVWA
Damn Vulnerable Web Application (DVWA)
awesome-shell
A curated list of awesome command-line frameworks, toolkits, guides and gizmos. Inspired by awesome-php.
Photon
Incredibly fast crawler designed for OSINT.
XSStrike
Most advanced XSS scanner.
Arjun
HTTP parameter discovery suite.
toriptables3
Tor Iptables script is an anonymizer that sets up iptables and tor to route all services and traffic including DNS through the Tor network.
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF