m0chan

followers

following

stars

m0chan's starred repositories

LaZagne

Credentials recovery project

Language:PythonLGPL-3.09201 414 466

my-arsenal-of-aws-security-tools

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

Language:ShellApache-2.08764 392 33

ScoutSuite

Multi-Cloud Security Auditing Tool

Language:PythonGPL-2.06272 128 852

cve

Gather and update all available and newest CVEs with their PoC.

Language:HTMLMIT6198 322 50

GOAD

game of active directory

Language:PowerShellGPL-3.04525 74 165

deepdarkCTI

Collection of Cyber Threat Intelligence sources from the deep and dark web

GPL-3.03970 202 43

Snaffler

a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax )

Language:C#GPL-3.01874 25 52

medusa

Binary instrumentation framework based on FRIDA

Language:PythonGPL-3.01459 45 44

cloudproxy

Hide your scrapers IP behind the cloud. Provision proxy servers across different cloud providers to improve your scraping success.

Language:PythonMIT1368 19 32

crowbar

Crowbar is brute forcing tool that can be used during penetration tests. It is developed to support protocols that are not currently supported by thc-hydra and other popular brute forcing tools.

Language:PythonMIT1324 65 52

Phishing.Database

Phishing Domains, urls websites and threats database. We use the PyFunceble testing tool to validate the status of all known Phishing domains and provide stats to reveal how many unique domains used for Phishing are still active.

Language:ShellMIT1056 42 806

wsgidav

A generic and extendable WebDAV server based on WSGI

Language:PythonMIT822 22 182

TokenTactics

Azure JWT Token Manipulation Toolset

Language:PowerShellBSD-3-Clause555 14 5

azucar

Security auditing tool for Azure environments

Language:PowerShellAGPL-3.0550 34 22

UltimateWDACBypassList

A centralized resource for previously documented WDAC bypass techniques

GraphSpy

Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI

Language:HTMLBSD-3-Clause434 70

XSS-Bypass-Filters

jwt-pwn

Security Testing Scripts for JWT

Language:PythonMIT299 10 6

gocheck

Because AV evasion should be easy.

Language:Go234 2 2

SnaffPoint

A tool for pointesters to find candies in SharePoint

Language:C#MIT214 3 2

phishing_kits

Exposing phishing kits seen from phishunt.io

mergen

Mergen is an open-source, native macOS application for auditing and checking the security of your MacOS.

Language:SwiftMIT147 3 11

CVE-2024-3400

CVE-2024-3400 Palo Alto OS Command Injection

macos_hardening

This is a macOS hardening to read or set security configuration.

Language:ShellAGPL-3.0108 6 2

SAP-Security-Audit

Training course materials and notes related to SAP security audit and penetration testing

PMapper

A tool for quickly evaluating IAM permissions in AWS.

Language:PythonAGPL-3.05300

SprayCannon

Fast multithreaded multiplatform password spraying tool designed for easy use. Supports webhooks, jitter, delay, files, rotation, backend database

Language:CrystalGPL-3.033 2 1

SAPKiln

OWASP SAPKiln is a graphical user interface (GUI) tool designed to facilitate securing and auditing SAP systems effectively.

Language:PythonMIT1900

PingFederateSpray

Ping Federate Spray Passwords

Language:Python100