Nash N Sulthan's repositories
Security-Tool-Chest
A list of useful security and obvescation tools useful for red and blue teaming activities. A list made possible by the provided references.
AD-Attack-Defense
Attack and defend active directory using modern post exploitation adversary tradecraft activity
ADRecon
ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.
API-Security-Checklist
Checklist of the most important security countermeasures when designing, testing, and releasing your API
awesome-pentest-cheat-sheets
Collection of the cheat sheets useful for pentesting
Chrome-Android-and-Windows-0day-RCE-SBX
Chrome Android and Windows 0day RCE+SBX.. DPRK
CloudFail
Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network
Drupalgeddon2
Exploit for Drupal v7.x + v8.x (Drupalgeddon 2 / CVE-2018-7600 / SA-CORE-2018-002)
festin
FestIn - S3 Bucket Weakness Discovery
hacker-roadmap
:pushpin: A guide for amateurs pen testers and a collection of hacking tools, resources and references to practice ethical hacking, pen testing and web security.
LeakLooker
Find open databases - Powered by Binaryedge.io
linux-smart-enumeration
Linux enumeration tool for pentesting and CTFs with verbosity levels
Mythic
A collaborative, multi-platform, red teaming framework
Name-That-Hash
🔗 Don't know what type of hash it is? Name That Hash will name that hash type! 🤖 Identify MD5, SHA256 and 3000+ other hashes ☄ Comes with a neat web app 🔥
One-Lin3r
Gives you one-liners that aids in penetration testing operations, privilege escalation and more
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
pentest-wiki
PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.
pythem
pentest framework
shad0w
A post exploitation framework designed to operate covertly on heavily monitored environments
SILENTTRINITY
An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR
SSRF-Testing
SSRF (Server Side Request Forgery) testing resources
theHarvester
E-mails, subdomains and names Harvester - OSINT
trape
⚡️People tracker on the Internet: OSINT analysis and research tool by Jose Pino
Vxscan
python3写的综合扫描工具,主要用来敏感文件探测(目录扫描与js泄露接口),WAF/CDN识别,端口扫描,指纹/服务识别,操作系统识别,弱口令探测,POC扫描,SQL注入,绕过CDN,查询旁站等功能,主要用来甲方自测或乙方授权测试,请勿用来搞破坏。
wafw00f
WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.
www-chapter-kerala
OWASP Foundation Web Repository for OWASP Kerala Chapter