OC-M's repositories
asn
ASN / RPKI validity / BGP stats / IPv4v6 / Prefix / URL / ASPath / Organization / IP reputation / IP geolocation / IP fingerprinting / Network recon / lookup API server / Web traceroute server
BeRoot
Privilege Escalation Project - Windows / Linux / Mac
cloudsploit
Cloud Security Posture Management (CSPM)
cupp
Common User Passwords Profiler (CUPP)
DVWA
Damn Vulnerable Web Application (DVWA)
EyeWitness
EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
GitHacker
🕷️ A Git source leak exploit tool that restores the entire Git repository, including data from stash, for white-box auditing and analysis of developers' mind
goproxy
🔥 Proxy is a high performance HTTP(S) proxies, SOCKS5 proxies,WEBSOCKET, TCP, UDP proxy server implemented by golang. Now, it supports chain-style proxies,nat forwarding in different lan,TCP/UDP port forwarding, SSH forwarding.Proxy是golang实现的高性能http,https,websocket,tcp,socks5代理服务器,支持内网穿透,链式代理,通讯加密,智能HTTP,SOCKS5代理,黑白名单,限速,限流量,限连接数,跨平台,KCP支持,认证API。
Goreport
A Python script to collect campaign data from Gophish and generate a report
gowitness
🔍 gowitness - a golang, web screenshot utility using Chrome Headless
Incident-Response-Armoury
A curated list of tools for incident response.
kubeaudit
kubeaudit helps you audit your Kubernetes clusters against common security controls
Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
monkey365
Monkey365 provides a tool for security consultants to easily conduct not only Microsoft 365, but also Azure subscriptions and Azure Active Directory security configuration reviews.
Objection
📱 objection - runtime mobile exploration
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
PowerZure
PowerShell framework to assess Azure security
purple-team-exercise-framework
Purple Team Exercise Framework
pwnedOrNot
OSINT Tool for Finding Passwords of Compromised Email Addresses
QuickBuck
Ransomware simulator written in Golang
rbac-police
Evaluate the RBAC permissions of Kubernetes identities through policies written in Rego
Responder
Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
ScoutSuite
Multi-Cloud Security Auditing Tool
SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
SpiderFoot-OSINT
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
Testssl.sh
Testing TLS/SSL encryption anywhere on any port
thc-hydra
hydra
Whois-check
Bash script which performs checks for domain name availability.
wifiphisher
The Rogue Access Point Framework