profmoriarity

vulnado

Purposely vulnerable Java application to help lead secure coding workshops

s3Forcer

Multi-threaded S3 Bucket brute forcer

targets

rengine

reNgine is an automated reconnaissance framework meant for gathering information during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information.

static

test-repo

resolvers

profmoriarity.github.io

semgrep-wrapper

The purpose of this tool is to run semgrep and generate HTML templates. Semgrep has no option to produce HTML reports all by itself.

scripts

scripts

Seth

Perform a MitM attack and extract clear text credentials from RDP connections

strobes-api-client

strobes-deployment-example

Osmedeus

Fully automated offensive security framework for reconnaissance and vulnerability scanning

TOOLS-SETUP

rexsser

This is a burp plugin that extracts keywords from response using regexes and test for reflected XSS on the target scope.

BurpSuite-Secret_Finder

Burp Suite extension to discover apikeys/accesstokens and sensitive data from HTTP response.

Cronicle

A simple, distributed task scheduler and runner with a web based UI.

SecLists

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

PowerSploit

PowerSploit - A PowerShell Post-Exploitation Framework

wfuxx

web-based-fuzzer

lists

lists

js-link-finder

Burp Extension for a passive scanning JS files for endpoint links.