rezaduty

Active-Directory-Exploitation-Cheat-Sheet

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

LDAPmonitor

Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!

awesome-api-security

A collection of awesome API Security tools and resources.

awesome-vulnerable

A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.

BBTz

BBT - Bug Bounty Tools

Better-Portfolio-Website-Builder

A portfolio website template that was built targeting developers or business professionals who want to display their work in a clean and visually appealing way. It requires only one json file to setup, provides a perfect score on Google lighthouse audit, SEO friendly, optimized for mobile, easily plugs in to Google Analytics, theming capabilities.

Cobalt-Strike-CheatSheet

Some notes and examples for cobalt strike's functionality

ControlCompass.github.io

Pointing cybersecurity teams to thousands of detection rules and offensive security tests aligned with common attacker techniques

Cronos-Rootkit

Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes, protect and elevate them with token manipulation.

cryptpad

Collaboration suite, end-to-end encrypted and open-source.

dustilock

DustiLock is a tool to find which of your dependencies is susceptible to a Dependency Confusion attack.

erxes

Free and open fair-code licensed all-in-one growth marketing & management software

etcher

Flash OS images to SD cards & USB drives, safely and easily.

ghostinthepdf

Goby

Attack surface mapping

hakrevdns

Small, fast tool for performing reverse DNS lookups en masse.

joern

Open-source code analysis platform for C/C++/Java/Binary/Javascript based on code property graphs

kics

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

mortar

evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)

netspy

netspy是一款快速探测内网可达网段工具

One-Lin3r

Gives you one-liners that aids in penetration testing operations, privilege escalation and more

OVVL-Webapp

phpggc

PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.

semgrep-rules

Semgrep rules registry

SharpGhosting

Process Ghosting in C#

SuperLibrary

Information Security Library

superset

Apache Superset is a Data Visualization and Data Exploration Platform

threat-tools

Tools for simulating threats

WADComs.github.io

WADComs is an interactive cheat sheet, containing a curated list of offensive security tools and their respective commands, to be used against Windows/AD environments.

WitnessMe

Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.