sanjogpandasp

CrackVNC

This is a poc code which I wrote to crack the VNC password of TightVNC.

dollhouse

GCP audit and Incident response framework

OS-Hardening

Few custom scripts related to OS hardening

vulnreport

Open-source pentesting management and automation platform by Salesforce Product Security

WebFundamentals

Best practices for modern web development

art-of-packet-crafting-with-scapy

Online notes for this workshop is available at -

awesome-go

A curated list of awesome Go frameworks, libraries and software

blackhat-arsenal-tools

Official Black Hat Arsenal Security Tools Repository

bounty-targets-data

This repo contains hourly-updated data dumps of Hackerone/Bugcrowd scopes that are eligible for reports

build-your-own-radar

A library that generates an interactive radar, inspired by http://thoughtworks.com/radar/

cfngoat

Cfngoat is Bridgecrew's "Vulnerable by Design" Cloudformation repository. Cfngoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.

CTFd

CTFs as you need them

design-thinking-intro

forsetiVisual

[WIP] Visualisation for forseti in Kibana

gitleaks

Scan git repos for secrets using regex and entropy 🔑

hakrevdns

Small, fast tool for performing reverse DNS lookups en masse.

hayat

Google Cloud Platform ~ Auditing & Hardening Script

keyhacks

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

LinEnum

Scripted Local Linux Enumeration & Privilege Escalation Checks

owasp-mstg

The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security testing and reverse engineering.

PayloadsAllTheThings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

proctor

A Developer-Friendly Automation Orchestrator

race-the-web

Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.

recon-pipeline

An automated target reconnaissance pipeline.

redash

Make Your Company Data Driven. Connect to any data source, easily visualize and share your data.

SecLists

SecLists is the security tester's companion. It is a collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more.

smashing

The exceptionally handsome dashboard framework in Ruby and Coffeescript.

Susanoo

A REST API security testing framework.

virtual-host-discovery

A script to enumerate virtual hosts on a server.

xless

The Serverless Blind XSS App