Security Womble's repositories
age
A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.
Awesome-RCE-techniques
Awesome list of step by step techniques to achieve Remote Code Execution on various apps!
BITB
Browser In The Browser (BITB) Templates
chainsaw
Rapidly Search and Hunt through Windows Event Logs
Coercer
A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 9 methods.
cve
Gather and update all available and newest CVEs with their POC.
CVE-2021-26084_Confluence
Confluence Server Webwork OGNL injection
CVE-2022-26134
Confluence Pre-Auth Remote Code Execution via OGNL Injection (CVE-2022-26134)
DevSecOps
Ultimate DevSecOps library
gophish
Gophish with Malicious Attachment and HTTP redirect support
iris-web
Collaborative Incident Response platform
LOLBAS
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
mailcow-dockerized
mailcow: dockerized - 🐮 + 🐋 = 💕 - we stand with 🇺🇦
malwoverview
Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage and it is able to scan Android devices against VT.
MicroBurst
A collection of scripts for assessing Microsoft Azure security
mvt
MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.
notesnook
A fully open source & end-to-end encrypted note taking alternative to Evernote.
nuclei
Fast and customizable vulnerability scanner based on simple YAML based DSL.
OneListForAll
Rockyou for web fuzzing
PESecurity
PowerShell module to check if a Windows binary (EXE/DLL) has been compiled with ASLR, DEP, SafeSEH, StrongNaming, and Authenticode.
PhishingTemplates
This is a collection of phishing templates and a landing page to be used with goPhish
PowerShell
NetSPI PowerShell Scripts
SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
snapper-gui
GUI for snapper, a tool for Linux filesystem snapshot management, works with btrfs, ext4 and thin-provisioned LVM volumes
SysmonSimulator
Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detections and correlation rules by Blue teams.
terrascan
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
tfsec
Security scanner for your Terraform code
ThreatHunting
This repo is where I store my Threat Hunting ideas/content
turbo-attack
A turbo traffic generator pentesting tool to generate random traffic with random mac and ip addresses in addition to random sequence numbers to a particular ip and port.
unredacter
Never ever ever use pixelation as a redaction technique