Security Panda's starred repositories

PayloadsAllTheThings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Language:PythonLicense:MITStargazers:58270Issues:1810Issues:0

Mobile-Security-Framework-MobSF

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

Language:JavaScriptLicense:GPL-3.0Stargazers:16688Issues:571Issues:1463

opensnitch

OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.

Language:PythonLicense:GPL-3.0Stargazers:9872Issues:199Issues:676

my-arsenal-of-aws-security-tools

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

Language:ShellLicense:Apache-2.0Stargazers:8806Issues:392Issues:33

ctf-tools

Some setup scripts for security research tools.

Language:ShellLicense:BSD-3-ClauseStargazers:8271Issues:296Issues:49

public-pentesting-reports

A list of public penetration test reports published by several consulting firms and academic security groups.

DependencyCheck

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

Language:JavaLicense:Apache-2.0Stargazers:6130Issues:178Issues:4474

Awesome-WAF

🔥 Web-application firewalls (WAFs) from security standpoint.

Language:PythonLicense:Apache-2.0Stargazers:6048Issues:258Issues:6

pacu

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

Language:PythonLicense:BSD-3-ClauseStargazers:4185Issues:109Issues:123

flan

A pretty sweet vulnerability scanner

Language:PythonLicense:BSD-3-ClauseStargazers:4039Issues:67Issues:41

TinyCheck

TinyCheck allows you to easily capture network communications from a smartphone or any device which can be associated to a Wi-Fi access point in order to quickly analyze them. This can be used to check if any suspect or malicious communication is outgoing from a smartphone, by using heuristics or specific Indicators of Compromise (IoCs). In order to make it working, you need a computer with a Debian-like operating system and two Wi-Fi interfaces. The best choice is to use a Raspberry Pi (2+) a Wi-Fi dongle and a small touch screen. This tiny configuration (for less than $50) allows you to tap any Wi-Fi device, anywhere.

Language:PythonLicense:Apache-2.0Stargazers:3057Issues:81Issues:84

awesome-mobile-security

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

nmapAutomator

A script that you can run in the background!

Language:ShellLicense:MITStargazers:2630Issues:76Issues:53

Reconnoitre

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

Language:PythonLicense:GPL-3.0Stargazers:2084Issues:89Issues:53

boofuzz

A fork and successor of the Sulley Fuzzing Framework

Language:PythonLicense:GPL-2.0Stargazers:1988Issues:53Issues:258

Hacking-with-Go

Golang for Security Professionals

Language:GoLicense:GPL-3.0Stargazers:1774Issues:63Issues:5

xvwa

XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.

Language:PHPLicense:GPL-3.0Stargazers:1672Issues:81Issues:21

dockerscan

Docker security analysis & hacking tools

Language:PythonLicense:NOASSERTIONStargazers:1334Issues:66Issues:13

qsym

QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing

Language:C++License:NOASSERTIONStargazers:626Issues:26Issues:85

awesome-python-talks

:clapper: :mortar_board: An opinionated list of awesome videos related to Python, with a focus on training and gaining hands-on experience.

Language:ShellLicense:CC0-1.0Stargazers:504Issues:38Issues:0

domxsswiki

Automatically exported from code.google.com/p/domxsswiki

nessrest

A python library for using the new Nessus REST API.

Language:PythonLicense:NOASSERTIONStargazers:388Issues:54Issues:63

Susanoo

A REST API security testing framework.

Language:PythonLicense:MITStargazers:324Issues:16Issues:1

phishing-frenzy-templates

Phishing Scenarios Used for Phishing Frenzy

which-cloud

given an ip address, return which cloud provider it belongs to (AWS, GCE, etc)

Language:JavaScriptLicense:ISCStargazers:139Issues:6Issues:9

dependency-check-py

:closed_lock_with_key: Shim to easily install OWASP dependency-check-cli into Python projects

Language:PythonLicense:Apache-2.0Stargazers:49Issues:4Issues:10

HandyHeaderHacker

Examine HTTP response headers for common security issues

Language:PythonLicense:GPL-3.0Stargazers:39Issues:7Issues:4

cloud-metadata-services

List of metadata service endpoints for different cloud providers for your pentesting needs.

defcon26

DEFCON-26 Workshop Lab Exercises

Language:HTMLLicense:MITStargazers:12Issues:6Issues:0