Security Panda's starred repositories

PayloadsAllTheThings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Language:PythonLicense:MITStargazers:58771Issues:1814Issues:0

Mobile-Security-Framework-MobSF

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

Language:JavaScriptLicense:GPL-3.0Stargazers:16824Issues:574Issues:1473

opensnitch

OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.

Language:PythonLicense:GPL-3.0Stargazers:9949Issues:201Issues:680

my-arsenal-of-aws-security-tools

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

Language:ShellLicense:Apache-2.0Stargazers:8834Issues:393Issues:33

ctf-tools

Some setup scripts for security research tools.

Language:ShellLicense:BSD-3-ClauseStargazers:8314Issues:296Issues:49

public-pentesting-reports

A list of public penetration test reports published by several consulting firms and academic security groups.

DependencyCheck

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

Language:JavaLicense:Apache-2.0Stargazers:6212Issues:180Issues:4523

Awesome-WAF

🔥 Web-application firewalls (WAFs) from security standpoint.

Language:PythonLicense:Apache-2.0Stargazers:6111Issues:259Issues:6

pacu

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

Language:PythonLicense:BSD-3-ClauseStargazers:4221Issues:109Issues:126

flan

A pretty sweet vulnerability scanner

Language:PythonLicense:BSD-3-ClauseStargazers:4040Issues:68Issues:41

TinyCheck

TinyCheck allows you to easily capture network communications from a smartphone or any device which can be associated to a Wi-Fi access point in order to quickly analyze them. This can be used to check if any suspect or malicious communication is outgoing from a smartphone, by using heuristics or specific Indicators of Compromise (IoCs). In order to make it working, you need a computer with a Debian-like operating system and two Wi-Fi interfaces. The best choice is to use a Raspberry Pi (2+) a Wi-Fi dongle and a small touch screen. This tiny configuration (for less than $50) allows you to tap any Wi-Fi device, anywhere.

Language:PythonLicense:Apache-2.0Stargazers:3062Issues:81Issues:84

awesome-mobile-security

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

nmapAutomator

A script that you can run in the background!

Language:ShellLicense:MITStargazers:2640Issues:76Issues:53

stego-toolkit

Collection of steganography tools - helps with CTF challenges

Reconnoitre

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

Language:PythonLicense:GPL-3.0Stargazers:2087Issues:89Issues:53

boofuzz

A fork and successor of the Sulley Fuzzing Framework

Language:PythonLicense:GPL-2.0Stargazers:1998Issues:53Issues:258

Hacking-with-Go

Golang for Security Professionals

Language:GoLicense:GPL-3.0Stargazers:1775Issues:63Issues:5

xvwa

XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.

Language:PHPLicense:GPL-3.0Stargazers:1673Issues:81Issues:22

dockerscan

Docker security analysis & hacking tools

Language:PythonLicense:NOASSERTIONStargazers:1335Issues:66Issues:13

qsym

QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing

Language:C++License:NOASSERTIONStargazers:627Issues:26Issues:85

domxsswiki

Automatically exported from code.google.com/p/domxsswiki

awesome-python-talks

:clapper: :mortar_board: An opinionated list of awesome videos related to Python, with a focus on training and gaining hands-on experience.

Language:ShellLicense:CC0-1.0Stargazers:506Issues:38Issues:0

Susanoo

A REST API security testing framework.

Language:PythonLicense:MITStargazers:324Issues:16Issues:1

phishing-frenzy-templates

Phishing Scenarios Used for Phishing Frenzy

which-cloud

given an ip address, return which cloud provider it belongs to (AWS, GCE, etc)

Language:JavaScriptLicense:ISCStargazers:139Issues:6Issues:9

dependency-check-py

:closed_lock_with_key: Shim to easily install OWASP dependency-check-cli into Python projects

Language:PythonLicense:Apache-2.0Stargazers:49Issues:4Issues:10

HandyHeaderHacker

Examine HTTP response headers for common security issues

Language:PythonLicense:GPL-3.0Stargazers:39Issues:7Issues:4

cloud-metadata-services

List of metadata service endpoints for different cloud providers for your pentesting needs.

defcon26

DEFCON-26 Workshop Lab Exercises

Language:HTMLLicense:MITStargazers:12Issues:6Issues:0