staticeffect

PayloadsAllTheThings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Mobile-Security-Framework-MobSF

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

opensnitch

OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.

my-arsenal-of-aws-security-tools

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

ctf-tools

Some setup scripts for security research tools.

public-pentesting-reports

A list of public penetration test reports published by several consulting firms and academic security groups.

DependencyCheck

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

Awesome-WAF

🔥 Web-application firewalls (WAFs) from security standpoint.

pacu

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

flan

A pretty sweet vulnerability scanner

TinyCheck

TinyCheck allows you to easily capture network communications from a smartphone or any device which can be associated to a Wi-Fi access point in order to quickly analyze them. This can be used to check if any suspect or malicious communication is outgoing from a smartphone, by using heuristics or specific Indicators of Compromise (IoCs). In order to make it working, you need a computer with a Debian-like operating system and two Wi-Fi interfaces. The best choice is to use a Raspberry Pi (2+) a Wi-Fi dongle and a small touch screen. This tiny configuration (for less than $50) allows you to tap any Wi-Fi device, anywhere.

awesome-mobile-security

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

nmapAutomator

A script that you can run in the background!

stego-toolkit

Collection of steganography tools - helps with CTF challenges

Reconnoitre

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

boofuzz

A fork and successor of the Sulley Fuzzing Framework

Hacking-with-Go

Golang for Security Professionals

xvwa

XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.

dockerscan

Docker security analysis & hacking tools

qsym

QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing

domxsswiki

Automatically exported from code.google.com/p/domxsswiki

awesome-python-talks

:clapper: :mortar_board: An opinionated list of awesome videos related to Python, with a focus on training and gaining hands-on experience.

Susanoo

A REST API security testing framework.

phishing-frenzy-templates

Phishing Scenarios Used for Phishing Frenzy

which-cloud

given an ip address, return which cloud provider it belongs to (AWS, GCE, etc)

dependency-check-py

:closed_lock_with_key: Shim to easily install OWASP dependency-check-cli into Python projects

HandyHeaderHacker

Examine HTTP response headers for common security issues

cloud-metadata-services

List of metadata service endpoints for different cloud providers for your pentesting needs.

defcon26

DEFCON-26 Workshop Lab Exercises

nexpose-stuff