thezakman

infosec-resources

A list of helpful cybersecurity / infosec resources

OSINT-Brazuca

Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.

pwnagotchi

(⌐■_■) - Deep Reinforcement Learning instrumenting bettercap for WiFi pwning.

pyWhat

🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙‍♀️

reddit_scraping_using_praw

Rotulus

Store leaked database the most efficient way

Telefonica-CTF

Workshop focado em ensinar o caminho das pedras e os "pulos do gato".

apkleaks

Scanning APK file for URIs, endpoints & secrets.

Awesome-Bugbounty-Writeups

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

awesome-ctf

A curated list of CTF frameworks, libraries, resources and softwares

bfac

BFAC (Backup File Artifacts Checker): An automated tool that checks for backup artifacts that may disclose the web-application's source code.

bugBountyTemplates

List of reporting templates I have used since I started doing BBH.

credentialLeakDB

A database for storing, querying and doing stats on credential leaks

DDexec

A technique to run binaries filelessly and stealthily on Linux by tricking dd into pwning itself (reflective injection).

DefaultCreds-cheat-sheet

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

eyeballer

Convolutional neural network for analyzing pentest screenshots

JNDI-Exploit-Kit

JNDI-Exploitation-Kit（A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP Server, RMI Server and LDAP Server to exploit java web apps vulnerable to JNDI Injection）

keyhacks

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

KingOfBugBountyTips

Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wish to influence Onelinetips and explain the commands, for the better understanding of new hunters..

kiterunner

Contextual Content Discovery Tool

OSINT

Olha Só, Intel No Terminal

pastebin-scraper

Live-scraping pastebin to fight boredom.

PayloadsAllTheThings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Profil3r

OSINT tool that allows you to find a person's accounts and emails + breached emails 🕵️

scrapy-rotating-proxies

use multiple proxies with Scrapy

sherlock

🔎 Hunt down social media accounts by username across social networks

sqlmap

Automatic SQL injection and database takeover tool

the-nuclei-templates

Nuclei templates written by us.

TrashSearch

Searching the TrashPanda OSINT bot API to check if your email/domain or password was leaked or not

xsshunter

The XSS Hunter service - a portable version of XSSHunter.com