thezakman

infosec-resources

A list of helpful cybersecurity / infosec resources

OSINT-Brazuca

Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.

pyWhat

🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙‍♀️

reddit_scraping_using_praw

Rotulus

Store leaked database the most efficient way

Telefonica-CTF

Workshop focado em ensinar o caminho das pedras e os "pulos do gato".

bfac

BFAC (Backup File Artifacts Checker): An automated tool that checks for backup artifacts that may disclose the web-application's source code.

bugBountyTemplates

List of reporting templates I have used since I started doing BBH.

credentialLeakDB

A database for storing, querying and doing stats on credential leaks

DDexec

A technique to run binaries filelessly and stealthily on Linux by tricking dd into pwning itself (reflective injection).

DeepPass

Hunting for passwords with deep learning

DefaultCreds-cheat-sheet

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

eyeballer

Convolutional neural network for analyzing pentest screenshots

JNDI-Exploit-Kit

JNDI-Exploitation-Kit（A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP Server, RMI Server and LDAP Server to exploit java web apps vulnerable to JNDI Injection）

keyhacks

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

KingOfBugBountyTips

Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wish to influence Onelinetips and explain the commands, for the better understanding of new hunters..

kiterunner

Contextual Content Discovery Tool

malicious-pdf

💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

MidJourney-Styles-and-Keywords-Reference

A reference containing Styles and Keywords that you can use with MidJourney AI. There are also pages showing resolution comparison, image weights, and much more!

nuclei-templates

Community curated list of templates for the nuclei engine to find security vulnerabilities.

objection

📱 objection - runtime mobile exploration

OSINT

Olha Só, Intel No Terminal

pastebin-scraper

Live-scraping pastebin to fight boredom.

Penetration-Testing-Tools

A collection of more than 170+ tools, scripts, cheatsheets and other loots that I have developed over years for Red Teaming/Pentesting/IT Security audits purposes. Most of them came handy on at least one of my real-world engagements.

Profil3r

OSINT tool that allows you to find a person's accounts and emails + breached emails 🕵️

sd-enable-textual-inversion

Copy these files to your stable-diffusion to enable text-inversion

sqlmap

Automatic SQL injection and database takeover tool

textual_inversion

the-nuclei-templates

Nuclei templates written by us.

TrashSearch

Searching the TrashPanda OSINT bot API to check if your email/domain or password was leaked or not