infosec

There are 284 repositories under infosec topic.

• threat9 / routersploit

  Exploitation Framework for Embedded Devices

  pythonsecurityinfosecrouter-exploitation-frameworkroutersploit-frameworkexploitsembeddedrouterroutersploitscannercredsdictionary-attackbruteforce
  Language:Python 11906

• smicallef / spiderfoot

  SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

  footprintingosintthreatintelpythoninfosecintelligence-gatheringosint-reconnaissancepentestingthreat-intelligencesecurity-toolsinformation-gatheringcybersecurityctiosint-frameworkattacksurfaceosint-toolhackinginformation-securityrecon
  Language:Python 11837

• ffuf / ffuf

  Fast web fuzzer written in Go

  fuzzerinfosecpentestingweb
  Language:Go 11526

• maurosoria / dirsearch

  Web path scanner

  fuzzerfuzzingpythonsecuritydirsearchhackingpentestingpenetration-testingbug-bountyappsecwordlisthacking-toolinfosecbrutescannerbugbountyenumerationpentest-toolred-teamingredteam
  Language:Python 11333

• digininja / DVWA

  Damn Vulnerable Web Application (DVWA)

  dvwahackinginfosecphpsecuritysql-injectiontraining
  Language:PHP 9434

• wazuh / wazuh

  Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

  cloud-securitycomplianceconfiguration-assessementcontainer-securitycybersecurityfile-integrity-monitoringincident-responseinfoseclog-analysismalware-detectionpci-dsssecuritysecurity-auditsecurity-automationsecurity-hardeningsecurity-toolssiemvulnerability-detectionwazuhxdr
  Language:C 9313

• infosecn1nja / Red-Teaming-Toolkit

  This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.

  red-teamhackinginfosecpentesting
  8566

• samratashok / nishang

  Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

  powershellnishangsecurityred-teampenetration-testinginfosechackingredteamactivedirectory
  Language:PowerShell 8376
• rengine

  yogeshojha / rengine

  reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.

  security-toolsosintreconrecon-enginereconnaissancescannerscanner-webrengineinformation-gatheringbugbountyhackingscanningpentestingbug-bountyinfosecpenetration-testing
  Language:Python 7012
• traitor

  liamg / traitor

  :arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock

  gtfobinsexploitprivescprivilege-escalationhacktheboxinfosecredteam-toolssecurity-toolscve-2021-3560dirtypipecve-2022-0847
  Language:Go 6506

• trickest / cve

  Gather and update all available and newest CVEs with their PoC.

  poccvecve-poclatest-cvevulnerabilityvulnerabilitiessoftware-vulnerabilitiessoftware-securityexploitsecurityinfosechackingpentestingpenetration-testingred-teamsecurity-toolssoftware-vulnerability
  Language:HTML 6123

• 0xInfection / Awesome-WAF

  🔥 Web-application firewalls (WAFs) from security standpoint.

  wafweb-application-firewallfirewallawesome-listawesomewaf-bypasswaf-detectionwaf-testwaf-testingwaf-fingerprintsbypass-wafinfosecsecurity
  Language:Python 5962
• hetty

  dstotijn / hetty

  An HTTP toolkit for security research.

  mitmproxyhttppentestinginfosecbugbounty
  Language:Go 5928

• EdOverflow / bugbounty-cheatsheet

  A list of interesting payloads, tips and tricks for bug bounty hunters.

  securitypayloadsinfosecbugbounty
  5573

• daffainfo / AllAboutBugBounty

  All about bug bounty (bypasses, payloads, and etc)

  bugbountybugbountytipsbypasspayloadsreconnaissancebughackingsecuritypayloadpenetration-testingvulnerabilityinfosecpentest
  5438

• rmusser01 / Infosec_Reference

  An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

  infosecinfosec-referencereverse-engineeringhackingpentestingpenetration-testingreferenceslinuxprivilege-escalationinformation-securityblueteamred-teamwindowsosxforensicshacking-simulatorprivilege-escalation-exploitshacktoberfesthacktoberfest2021
  Language:CSS 5373

• ihebski / DefaultCreds-cheat-sheet

  One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

  infosecdefault-passwordpentestingbugbountypentestcredentials-gatheringcheatsheetcybersecurityblueteamoffensive-securityexploit
  Language:Python 5313
• 1earn

  ffffffff0x / 1earn

  ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

  markdown-articlelinux-learningpenteststudysecuritycollectionblueteamredteampost-penetrationics-securitywriteuppentest-toolpocctfsecurity-toolsinfosechacking
  Language:C++ 5097
• awesome-shodan-queries

  jakejarvis / awesome-shodan-queries

  🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

  shodaninfosecpentestingiotinternet-of-thingssecurityawesomeawesome-listhackingpenetration-testingshodan-dorksdorksnetwork-infrastructuresecurity-toolssecurity-scannercloud
  5086

• onlurking / awesome-infosec

  A curated list of awesome infosec courses and training resources.

  infosecpentestcoursespenetration-testingsecurity-professionalslabawesomesecurity
  4994

• decalage2 / awesome-security-hardening

  A collection of awesome security hardening guides, tools and other resources

  awesome-listsecuritysecurity-hardeningsecurity-toolswindows-hardeningcybersecuritycyber-securityinfosecbest-practicescis-benchmarksblueteamblue-teamcomputer-securitylinux-hardening
  4989

• fr0gger / Awesome-GPT-Agents

  A curated list of GPT agents for cybersecurity

  agentscybersecurityinfosecllm
  4805

• infobyte / faraday

  Open Source Vulnerability Management Platform

  devopspenetration-testingvulnerabilityvulnerability-scannerssecuritysecurity-auditpentestingcontinuous-scanninginfosecvulnerability-managementcollaborationburpsuitenessusnmapdevsecopssecurity-automationorchestrationcveappseccybersecurity
  Language:Python 4638
• can-i-take-over-xyz

  EdOverflow / can-i-take-over-xyz

  "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

  securityinfosecbugbountylistsubdomainsubdomain-takeovers
  Language:Python 4478

• jassics / security-study-plan

  Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...

  aws-securitystudy-guidestudy-planappsecappsec-tutorialsazure-securitydevsecops-universitygcp-securitypentestingapplication-securitycybersecuritycybersecurity-educationinfosecsecurity-testingstudy-plannerapi-security
  4126

• fabacab / awesome-cybersecurity-blueteam

  :computer:🛡️ A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.

  awesome-listcybersecurityblue-teamdefensive-securitysecurityinfoseccomputer-security
  4033

• PaulSec / awesome-sec-talks

  A collected list of awesome security talks

  conferenceshackinginfosecsecurity
  3960

• Ullaakut / cameradar

  Cameradar hacks its way into RTSP videosurveillance cameras

  penetration-testingsecurityhackinginfosecrtspcctvcamerashacking-toolpentestingsecurity-toolsnetsec
  Language:Go 3902

• ysrc / xunfeng

  巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

  exploitsinfosecpentestingscannersecuritysecurity-auditvulnerability-assessmentvulnerability-detectionvulnerability-scanners
  Language:Python 3504

• GerbenJavado / LinkFinder

  A python script that finds endpoints in JavaScript files

  infosecendpoints
  Language:Python 3471

• KuroLabs / stegcloak

  Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐

  cryptographysteganographycompressionfunctional-programmingramdajshacking-toolsecurityhackingjavascriptprivacysecurity-toolsstegocipherinfosechacking-toolsdata-exfiltration
  Language:JavaScript 3183

• skerkour / black-hat-rust

  Applied offensive security with Rust - https://kerkour.com/black-hat-rust

  rustsecuritypentestpentestingoffensive-securityred-teamauditbeaconc2bug-bountybug-huntingwasmshellcodesscannerphishingtrojanvirushackinginfosecsecurity-tools
  Language:Rust 3046

• ignis-sec / Pwdb-Public

  A collection of all the data i could extract from 1 billion leaked credentials from internet.

  infosecpasswordrockyouseclists
  2982
• KeyDecoder

  MaximeBeasse / KeyDecoder

  KeyDecoder app lets you use your smartphone or tablet to decode your mechanical keys in seconds.

  cardduplicate-keysinfoseckeydecoderlocksmithpentesterspicturesecurity-enthusiasts
  Language:Dart 2977

• arainho / awesome-api-security

  A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.

  api-securityapi-secawesome-listapi-hackingapi-pentestapisecsecuritypentestfuzzingapi-hacksapi-huntinginfosecapi-hardening
  2761
• snoop

  snooppr / snoop

  Snoop — инструмент разведки на основе открытых данных (OSINT world)

  osinttermuxusername-searchusername-checkerpentestweb-scrapingctfscannerredteamblueteaminfosecsecuritynicknameipgeopoliceparserscrapinggeocoderusername
  Language:Python 2712