infosec

There are 280 repositories under infosec topic.

• threat9 / routersploit

  Exploitation Framework for Embedded Devices

  pythonsecurityinfosecrouter-exploitation-frameworkroutersploit-frameworkexploitsembeddedrouterroutersploitscannercredsdictionary-attackbruteforce
  Language:Python 11869

• smicallef / spiderfoot

  SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

  attacksurfacecticybersecurityfootprintinghackinginformation-gatheringinformation-securityinfosecintelligence-gatheringosintosint-frameworkosint-reconnaissanceosint-toolpentestingpythonreconsecurity-toolsthreat-intelligencethreatintel
  Language:Python 11723

• ffuf / ffuf

  Fast web fuzzer written in Go

  fuzzerinfosecpentestingweb
  Language:Go 11407

• maurosoria / dirsearch

  Web path scanner

  fuzzerfuzzingpythonsecuritydirsearchhackingpentestingpenetration-testingbug-bountyappsecwordlisthacking-toolinfosecbrutescannerbugbountyenumerationpentest-toolred-teamingredteam
  Language:Python 11237

• digininja / DVWA

  Damn Vulnerable Web Application (DVWA)

  dvwaphpsql-injectionsecuritytraininginfosechacking
  Language:PHP 9309

• wazuh / wazuh

  Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

  cloud-securitycomplianceconfiguration-assessementcontainer-securitycybersecurityfile-integrity-monitoringincident-responseinfoseclog-analysismalware-detectionpci-dsssecuritysecurity-auditsecurity-automationsecurity-hardeningsecurity-toolssiemvulnerability-detectionwazuhxdr
  Language:C 9159

• infosecn1nja / Red-Teaming-Toolkit

  This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.

  hackinginfosecpentestingred-team
  8500

• samratashok / nishang

  Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

  powershellnishangsecurityred-teampenetration-testinginfosechackingredteamactivedirectory
  Language:PowerShell 8333
• rengine

  yogeshojha / rengine

  reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.

  security-toolsosintreconrecon-enginereconnaissancescannerscanner-webrengineinformation-gatheringbugbountyhackingscanningpentestingbug-bountyinfosecpenetration-testing
  Language:Python 6722
• traitor

  liamg / traitor

  :arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock

  cve-2021-3560cve-2022-0847dirtypipeexploitgtfobinshacktheboxinfosecprivescprivilege-escalationredteam-toolssecurity-tools
  Language:Go 6494

• trickest / cve

  Gather and update all available and newest CVEs with their PoC.

  poccvecve-poclatest-cvevulnerabilityvulnerabilitiessoftware-vulnerabilitiessoftware-securityexploitsecurityinfosechackingpentestingpenetration-testingred-teamsecurity-toolssoftware-vulnerability
  Language:HTML 6058
• hetty

  dstotijn / hetty

  An HTTP toolkit for security research.

  bugbountyhttpinfosecmitmpentestingproxy
  Language:Go 5923

• 0xInfection / Awesome-WAF

  🔥 Web-application firewalls (WAFs) from security standpoint.

  awesomeawesome-listbypass-waffirewallinfosecsecuritywafwaf-bypasswaf-detectionwaf-fingerprintswaf-testwaf-testingweb-application-firewall
  Language:Python 5921

• EdOverflow / bugbounty-cheatsheet

  A list of interesting payloads, tips and tricks for bug bounty hunters.

  bugbountyinfosecpayloadssecurity
  5561

• daffainfo / AllAboutBugBounty

  All about bug bounty (bypasses, payloads, and etc)

  bugbountybugbountytipsbypasspayloadsreconnaissancebughackingsecuritypayloadpenetration-testingvulnerabilityinfosecpentest
  5417

• rmusser01 / Infosec_Reference

  An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

  infosecinfosec-referencereverse-engineeringhackingpentestingpenetration-testingreferenceslinuxprivilege-escalationinformation-securityblueteamred-teamwindowsosxforensicshacking-simulatorprivilege-escalation-exploitshacktoberfesthacktoberfest2021
  Language:CSS 5356

• ihebski / DefaultCreds-cheat-sheet

  One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

  blueteambugbountycheatsheetcredentials-gatheringcybersecuritydefault-passwordexploitinfosecoffensive-securitypentestpentesting
  Language:Python 5269
• awesome-shodan-queries

  jakejarvis / awesome-shodan-queries

  🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

  shodaninfosecpentestingiotinternet-of-thingssecurityawesomeawesome-listhackingpenetration-testingshodan-dorksdorksnetwork-infrastructuresecurity-toolssecurity-scannercloud
  5052
• 1earn

  ffffffff0x / 1earn

  ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

  blueteamcollectionctfhackingics-securityinfoseclinux-learningmarkdown-articlepentestpentest-toolpocpost-penetrationredteamsecuritysecurity-toolsstudywriteup
  Language:C++ 5036

• onlurking / awesome-infosec

  A curated list of awesome infosec courses and training resources.

  infosecpentestcoursespenetration-testingsecurity-professionalslabawesomesecurity
  4966

• decalage2 / awesome-security-hardening

  A collection of awesome security hardening guides, tools and other resources

  awesome-listbest-practicesblue-teamblueteamcis-benchmarkscomputer-securitycyber-securitycybersecurityinfoseclinux-hardeningsecuritysecurity-hardeningsecurity-toolswindows-hardening
  4939

• fr0gger / Awesome-GPT-Agents

  A curated list of GPT agents for cybersecurity

  agentscybersecurityinfosecllm
  4709

• infobyte / faraday

  Open Source Vulnerability Management Platform

  devopspenetration-testingvulnerabilityvulnerability-scannerssecuritysecurity-auditpentestingcontinuous-scanninginfosecvulnerability-managementcollaborationburpsuitenessusnmapdevsecopssecurity-automationorchestrationcveappseccybersecurity
  Language:Python 4613
• can-i-take-over-xyz

  EdOverflow / can-i-take-over-xyz

  "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

  bugbountyinfoseclistsecuritysubdomainsubdomain-takeovers
  Language:Python 4445

• jassics / security-study-plan

  Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...

  aws-securitystudy-guidestudy-planappsecappsec-tutorialsazure-securitydevsecops-universitygcp-securitypentestingapplication-securitycybersecuritycybersecurity-educationinfosecsecurity-testingstudy-plannerapi-security
  4108

• fabacab / awesome-cybersecurity-blueteam

  :computer:🛡️ A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.

  awesome-listblue-teamcomputer-securitycybersecuritydefensive-securityinfosecsecurity
  4010

• PaulSec / awesome-sec-talks

  A collected list of awesome security talks

  conferenceshackinginfosecsecurity
  3958

• Ullaakut / cameradar

  Cameradar hacks its way into RTSP videosurveillance cameras

  camerascctvhackinghacking-toolinfosecnetsecpenetration-testingpentestingrtspsecuritysecurity-tools
  Language:Go 3884

• ysrc / xunfeng

  巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

  exploitsinfosecpentestingscannersecuritysecurity-auditvulnerability-assessmentvulnerability-detectionvulnerability-scanners
  Language:Python 3498

• GerbenJavado / LinkFinder

  A python script that finds endpoints in JavaScript files

  infosecendpoints
  Language:Python 3451

• KuroLabs / stegcloak

  Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐

  cryptographysteganographycompressionfunctional-programmingramdajshacking-toolsecurityhackingjavascriptprivacysecurity-toolsstegocipherinfosechacking-toolsdata-exfiltration
  Language:JavaScript 3170

• skerkour / black-hat-rust

  Applied offensive security with Rust - https://kerkour.com/black-hat-rust

  rustsecuritypentestpentestingoffensive-securityred-teamauditbeaconc2bug-bountybug-huntingwasmshellcodesscannerphishingtrojanvirushackinginfosecsecurity-tools
  Language:Rust 3042

• ignis-sec / Pwdb-Public

  A collection of all the data i could extract from 1 billion leaked credentials from internet.

  infosecpasswordrockyouseclists
  2982
• KeyDecoder

  MaximeBeasse / KeyDecoder

  KeyDecoder app lets you use your smartphone or tablet to decode your mechanical keys in seconds.

  cardduplicate-keysinfoseckeydecoderlocksmithpentesterspicturesecurity-enthusiasts
  Language:Dart 2976

• arainho / awesome-api-security

  A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.

  api-securityapi-secawesome-listapi-hackingapi-pentestapisecsecuritypentestfuzzingapi-hacksapi-huntinginfosecapi-hardening
  2727
• snoop

  snooppr / snoop

  Snoop — инструмент разведки на основе открытых данных (OSINT world)

  osinttermuxusername-searchusername-checkerpentestweb-scrapingctfscannerredteamblueteaminfosecsecuritynicknameipgeopoliceparserscrapinggeocoderusername
  Language:Python 2682