aryanguenthner Goto Github PK

31-days-of-api-security-tips

This challenge is Inon Shkedy's 31 days API Security Tips.

365

BlueTeam, RedTeam, Bug bounty, OSINT, Threat Hunting, Network and Web Recon, Discovery, Enumeration, Vulnerability Mapping, Exploitation, Reporting, Darkweb, Deepweb, Research

3snake

Tool for extracting information from newly spawned processes

ad-penetration-testing-tools

域渗透工具

airgeddon

This is a multi-use bash script for Linux systems to audit wireless networks.

amass

In-depth Attack Surface Mapping and Asset Discovery

amber

Reflective PE packer.

aort

All in One Recon Tool for Bug Bounty

apkwash

Android APK Antivirus evasion for msfvenom generated payloads.

apple_ble_spam_ofw

apple_ble_spam for OFW

asl

free windows software

autobloody

Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound

autoenum

Nmap enumeration and script scan automation script

awesome-application-security-checklist

Checklist of the most important security countermeasures when designing, creating, testing your web/mobile application

awesome-deblurring

A curated list of resources for Image and Video Deblurring

awesome-red-team-operations

awesome-soar

A curated Cyber "Security Orchestration, Automation and Response (SOAR)" awesome list.

awesome-waf

🔥 Everything about web-application firewalls (WAF).

badblood

BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active Directory. Each time this tool runs, it produces different results. The domain, users, groups, computers and permissions are different. Every. Single. Time.

beginner-network-pentesting

Notes for Beginner Network Pentesting Course

bloodhound

Six Degrees of Domain Admin

bridgekeeper

Scrape, Hunt, and Transform names and usernames

burp-shell-fwd-lfi

A Burp Suite plugin/extension that offers a shell in Burp. Both useful for OS Command injection and LFI exploration

bypass-firewalls-by-dns-history

Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.

capa

The FLARE team's open-source tool to identify capabilities in executable files.

cheatsheet-god

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

cheatsheetseries

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

chimera

Chimera is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.

cipherscan

A very simple way to find out which SSL ciphersuites are supported by a target.

cmsmap

CMSmap is a python open source CMS (Content Management System) scanner that automates the process of detecting security flaws of the most popular CMSs.