bilalaazzani Goto Github PK

lazys3

lfidump

A simple python script to dump remote files through a local file read or local file inclusion web vulnerability.

linenum

Scripted Local Linux Enumeration & Privilege Escalation Checks

mariana-trench

Our security focused static analysis tool for Android and Java applications.

microburst

A collection of scripts for assessing Microsoft Azure security

msticpy

Microsoft Threat Intelligence Security Tools

mustlearnkql

Code included as part of the MustLearnKQL blog series

my-arsenal-of-aws-security-tools

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

nishang

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

osce-complete-guide

OSWE, OSEP, OSED

oscprepo

A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and reading material in 'BookmarkList' CherryTree. Reconscan Py2 and Py3. Custom ISO building.

pacu

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

password_cracking_rules

One rule to crack all passwords. or atleast we hope so.

payloadsallthethings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

php-reverse-shell

powersploit

PowerSploit - A PowerShell Post-Exploitation Framework

public-reports

bug bounty disclosed reports

pwntools-tutorial

Tutorials for getting started with Pwntools

pwntools-write-ups

A colleciton of CTF write-ups all using pwntools

python-pentest-tools

Python tools for penetration testers

red-teaming-toolkit

This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.

redteam-resources

resources-for-beginner-bug-bounty-hunters

A list of resources for those interested in getting started in bug bounties

responder

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.

rest-api-fuzz-testing

REST API Fuzz Testing (RAFT): Source code for self-hosted service developed for Azure, including the API, orchestration engine, and default set of security tools (including MSR's RESTler), that enables developers to embed security tooling into their CI/CD workflows

seatbelt

Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.

snake

BAC1 programming project in python3

soc-opensource

This is a Project Designed for Security Analysts and all SOC audiences who wants to play with implementation and explore the Modern SOC architecture.

sshuttle

Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.

sysmonsimulator

Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detections and correlation rules by Blue teams.