Hacktools
The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
β¬οΈ β οΈ π₯ Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target
All about bug bounty (bypasses, payloads, and etc)
Automating situational awareness for cloud penetration tests.
TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
An enterprise friendly way of detecting and preventing secrets in code.
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.
"Can I take over XYZ?" β a list of services and how to claim (sub)domains with dangling DNS records.
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
A curated list of resources for learning about application security
A collection of awesome penetration testing resources, tools and other shiny things
Hunt every Endpoint in your code, expose Shadow APIs, map the Attack Surface.
AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security weaknesses
Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan, VirusTotal & Intelligence X!
π¦ Make security testing of K8s, Docker, and Containerd easier.
Simple set of c2 agents that utilise azure cloud services to establish connection
A super fast CLI tool to decode and encode JWTs built in Rust
The tool π²π»ππΊπ is a framework built for Kali Linux that uses a plethora of existing pentesting tools as plugins in order to simplify and standardize the enumeration stage at a simplistic level. It β¦
A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.
Take a list of domains and probe for working HTTP and HTTPS servers
PowerShell MachineAccountQuota and DNS exploit tools