CLI client (and Golang module) for deps.dev API. Free access to dependencies, licenses, advisories, and other critical health and security signals for open source package versions.

undust is a URL pattern generator that helps uncover archived, backup, and temporary files left behind on web servers. Given a URL, it generates the most common archive, temp and backup file name v…

Basic brute-force script targeting the standard Keycloak Admin/User Console browser login flow.

Discover new target domains using Content Security Policy

Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration

ACEshark is a utility designed for rapid extraction and analysis of Windows service configurations and Access Control Entries, eliminating the need for tools like accesschk.exe or other non-native …

Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!

Firmware Launcher for ESP32 boards like: M5Stack, Lilygo, Marauder and CYD devices.

Awesome Nmap Grep

Polymorphic Command & Control

My useful files for penetration tests, security assessments, bug bounty and other security related stuff

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous …

Weekly updated list of missing CVEs in nuclei templates official repository. Mainly built for bug bounty, but useful for penetration tests and vulnerability assessments too.

Scanning APK file for URIs, endpoints & secrets.

A tool to create randomly insecure file shares that also contain unsecured credential files

Automatic SQL injection and database takeover tool

AI assistant that utilizes GPT language models to interpret and generate cybersecurity payloads 🪄

One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password 🛡️

ScriptSentry finds misconfigured and dangerous logon scripts.

🕵️‍♂️ All-in-one OSINT tool for analysing any website

OSCP Cheat Sheet

Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.

A Curated list of Security Resources for all connected things

A Personal Collection of Infosec Dorks

A Python http(s) server designed to assist in red teaming activities such as receiving intercepted data via POST requests and serving content dynamically (e.g. payloads).

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

A compact and portable WiFi reconnaissance suite based on the ESP8266

SSH based reverse shell

A collection of techniques, examples and a little bit of theory for manually obfuscating PowerShell scripts to achieve AV evasion, compiled for educational purposes. The contents of this repository…