Stars
GoFingerprint is a Go tool for taking a list of target web servers and matching their HTTP responses against a user defined list of fingerprints.
A python script that finds endpoints in JavaScript files
GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Cheat sheet and notes inspired by the book RTFM - Red Team Field Manual
Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
Some setup scripts for security research tools.
Community guide to securing and improving privacy on macOS.
Wiki to collect Red Team infrastructure hardening resources
This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
📱 objection - runtime mobile exploration
A collection of awesome penetration testing resources, tools and other shiny things
Slack Enumeration and Extraction Tool - extract sensitive information from a Slack Workspace
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
In-depth attack surface mapping and asset discovery
A list of interesting payloads, tips and tricks for bug bounty hunters.
Next-gen BurpSuite penetration testing tool
A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.
An evil RAT (Remote Administration Tool) for macOS / OS X.
A flask template with Bootstrap, asset bundling+minification with webpack, starter templates, and registration/authentication. For use with cookiecutter.
An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
Evident Security Platform Custom Signatures Samples
A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)