Automated Adversary Emulation
kunpeng是一个Golang编写的开源POC框架/库,以动态链接库的形式提供各种语言调用,通过此项目可快速开发漏洞检测类的系统。
Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.
Awesome Python Security resources
Hacking Toolkit
Collection of small security tools created mostly in Python. CTFs, pentests and so on
Web application vulnerability scanner
Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.
Awesome .NET Security Resources
PHP Security Check List [ EN ]
We were able to start dockerised securecodebox, but how do we get the data fed into Kibana (as seen on the screenshots)?
Awesome Java Security Resources
Fuzz your Rust code with Google-developed Honggfuzz !
Chain Reactor is an open source framework for composing executables that simulate adversary behaviors and techniques on Linux endpoints.
Custom memory allocator that helps discover reads from uninitialized memory
A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.
This is my OSCP cheat sheet made by combining a lot of different resources online with a little bit of tweaking. I used this cheat sheet during my exam (Fri, 13 Sep 2019) and during the labs. I can proudly say it helped me pass so I hope it can help you as well ! Good Luck and Try Harder
Metasploit Cheat Sheet
Sometimes the "URLQuery" and "Google SafeBrowsing" lines says null- known null website or total alert count is null.
You can see the screen shot below:
This should be fixed easily with something like 'ng-if' in main.js. I can do it if I manage to install it.
This project intends to provide a series of tools to craft, parse, send, analyze and crack a set of LoRaWAN packets in order to audit or pentest the security of a LoraWAN infrastructure.
siderophile will currently output something like
<http::uri::scheme::Scheme as HttpTryFrom<&'a[u8]>>::try_from
or
<futures_io_preview::if_std::Pin<&'amutT> as AsyncRead>::initializer
The lifetime 'a should not be present, and there should be a space between mut and T.
memory search and patch tool on debuggable apk without root & ndk
Deemon is a tool to detect CSRF in web applications. Deemon has been used for the paper "Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs" by G. Pellegrino, M. Johns, S. Koch, M. Backes, and C. Rossow.
A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Watch and Star this repo for all latest guides, tools, methodology, platforms tips, and tricks curated by us.
Automated XSS Finder
Add a description, image, and links to the security-testing topic page so that developers can more easily learn about it.
To associate your repository with the security-testing topic, visit your repo's landing page and select "manage topics."
Add example usage logs to the documentation for all applicable modules.