infosec

Exploitation Framework for Embedded Devices

Web path scanner

SpiderFoot automates OSINT so you can focus on analysis.

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

Damn Vulnerable Web Application (DVWA)

A collection of open source and commercial tools that aid in red team operations.

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

A curated list of awesome infosec courses and training resources.

Hetty is an HTTP toolkit for security research.

A list of interesting payloads, tips and tricks for bug bounty hunters.

Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, polkit, docker socket ⬆️ ☠️

A collected list of awesome security talks

Collaborative Penetration Test and Vulnerability Management Platform

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

🔍 A collection of interesting, funny, and depressing search queries to plug into https://shodan.io/ 👩‍💻

A collection of all the data i could extract from 1 billion leaked credentials from internet.

Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐

🔐 Security advisories as a simple composer exclusion list, updated daily

A python script that finds endpoints in JavaScript files

💻🛡️ A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Awesome Node.js Security resources

📡 A python program to create a fake AP and sniff data.

Scan for open S3 buckets and dump the contents

A proposed standard that allows websites to define security policies.

This challenge is Inon Shkedy's 31 days API Security Tips.

VirusTotal Wanna Be - Now with 100% more Hipster