hrouhani Goto Github PK

awesome-azure-pentest

A collection of resources, tools and more for penetration testing and securing Microsofts cloud platform Azure.

aztfy-azure-to-terraform

A tool to bring existing Azure resources under Terraform's management

azure-app-creation

azure-devops-deploy-to-aks

Repository for showcasing the deployment from Azure DevOps Pipelines to AKS (Live Streaming )

breach-parse

A tool for parsing breached passwords

cks-course-environment

Kubernetes Security

clair

Vulnerability Static Analysis for Containers

code-snippets

Various code snippets

falco

Cloud Native Runtime Security

httprobe

Take a list of domains and probe for working HTTP and HTTPS servers

impacket

Impacket is a collection of Python classes for working with network protocols.

impacket-framework

Impacket is a collection of Python classes for working with network protocols. SMB Replay attacks for NTLMv2 authentication

it-disruption-framework

merlin

Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.

mimikatz

A little tool to play with Windows security

openluck

OpenFuck exploit updated to linux 2018 - Apache mod_ssl < 2.8.7 OpenSSL - Remote Buffer Overflow

payloadsallthethings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

pfsense-code-exec

authenticated arbitrary code execution exploit in pfsense community edition <= 2.2.6

prowler

Prowler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more.

seclists

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

terraform-aws-eks

Terraform module to create an Elastic Kubernetes (EKS) cluster and associated resources 🇺🇦

trivy

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

unicorn

Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18.

webauthentication-7-level

wesng

Windows Exploit Suggester - Next Generation

windows-exploit-suggester

This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins.

windows-privilege-escalation-resources

Compilation of Resources from TCM's Windows Priv Esc Udemy Course

wstg

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

yubikey-luks

Yubikey LUKS setup for Ubuntu 22.04 LTS