wab-mm Goto Github PK

apkleaks

Scanning APK file for URIs, endpoints & secrets.

awesome-devsecops

An authoritative list of awesome devsecops tools with the help from community experiments and contributions.

awesome-honeypots

an awesome list of honeypot resources

awesome-web-security

🐶 A curated list of Web Security materials and resources.

bulwark

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

ctf-katana

This repository aims to hold suggestions (and hopefully/eventually code) for CTF challenges. The "project" is nicknamed Katana.

helk

The Hunting ELK

jwt-cracker

Simple HS256 JWT token brute force cracker

jwt-pwn

Security Testing Scripts for JWT

log4j-scan

A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228

log4shell-vulnerable-app

Spring Boot web application vulnerable to CVE-2021-44228, nicknamed Log4Shell.

lpeworkshop

Windows / Linux Local Privilege Escalation Workshop

nodejsscan

nodejsscan is a static security code scanner for Node.js applications.

npk

A mostly-serverless distributed hash cracking platform

nuclei

Fast and customizable vulnerability scanner based on simple YAML based DSL.

owasp-testing-checklist

OWASP based Web Application Security Testing Checklist is an Excel based checklist which helps you to track the status of completed and pending test cases.

owtf

Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp

penetration_testing_poc

渗透测试有关的POC、EXP、脚本、提权、小工具等，欢迎补充、完善---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

pentest-cheatsheets

privilege-escalation-awesome-scripts-suite

PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

rengine

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.

responder

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.

scoutsuite

Multi-Cloud Security Auditing Tool

sippts

Set of tools to audit SIP based VoIP Systems

villain

Villain is a Windows & Linux backdoor generator and multi-session handler that allows users to connect with sibling servers (other machines running Villain) and share their backdoor sessions, handy for working as a team.

wesng

Windows Exploit Suggester - Next Generation