Extracts URLs from OSINT Archives for Security Insights

This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), ar…

Search & Parse Password Leaks

Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan, VirusTotal & Intelligence X!

Correlated injection proxy tool for XSS Hunter

A high-speed tool for passively gathering URLs, optimized for efficient and comprehensive web asset discovery without active scanning.

Rust Bootcamp week 1: Set up you Rust development environment

A terminal UI for tshark, inspired by Wireshark

Draw.io libraries for threat modeling diagrams

ServiceLens is a Python tool for analyzing services linked to Microsoft 365 domains. It scans DNS records like SPF and DMARC to identify services, categorizing them into Email, Cloud, Security, and…

An open source threat modeling tool from OWASP

Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more.

ripgrep recursively searches directories for a regex pattern while respecting your gitignore

Script to Automate installtion of Apps ,frida server and moving Burpsuite certificate to root folder

Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/or bug bounty targets!

一个验证对CVE-2024-21733

⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.

AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security weaknesses

A rapid HTTP downgrade smuggling scanner written in Go.

An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

Identify hardcoded secrets in static structured text

Scan DockerHub images that match a keyword to find secrets.

Windows inside a Docker container.

The goal of this repository is to document the most common techniques to bypass AppLocker.

Tools and Techniques for Red Team / Penetration Testing

The swiss army knife of LSASS dumping

ScriptSentry finds misconfigured and dangerous logon scripts.

The Network Execution Tool

REX-Ray is a container storage orchestration engine enabling persistence for cloud native workloads