Awesome-Mirrors/my-infosec-awesome
1
0
Fork 0
mirror of https://github.com/pe3zx/my-infosec-awesome.git synced 2024-09-28 10:15:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:pe3zx/my-infosec-awesome into master

Browse Source
This commit is contained in:
pe3zx 2020-09-24 22:57:23 +07:00
commit bccf8c02ec
1 changed files with 108 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

128
README.md
View File

@ -161,6 +161,10 @@ This repository is created as an online bookmark for useful links, resources and
<td><a href="https://github.com/aboul3la/Sublist3r">aboul3la/Sublist3r</a></td>
<td>Fast subdomains enumeration tool for penetration testers</td>
</tr>
<tr>
<td><a href="https://github.com/Acheron-VAF/Acheron">Acheron-VAF/Acheron</a></td>
<td>Acheron is a RESTful vulnerability assessment and management framework built around search and dedicated to terminal extensibility.</td>
</tr>
<tr>
<td><a href="https://github.com/ambionics/phpggc">ambionics/phpggc</a></td>
<td>PHPGGC is a library of unserialize() payloads along with a tool to generate them, from command line or programmatically.</td>
@ -181,6 +185,14 @@ This repository is created as an online bookmark for useful links, resources and
<td><a href="https://github.com/brannondorsey/dns-rebind-toolkit">brannondorsey/dns-rebind-toolkit</a></td>
<td>A front-end JavaScript toolkit for creating DNS rebinding attacks.</td>
</tr>
<tr>
<td><a href="https://github.com/BishopFox/h2csmuggler">BishopFox/h2csmuggler</a></td>
<td>HTTP Request Smuggling over HTTP/2 Cleartext (h2c)</td>
</tr>
<tr>
<td><a href="https://github.com/danmar/cppcheck">danmar/cppcheck</a></td>
<td>static analysis of C/C++ code</td>
</tr>
<tr>
<td><a href="https://github.com/facebook/pyre-check/">facebook/pyre-check/</a></td>
<td>Performant type-checking for python.</td>
@ -206,6 +218,10 @@ This repository is created as an online bookmark for useful links, resources and
<td><a href="https://github.com/mazen160/bfac">mazen160/bfac</a></td>
<td>BFAC (Backup File Artifacts Checker): An automated tool that checks for backup artifacts that may disclose the web-application's source code.</td>
</tr>
<tr>
<td><a href="https://github.com/microsoft/onefuzz">microsoft/onefuzz</a></td>
<td>A self-hosted Fuzzing-As-A-Service platform</td>
</tr>
<tr>
<td><a href="https://github.com/mindedsecurity/JStillery">mindedsecurity/JStillery</a></td>
<td>Advanced JS Deobfuscation via Partial Evaluation.</td>
@ -230,6 +246,10 @@ This repository is created as an online bookmark for useful links, resources and
<td><a href="https://publicwww.com/">Public WWW</a></td>
<td>Source Code Search Engine</td>
</tr>
<tr>
<td><a href="https://github.com/pumasecurity/puma-scan">pumasecurity/puma-scan</a></td>
<td>Puma Scan is a software security Visual Studio extension that provides real time, continuous source code analysis as development teams write code. Vulnerabilities are immediately displayed in the development environment as spell check and compiler warnings, preventing security bugs from entering your applications.</td>
</tr>
<tr>
<td><a href="https://github.com/pwntester/ysoserial.net">pwntester/ysoserial.net</a></td>
<td>Deserialization payload generator for a variety of .NET formatters</td>
@ -556,6 +576,10 @@ This repository is created as an online bookmark for useful links, resources and
<td><a href="https://github.com/prevade/cloudjack">prevade/cloudjack</a></td>
<td>Route53/CloudFront Vulnerability Assessment Utility</td>
</tr>
<tr>
<td><a href="https://github.com/pumasecurity/serverless-prey">pumasecurity/serverless-prey</a></td>
<td>Serverless Functions for establishing Reverse Shells to Lambda, Azure Functions, and Google Cloud Functions</td>
</tr>
<tr>
<td><a href="https://github.com/random-robbie/slurp">random-robbie/slurp</a></td>
<td>Enumerate S3 buckets via certstream, domain, or keywords</td>
@ -773,6 +797,10 @@ This repository is created as an online bookmark for useful links, resources and
<td><a href="https://github.com/cryps1s/DARKSURGEON">cryps1s/DARKSURGEON</a></td>
<td>DARKSURGEON is a Windows packer project to empower incident response, digital forensics, malware analysis, and network defense.</td>
</tr>
<tr>
<td><a href="https://github.com/cyb3rfox/Aurora-Incident-Response">cyb3rfox/Aurora-Incident-Response</a></td>
<td>Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders</td>
</tr>
<tr>
<td><a href="https://github.com/Cyb3rWard0g/HELK">Cyb3rWard0g/HELK</a></td>
<td>A Hunting ELK (Elasticsearch, Logstash, Kibana) with advanced analytic capabilities.</td>
@ -909,6 +937,14 @@ This repository is created as an online bookmark for useful links, resources and
<td><a href="https://github.com/MalwareSoup/MitreAttack">MalwareSoup/MitreAttack</a></td>
<td>Python wrapper for the Mitre ATT&CK framework API</td>
</tr>
<tr>
<td><a href="https://github.com/markbaggett/srum-dump">markbaggett/srum-dump</a></td>
<td>A forensics tool to convert the data in the Windows srum (System Resource Usage Monitor) database to an xlsx spreadsheet.</td>
</tr>
<tr>
<td><a href="https://github.com/markbaggett/werejugo">markbaggett/werejugo</a></td>
<td>Identifies physical locations where a laptop has been based upon wireless profiles and wireless data recorded in event logs</td>
</tr>
<tr>
<td><a href="https://github.com/mozilla/audit-go">mozilla/audit-go</a></td>
<td>Linux Audit Plugin for heka written using netlink Protocol in golang and Lua</td>
@ -1086,6 +1122,10 @@ This repository is created as an online bookmark for useful links, resources and
<td><a href="https://github.com/gellin/TeamViewer_Permissions_Hook_V1">gellin/TeamViewer_Permissions_Hook_V1</a></td>
<td>A proof of concept injectable C++ dll, that uses naked inline hooking and direct memory modification to change your TeamViewer permissions.</td>
</tr>
<tr>
<td><a href="https://github.com/HASecuritySolutions/VulnWhisperer">HASecuritySolutions/VulnWhisperer</a></td>
<td>Create actionable data from your Vulnerability Scans</td>
</tr>
<tr>
<td><a href="https://github.com/hasherezade/process_doppelganging">hasherezade/process_doppelganging</a></td>
<td>My implementation of enSilo's Process Doppelganging (PE injection technique)</td>
@ -1209,10 +1249,6 @@ This repository is created as an online bookmark for useful links, resources and
<td><a href="https://github.com/CapacitorSet/box-js">CapacitorSet/box-js</a></td>
<td>A tool for studying JavaScript malware</td>
</tr>
<tr>
<td><a href="https://capesandbox.com/">CAPEv2 Sandbox</a></td>
<td>CAPE Sandbox</td>
</tr>
<tr>
<td><a href="https://github.com/CERT-Polska/drakvuf-sandbox">CERT-Polska/drakvuf-sandbox</a></td>
<td>DRAKVUF Sandbox - automated hypervisor-level malware analysis system</td>
@ -1437,6 +1473,10 @@ This repository is created as an online bookmark for useful links, resources and
<td><a href="https://github.com/mohamedaymenkarmous/alienvault-otx-api-html">mohamedaymenkarmous/alienvault-otx-api-html</a></td>
<td>AlienVault OTX API-based project with HTML (pure HTML or mixed PNG screenshots) reports pages that looks like the real AlienVault OTX website</td>
</tr>
<tr>
<td><a href="https://github.com/NavyTitanium/Fake-Sandbox-Artifacts">NavyTitanium/Fake-Sandbox-Artifacts</a></td>
<td>This script allows you to create various artifacts on a bare-metal Windows computer in an attempt to trick malwares that looks for VM or analysis tools</td>
</tr>
<tr>
<td><a href="https://github.com/nbeede/BoomBox">nbeede/BoomBox</a></td>
<td>Automatic deployment of Cuckoo Sandbox malware lab using Packer and Vagrant</td>
@ -1564,10 +1604,6 @@ This repository is created as an online bookmark for useful links, resources and
<tr>
<td><a href="http://vxvault.net/ViriList.php">VX Vault</a></td>
<td>VX Vault</td>
</tr>
<tr>
<td><a href="https://vxug.fakedoma.in/samples.html">vx-undergroud</td>
<td>A Malware Block is a compressed 7z file with 40,000 malicious binaries. Each binary is listed in an accompanied 'File listing'. Each block is 100% unique.</td>
</tr>
<tr>
<td><a href="https://github.com/zerosum0x0/smbdoor">zerosum0x0/smbdoor</a></td>
@ -1662,6 +1698,10 @@ This repository is created as an online bookmark for useful links, resources and
<td><a href="https://github.com/quark-engine/quark-engine">quark-engine/quark-engine</a></td>
<td>An Obfuscation-Neglect Android Malware Scoring System</td>
</tr>
<tr>
<td><a href="https://github.com/RealityNet/kobackupdechttps://github.com/RealityNet/kobackupdec">RealityNet/kobackupdec</a></td>
<td>Huawei backup decryptor</td>
</tr>
<tr>
<td><a href="https://github.com/sensepost/objection">sensepost/objection</a></td>
<td>objection is a runtime mobile exploration toolkit, powered by Frida. It was built with the aim of helping assess mobile applications and their security posture without the need for a jailbroken or rooted mobile device.</td>
@ -1695,6 +1735,14 @@ This repository is created as an online bookmark for useful links, resources and
<td><a href="https://github.com/aol/moloch">aol/moloch</a></td>
<td>Moloch is an open source, large scale, full packet capturing, indexing, and database system</td>
</tr>
<tr>
<td><a href="https://github.com/austin-taylor/flare">austin-taylor/flare</a></td>
<td>An analytical framework for network traffic and behavioral analytics</td>
</tr>
<tr>
<td><a href="https://github.com/crowdsecurity/crowdsec/">crowdsecurity/crowdsec/</a></td>
<td>Crowdsec - An open-source, lightweight agent to detect and respond to bad behaviours. It also automatically benefits from our global community-wide IP reputation database.</td>
</tr>
<tr>
<td><a href="https://github.com/blechschmidt/massdns">blechschmidt/massdns</a></td>
<td>A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)</td>
@ -1703,6 +1751,10 @@ This repository is created as an online bookmark for useful links, resources and
<td><a href="https://github.com/byt3bl33d3r/MITMf">byt3bl33d3r/MITMf</a></td>
<td>Framework for Man-In-The-Middle attacks</td>
</tr>
<tr>
<td><a href="https://github.com/dhoelzer/ShowMeThePackets">dhoelzer/ShowMeThePackets</a></td>
<td>Useful network monitoring, analysis, and active response tools used or mentioned in the SANS SEC503 course</td>
</tr>
<tr>
<td><a href="https://dnsdumpster.com/">DNSdumpster.com</a></td>
<td>dns recon & research, find & lookup dns records</td>
@ -1719,6 +1771,14 @@ This repository is created as an online bookmark for useful links, resources and
<td><a href="https://github.com/infobyte/evilgrade">infobyte/evilgrade</a></td>
<td>Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates. It comes with pre-made binaries (agents), a working default configuration for fast pentests, and has it's own WebServer and DNSServer modules. Easy to set up new settings, and has an autoconfiguration when new binary agents are set.</td>
</tr>
<tr>
<td><a href="https://github.com/joswr1ght/cowpatty">joswr1ght/cowpatty</a></td>
<td>coWPAtty: WPA2-PSK Cracking</td>
</tr>
<tr>
<td><a href="https://github.com/joswr1ght/nm2lp">joswr1ght/nm2lp</a></td>
<td>Convert Windows Netmon Monitor Mode Wireless Packet Captures to Libpcap Format</td>
</tr>
<tr>
<td><a href="https://github.com/michenriksen/aquatone">michenriksen/aquatone</a></td>
<td>AQUATONE is a set of tools for performing reconnaissance on domain names. It can discover subdomains on a given domain by using open sources as well as the more common subdomain dictionary brute force approach. After subdomain discovery, AQUATONE can then scan the hosts for common web ports and HTTP headers, HTML bodies and screenshots can be gathered and consolidated into a report for easy analysis of the attack surface.</td>
@ -1768,6 +1828,10 @@ This repository is created as an online bookmark for useful links, resources and
<td><a href="https://github.com/arch4ngel/peasant">arch4ngel/peasant</a></td>
<td>LinkedIn reconnaissance tool</td>
</tr>
<tr>
<td><a href="https://github.com/byt3bl33d3r/WitnessMe">byt3bl33d3r/WitnessMe</a></td>
<td>Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.</td>
</tr>
<tr>
<td><a href="https://cellidfinder.com/">CellID Finder</a></td>
<td>Find GSM base stations cell id coordinates</a></td>
@ -1904,6 +1968,10 @@ This repository is created as an online bookmark for useful links, resources and
<td><a href="https://hackertarget.com/recon-ng-tutorial/">Recon-NG</a></td>
<td>Recon-ng is a reconnaissance tool with an interface similar to Metasploit. Running recon-ng from the command line you enter a shell like environment where you can configure options, perform recon and output results to different report types.</td>
</tr>
<tr>
<td><a href="https://github.com/WebBreacher/WhatsMyName">WebBreacher/WhatsMyName</a></td>
<td>This repository has the unified data required to perform user enumeration on various websites. Content is in a JSON file and can easily be used in other projects.</td>
</tr>
<tr>
<td><a href="https://whatsmyname.app/">WhatsMyName Web</a></td>
<td>This tool allows you to enumerate usernames across many websites</td>
@ -1978,10 +2046,22 @@ This repository is created as an online bookmark for useful links, resources and
<td><a href="https://github.com/BC-SECURITY/Empire/">BC-SECURITY/Empire</a></td>
<td>Empire is a PowerShell and Python post-exploitation agent.</td>
</tr>
<tr>
<td><a href="https://github.com/besimorhino/powercat">besimorhino/powercat</a></td>
<td>netshell features all in version 2 powershell</td>
</tr>
<tr>
<td><a href="https://github.com/bohops/GhostBuild">bohops/GhostBuild</a></td>
<td>GhostBuild is a collection of simple MSBuild launchers for various GhostPack/.NET projects</td>
</tr>
<tr>
<td><a href="https://github.com/byt3bl33d3r/CrackMapExec">byt3bl33d3r/CrackMapExec</a></td>
<td>A swiss army knife for pentesting networks</td>
</tr>
<tr>
<td><a href="https://github.com/byt3bl33d3r/SILENTTRINITY">byt3bl33d3r/SILENTTRINITY</a></td>
<td>An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR</td>
</tr>
<tr>
<td><a href="https://github.com/cobbr/Covenant">cobbr/Covenant</a></td>
<td> Covenant is a .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive .NET tradecraft easier, and serve as a collaborative command and control platform for red teamers.</td>
@ -2074,18 +2154,6 @@ This repository is created as an online bookmark for useful links, resources and
<td><a href="https://github.com/mattifestation/PoCSubjectInterfacePackage">mattifestation/PoCSubjectInterfacePackage</a></td>
<td>A PoC subject interface package (SIP) provider designed to educate about the required components of a SIP provider.</td>
</tr>
<tr>
<td><a href="https://github.com/Ne0nd0g/merlin">Ne0nd0g/merlin</a></td>
<td>Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.</td>
</tr>
<tr>
<td><a href="https://github.com/OmerYa/Invisi-Shell">OmerYa/Invisi-Shell</a></td>
<td>Hide your Powershell script in plain sight. Bypass all Powershell security features</td>
</tr>
<tr>
<td><a href="https://github.com/putterpanda/mimikittenz">putterpanda/mimikittenz</a></td>
<td>A post-exploitation powershell tool for extracting juicy info from memory.</td>
</tr>
<tr>
<td><a href="https://github.com/mdsecactivebreach/Chameleon">mdsecactivebreach/Chameleon</a></td>
<td>Chameleon: A tool for evading Proxy categorisation</td>
@ -2118,10 +2186,18 @@ This repository is created as an online bookmark for useful links, resources and
<td><a href="https://github.com/NetSPI/goddi">NetSPI/goddi</a></td>
<td>goddi (go dump domain info) dumps Active Directory domain information</td>
</tr>
<tr>
<td><a href="https://github.com/nidem/kerberoast">nidem/kerberoast</a></td>
<td>Kerberoast is a series of tools for attacking MS Kerberos implementations. Below is a brief overview of what each tool does.</td>
</tr>
<tr>
<td><a href="https://github.com/outflanknl/Recon-AD">outflanknl/Recon-AD</a></td>
<td>Recon-AD, an AD recon tool based on ADSI and reflective DLLs</td>
</tr>
<tr>
<td><a href="https://github.com/OmerYa/Invisi-Shell">OmerYa/Invisi-Shell</a></td>
<td>Hide your Powershell script in plain sight. Bypass all Powershell security features</td>
</tr>
<tr>
<td><a href="https://github.com/peewpw/Invoke-PSImage">peewpw/Invoke-PSImage</a></td>
<td>Embeds a PowerShell script in the pixels of a PNG file and generates a oneliner to execute</td>
@ -2134,6 +2210,14 @@ This repository is created as an online bookmark for useful links, resources and
<td><a href="https://github.com/Plazmaz/LNKUp">Plazmaz/LNKUp</a></td>
<td>Generates malicious LNK file payloads for data exfiltration</td>
</tr>
<tr>
<td><a href="http://prismatica.io/">Project Prismatica</a></td>
<td>Project Prismatica is a focused framework for Command and Control that is dedicated to extensibility.</td>
</tr>
<tr>
<td><a href="https://github.com/putterpanda/mimikittenz">putterpanda/mimikittenz</a></td>
<td>A post-exploitation powershell tool for extracting juicy info from memory.</td>
</tr>
<tr>
<td><a href="https://github.com/secretsquirrel/SigThief">secretsquirrel/SigThief</a></td>
<td>Stealing Signatures and Making One Invalid Signature at a Time</td>
@ -2179,6 +2263,10 @@ This repository is created as an online bookmark for useful links, resources and
<td><b>Link</b></td>
<td><b>Description</b></td>
</tr>
<tr>
<td><a href="https://github.com/AlteredSecurity/365-Stealer/">AlteredSecurity/365-Stealer/</a></td>
<td>365-Stealer is the tool written in python3 which steals data from victims office365 by using access_token which we get by phishing. It steals outlook mails, attachments, OneDrive files, OneNote notes and injects macros.</td>
</tr>
<tr>
<td><a href="https://github.com/boxug/trape">boxug/trape</a></td>
<td>People tracker on the Internet: Learn to track the world, to avoid being traced.</td>