open-sec Goto Github PK

c-jwt-cracker

JWT brute force cracker written in C

cactustorch

CACTUSTORCH: Payload Generation for Adversary Simulations

capa

The FLARE team's open-source tool to identify capabilities in executable files.

censys-command-line

Command-line tool for Censys! Quickly investigate suspicious hosts or answer complex questions about your infrastructure using Censys right from the command-line!

cf-bypass

chaos

:fire: CHAOS is a PoC that allow generate payloads and control remote operating systems.

cicd-goat

A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.

cjexploiter

Drag and Drop ClickJacking exploit development assistance tool.

cloudpentestcheatsheets

This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage cloud providers.

conpot

ICS/SCADA honeypot

conti-pentester-guide-leak

Leaked pentesting manuals given to Conti ransomware crooks

convoluted-phishing-payload-cpp

Batch file code for the convoluted phishing payload blog post at www.acenyethehackerguy.com

covenant

Covenant is a .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive .NET tradecraft easier, and serve as a collaborative command and control platform for red teamers.

credsniper

CredSniper is a phishing framework written with the Python micro-framework Flask and Jinja2 templating which supports capturing 2FA tokens.

crowbar

Crowbar is brute forcing tool that can be used during penetration tests. It is developed to support protocols that are not currently supported by thc-hydra and other popular brute forcing tools.

dalfox

🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang

damn-vulnerable-graphql-application

Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.

dark_web_scraping

This repository contains scrapers programs to scrape hacking forums from Dark web

dart

DART is a test documentation tool created by the Lockheed Martin Red Team to document and report on penetration tests, especially in isolated network environments.

darthsidious

Building an Active Directory domain and hacking it

deathstar

Automate getting Domain Admin using Empire (https://github.com/EmpireProject/Empire)

defcon26

degoogle

search Google and extract results directly. skip all the click-through links and other sketchiness

det

(extensible) Data Exfiltration Toolkit (DET)

devopssecuritychecklist

dirble

Fast directory scanning and scraping tool

dirsearch

Web path scanner

dnsbin

The request.bin of DNS request

domained

Subdomain Enumeration

domainpasswordspray

DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS!