open-sec Goto Github PK
Name: Open Sec
Type: User
Company: Open-Sec
Location: Peru
Blog: https://www.open-sec.com
Name: Open Sec
Type: User
Company: Open-Sec
Location: Peru
Blog: https://www.open-sec.com
Tool to scan for secret files on HTTP servers
Frontpage and Sharepoint fingerprinting and attack tool.
Scripts to make password spraying attacks against Lync/S4B & OWA a lot quicker, less painful and more efficient
Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.
Fast subdomains enumeration tool for penetration testers
A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo
A template Sphinx repo
An easy tool to generate backdoor with msfvenom (a part from metasploit framework). This tool compiles a malware with popular payload and then the compiled malware can be execute on windows, android, mac . The malware that created with this tool also have an ability to bypass most AV software protection
Agile Threat Modeling Toolkit
Official OWASP Top 10 Document Repository
Tradecraft Development Fundamentals
Disable SSL verification and pinning on Android, system-wide
Additional Resources For Securing The Stack Tutorials
Defeating Windows User Account Control
Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18.
USB packet capture for Windows
Pivot into private VPC networks using a VPN connection
Pre-Built Vulnerable Environments Based on Docker-Compose
A very vulnerable web site written in NodeJS with the purpose of have a project with identified vulnerabilities to test the quality of security analyzers tools tools
WeirdAAL (AWS Attack Library)
WhatsApp Parser Tool v0.2
💻 Elevate, UAC bypass, persistence, privilege escalation, dll hijack techniques
This is a PowerShell based tool that is designed to act like a RAT. Its interface is that of a shell where any command that is supported is translated into a WMI-equivalent for use on a network/remote machine. WMImplant is WMI based.
Ta
WPSeku - Wordpress Security Scanner
WS-Attacker is a modular framework for web services penetration testing. It is developed by the Chair of Network and Data Security, Ruhr University Bochum (http://nds.rub.de/ ) and the Hackmanit GmbH (http://hackmanit.de/).
Code samples discussed during DEFCON Red Team Village Talk -- "Yippee-Ki-Yay MFA'er - Bypassing Multi-Factor Authentication with Real-Time Replay Session Instantiation Attacks" by Hutch
Local Privilege Escalation
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.