open-sec Goto Github PK

snallygaster

Tool to scan for secret files on HTTP servers

spartan

Frontpage and Sharepoint fingerprinting and attack tool.

sprayingtoolkit

Scripts to make password spraying attacks against Lync/S4B & OWA a lot quicker, less painful and more efficient

sshuttle

Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.

sublist3r

Fast subdomains enumeration tool for penetration testers

sudo_killer

A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo

template

A template Sphinx repo

thefatrat

An easy tool to generate backdoor with msfvenom (a part from metasploit framework). This tool compiles a malware with popular payload and then the compiled malware can be execute on windows, android, mac . The malware that created with this tool also have an ability to bypass most AV software protection

threagile

Agile Threat Modeling Toolkit

top10

Official OWASP Top 10 Document Repository

tradecraftdevelopment-fundamentals

Tradecraft Development Fundamentals

trustmealready

Disable SSL verification and pinning on Android, system-wide

tutorials

Additional Resources For Securing The Stack Tutorials

uacme

Defeating Windows User Account Control

unicorn

Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18.

usbpcap

USB packet capture for Windows

vpc-vpn-pivot

Pivot into private VPC networks using a VPN connection

vulhub

Pre-Built Vulnerable Environments Based on Docker-Compose

vulnerable-node

A very vulnerable web site written in NodeJS with the purpose of have a project with identified vulnerabilities to test the quality of security analyzers tools tools

weirdaal

WeirdAAL (AWS Attack Library)

whapa

WhatsApp Parser Tool v0.2

windows-logical-eop-workshop

winpwnage

💻 Elevate, UAC bypass, persistence, privilege escalation, dll hijack techniques

wmimplant

This is a PowerShell based tool that is designed to act like a RAT. Its interface is that of a shell where any command that is supported is translated into a WMI-equivalent for use on a network/remote machine. WMImplant is WMI based.

workshop_mobile

Ta

wpseku

WPSeku - Wordpress Security Scanner

ws-attacker

WS-Attacker is a modular framework for web services penetration testing. It is developed by the Chair of Network and Data Security, Ruhr University Bochum (http://nds.rub.de/ ) and the Hackmanit GmbH (http://hackmanit.de/).

yippee-ki-yay-mfa-er

Code samples discussed during DEFCON Red Team Village Talk -- "Yippee-Ki-Yay MFA'er - Bypassing Multi-Factor Authentication with Real-Time Replay Session Instantiation Attacks" by Hutch

yodo

Local Privilege Escalation

ysoserial

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.