fthomasella Goto Github PK

amass

In-depth Attack Surface Mapping and Asset Discovery

assessment-mindset

Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.

awesome-bugbounty-tools

A curated list of various bug bounty tools

awesome-static-analysis

Static analysis tools for all programming languages

bettercap

The Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and MITM attacks.

books

Free Online Books

burpbounty

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that improve an active and passive scanner by yourself. This extension requires Burp Suite Pro.

cloc

cloc counts blank lines, comment lines, and physical lines of source code in many programming languages.

cve-2019-11708

Full exploit chain (CVE-2019-11708 & CVE-2019-9810) against Firefox on Windows 64-bit.

detect-it-easy

Detect it Easy

dirbuster-ng

dirbuster-ng is C CLI implementation of the Java dirbuster tool

dnscan

dnspy

.NET debugger and assembly editor

eslint-plugin-security

ESLint rules for Node Security

evilginx2

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

firewall-iptables-with-log

A simple iptables firewall to setup mypentest lab and try to protect myself from other users

firmware_slap

Discovering vulnerabilities in firmware through concolic analysis and function clustering.

fuzzapi

Fuzzapi is a tool used for REST API pentesting and uses API_Fuzzer gem

hash_extender

java-interview

👨‍🎓 Java related : basic, concurrent, algorithm

keepnote

Quick and Dirty Penetration Testing Notes

laravel

A PHP framework for web artisans

laravel-query-detector

Laravel N+1 Query Detector

linenum

Scripted Local Linux Enumeration & Privilege Escalation Checks

linux-privilege-escalation

This cheatsheet is aimed at the OSCP aspirants to help them understand the various methods of Escalating Privilege on Linux based Machines and CTFs with examples.

lscript

The LAZY script will make your life easier, and of course faster.

mara_framework

MARA is a Mobile Application Reverse engineering and Analysis Framework. It is a toolkit that puts together commonly used mobile application reverse engineering and analysis tools to assist in testing mobile applications against the OWASP mobile security threats.

metasploitable3

Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities.

mobile-security-framework-mobsf

Mobile Security Framework is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static analysis, dynamic analysis, malware analysis and web API testing.

my-arsenal-of-aws-security-tools

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.