Lists (2)
Stars
ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
Community curated list of public bug bounty and responsible disclosure programs.
Refactored & improved CredKing password spraying tool, uses FireProx APIs to rotate IP addresses, stay anonymous, and beat throttling
Cybersecurity AI (CAI), the framework for AI Security
A revamped and updated version of my original OneRuleToRuleThemAll hashcat rule
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a…
Weekly updated list of missing CVEs in nuclei templates official repository. Mainly built for bug bounty, but useful for penetration tests and vulnerability assessments too.
Modern CLI for exploring vulnerability data with powerful search, filtering, and analysis capabilities.
Fast and configurable TLS grabber focused on TLS based data collection.
Prowler is the Open Cloud Security for AWS, Azure, GCP, Kubernetes, M365 and more. As agent-less, it helps for continuous monitoring, security assessments & audits, incident response, compliance, h…
Identify privilege escalation paths within and across different clouds
Use the GCP testIamPermissions functionality to bruteforce and discover your permissions
SCuBA Secure Configuration Baselines and assessment tool for Google Workspace
Automation to assess the state of your M365 tenant against CISA's baselines
Pre-Built Vulnerable Environments Based on Docker-Compose
ScriptSentry finds misconfigured and dangerous logon scripts.
A small tool built to find and fix common misconfigurations in Active Directory Certificate Services.
PingCastle - Get Active Directory Security at 80% in 20% of the time