Awesome Security

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

🕵️‍♂️ Collect a dossier on a person by username from 3000+ sites

OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.

The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWASP Mobile Security Weakness Enumeration (MASWE) weaknesses, which are in alignment with the OWASP MASVS.

Fast subdomains enumeration tool for penetration testers

🛡️ Open-source and cloud-native Web Application Firewall (WAF)

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

An advanced memory forensics framework

Infection Monkey - An open-source adversary emulation platform

Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources.

The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.

Dshell is a network forensic analysis framework.

GRR Rapid Response: remote live forensics for incident response

Loki - Simple IOC and YARA Scanner

Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor

A fork and successor of the Sulley Fuzzing Framework

A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.

A little utility for managing credentials in the cloud

Rekall Memory Forensic Framework

Confidant: your secret keeper. https://lyft.github.io/confidant

Kippo - SSH Honeypot

No description.

Flutter Reverse Engineering Framework

Automated Red Team Infrastructure deployement using Docker

A modular vulnerability scanner with automatic report generation capabilities.

IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.

Legion is an open source, easy-to-use, super-extensible and semi-automated network penetration testing tool that aids in discovery, reconnaissance and exploitation of information systems.

Find exploit tool

No description.

:closed_lock_with_key: Multiplatform command-line password manager

A low to medium interaction honeypot.

HonSSH is designed to log all SSH communications between a client and server.

Mirror of Apache Spot

Automated client-side template injection (sandbox escape/bypass) detection for AngularJS v1.x.

Aggregates security advisories from 10 international CERTs daily and provides an AI skill that cross-references alerts against your project's tech stack.

Open Source SIEM (Security Information and Event Management system).

CLI utility and Python module for analyzing log files and other data.

A simple script which implements different Cognito attacks such as Account Oracle or Priviledge Escalation

Cake Fuzzer is a project that is meant to help automatically and continuously discover vulnerabilities in web applications created based on specific frameworks with very limited false positives.

Amun Honeypot

Intrusion Prevention System (IPS) for Secure Shell (SSH)

CLI program for automating the setup, configuration, and use of cybersecurity solutions

A Python application to filter and transfer Zeek logs to Elastic/OpenSearch+Humio. This app can also output pure JSON logs to stdout for further processing!

Android Malware Behavior Deleter

A tool to extract local data storage of an Android application in one click.

A CVE scanner which can process a pkglist.

Sigma Queries turned into KQL for Defender using pysigma - Automated

Sigma Queries turned into SPL for Splunk Enterprise and Enterprise Security using pysigma - Automated