The Book Of Secret Knowledge

sslscan tests SSL/TLS enabled services to discover supported cipher suites

A tool designed to exploit a privilege escalation vulnerability in the sudo program on Unix-like systems. It takes advantage of a specific misconfiguration or flaw in sudo to gain elevated privileges on the system, essentially allowing a regular user to execute commands as the root user.

ASOC, ASPM, DevSecOps, Vulnerability Management Using ArcherySec.

Tools to bootstrap CAs, certificate requests, and signed certificates.

macOS Security Compliance Project

An engine to make Tor network your default gateway

A detailed document explaining and documenting HTTP/2, the successor to the widely popular HTTP/1.1 protocol

A collection of PHP backdoors. For educational or testing purposes only.

A document describing the HTTP/3 and QUIC protocols

No description.

Python frame stack sampler for CPython

The OWASP Developer Guide

:book: Kubernetes CheatSheets In A4

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

Find web directories without bruteforce

A very simple way to find out which SSL ciphersuites are supported by a target.

Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output the full wordlist as well as rules compatible with Hashcat and John the Ripper.

the scott CPU from "But How Do It Know?" by J. Clark Scott

Resources to help you keep secrets (API keys, database credentials, certificates, ...) out of source code and remediate the issue in case of a leaked API key. Made available by GitGuardian.

Common PHP webshells you might need for your Penetration Testing assignments or CTF challenges. Do not host the file(s) on your server!

Reverse proxies cheatsheet

Mozilla HTTP Observatory

Command line utility for searching and downloading exploits

Stenographer is a packet capture solution which aims to quickly spool all packets to disk, then provide simple, fast access to subsets of those packets. Discussion/announcements at stenographer@googlegroups.com

A DNS reconnaissance tool for locating non-contiguous IP space.

A command-line reference-implementation client for SSL Labs APIs, designed for automated and/or bulk testing.

vnStat - a network traffic monitor for Linux and BSD

Application Layer DoS attack simulator

Library consisting of explanation and implementation of all the existing attacks on various Encryption Systems, Digital Signatures, Key Exchange, Authentication methods along with example challenges from CTFs

CORS Misconfiguration Scanner

A curated list of the most common and most interesting robots.txt disallowed directories.

Find open databases - Powered by Binaryedge.io

Web and mobile application security training platform

:zap: fast dns proxy that can run anywhere, built to black-hole internet advertisements and malware servers

A command-line client for SQL Server with auto-completion and syntax highlighting

bandwidth monitor and rate estimator

Binary editor written in Go

Wordlists for creating statistically likely username lists for use in password attacks and security testing. Used for pentesting for over 10 years with amazing results.

Examples and hands-on labs for Linux tracing tools workshops

A replacement for AB (Apache Bench)

Create multiple TOR instances with a load-balancing.

a collection of handy bookmarks

A Game of Hackers (CTF Scoreboard & Game Manager)

Automated System Hardening Framework

DNS Measurement, Troubleshooting and Security Auditing Toolset

A modern vulnerable web app

Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

lsof to graphviz

ngrep is like GNU grep applied to the network layer. It's a PCAP-based tool that allows you to specify an extended regular or hexadecimal expression to match against data payloads of packets. It understands many kinds of protocols, including IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw, across a wide variety of interface types, and understands BPF filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.

Tools for Linux/Unix sysadmins.