infosec

Exploitation Framework for Embedded Devices

Web path scanner

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Fast web fuzzer written in Go

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

Damn Vulnerable Web Application (DVWA)

This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

⬆️ ☠️ 🔥 Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

An HTTP toolkit for security research.

🔥 Web-application firewalls (WAFs) from security standpoint.

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

A list of interesting payloads, tips and tricks for bug bounty hunters.

A curated list of awesome infosec courses and training resources.

暂停维护 | ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

A collection of awesome security hardening guides, tools and other resources

Gather and update all available and newest CVEs with their PoC.

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities