We have collection of more than 1 Million open source products ranging from Enterprise product to small libraries in all platforms. We aggregate information from all open source repositories. Search and find the best for your needs. Check out projects section.
Infosec_Reference - An Information Security Reference That Doesn't Suck
An Information Security Reference That Doesn't Suck
infosec infosec-reference reverse-engineering hacking pentesting penetration-testing references privilege-escalation exfiltration information-security blueteam red-team osx forensics hacking-simulator privilege-escalation-exploits mitre-attack-dbawesome-sec-talks - A collected list of awesome security talks
A collected list of awesome security talks
infosec conferences hacking securitySecurityAdvisories - :closed_lock_with_key: Security advisories as a simple composer exclusion list, regularly updated
This package ensures that your application doesn't have installed dependencies with known security vulnerabilities. This package does not provide any API or usable classes: its only purpose is to prevent installation of software with known and documented security issues. Simply add "roave/security-advisories": "dev-master" to your composer.json "require-dev" section and you will not be able to harm yourself with software with known security vulnerabilities.
security-advisories security-vulnerability composer infosecbugbounty-cheatsheet - A list of interesting payloads, tips and tricks for bug bounty hunters.
We welcome contributions from the public. The issue tracker is the preferred channel for bug reports and features requests.
security payloads infosec bugbountynishang - Nishang - Offensive PowerShell for penetration testing and offensive security.
Import all the scripts in the current PowerShell session (PowerShell v3 onwards). Use the individual scripts with dot sourcing.
powershell nishang security red-team penetration-testing infosec hackingmalice - VirusTotal Wanna Be - Now with 100% more Hipster
Malice's mission is to be a free open source version of VirusTotal that anyone can use at any scale from an independent researcher to a fortune 500 company. NOTE: On the first run malice will download all of it's default plugins which can take a while to complete.
malice docker malware infosec virustotal elasticsearch antivirus cloud cybersecurity dfir malware-analysis malware-researchmitmAP - 📡 A python program to create a fake AP and sniff data.
I'm not responsible for anything you do with this program, so please only use it for good and educational purposes.
pentesting hacking wifi fake-ap kali-linux infosec mitm access-point wirelessRed-Teaming-Toolkit - A collection of open source and commercial tools that aid in red team operations
A collection of open source and commercial tools that aid in red team operations. This repository will help you during red team engagement. If you want to contribute to this list send me a pull request.
red-team hacking infosec pentestingDVWA - Damn Vulnerable Web Application (DVWA)
Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goal is to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and to aid both students & teachers to learn about web application security in a controlled class room environment. The aim of DVWA is to practice some of the most common web vulnerabilities, with various levels of difficulty, with a simple straightforward interface. Please note, there are both documented and undocumented vulnerabilities with this software. This is intentional. You are encouraged to try and discover as many issues as possible.
dvwa sql-injection security training infosec hackingawesome-infosec - A curated list of awesome infosec courses and training resources.
A curated list of awesome information security resources, inspired by the awesome-* trend on GitHub. Those resources and tools are intended only for cybersecurity professional and educational use in a controlled environment.
infosec pentest courses penetration-testing security-professionals lab awesome securityroutersploit - Exploitation Framework for Embedded Devices
The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices. Update RouterSploit Framework often. The project is under heavy development and new modules are shipped almost every day.
security infosec router-exploitation-framework routersploit-framework exploits embedded router routersploit scanner creds dictionary-attack bruteforcecameradar - Cameradar hacks its way into RTSP videosurveillance cameras
See command-line options. e.g.: docker run -t ullaakut/cameradar -t 192.168.100.0/24 -l will scan the ports 554 and 8554 of hosts on the 192.168.100.0/24 subnetwork and attack the discovered RTSP streams and will output debug logs.
penetration-testing security hacking infosec rtsp cctv cameras hacking-tool pentesting security-toolsspiderfoot - SpiderFoot automates OSINT so you can focus on analysis.
SpiderFoot is an open source intelligence (OSINT) automation tool. It integrates with just about every data source available and utilises a range of methods for data analysis, making that data easy to navigate. SpiderFoot has an embedded web-server for providing a clean and intuitive web-based interface but can also be used completely via the command-line. It's written in Python 3 and GPL-licensed.
osint infosec threatintel intelligence-gathering reconnaissance footprinting attack-surface osint-reconnaissancemalcom - Malcom - Malware Communications Analyzer
Malcom is a tool designed to analyze a system's network communication using graphical representations of network traffic, and cross-reference them with known malware sources. This comes handy when analyzing how certain malware species try to communicate with the outside world. The aim of Malcom is to make malware analysis and intel gathering faster by providing a human-readable version of network traffic originating from a given host or network. Convert network traffic information to actionable intelligence faster.
malware network-traffic pcap threat-intelligence malware-analysis infosec dfirCloakify - CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings; Evade DLP/MLS Devices; Defeat Data Whitelisting Controls; Social Engineering of Analysts; Evade AV Detection
CloakifyFactory & the Cloakify Toolset - Data Exfiltration & Infiltration In Plain Sight; Evade DLP/MLS Devices; Social Engineering of Analysts; Defeat Data Whitelisting Controls; Evade AV Detection. Text-based steganography using lists. Convert any file type (e.g. executables, Office, Zip, images) into a list of everyday strings. Very simple tools, powerful concept, limited only by your imagination. For a quick start on CloakifyFactory, see the cleverly titled file "README_GETTING_STARTED.txt" in the project for a walkthrough.
cipher data-exfiltration hacking pentesting exfiltration steganography cryptography dlp av-evasion privacy security security-tools infosec red-team pentest pentest-tool hacking-tool hacking-tools pentest-tools stegotraitor - Automatic Linux privesc via exploitation of low-hanging fruit e
Traitor packages up a bunch of methods to exploit local misconfigurations and vulnerabilities (including most of GTFOBins) in order to pop a root shell. It'll exploit most sudo privileges listed in GTFOBins to pop a root shell, as well as exploiting issues like a writable docker.sock, or the recent polkit CVE-2021-3560. More routes to root will be added over time too.
exploit infosec privilege-escalation security-tools privesc hackthebox gtfobins redteam-tools cve-2021-3560chashell - Chashell is a Go reverse shell that communicates over DNS
Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks. It comes with a multi-client control server, named chaserv.
reverse-shell infosec pentest redteamhetty - Hetty is an HTTP toolkit for security research.
Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community. ℹ️ Hetty is in early development. Additional features are planned for a v1.0 release. Please see the backlog for details.
http proxy mitm infosec pentesting bugbountycan-i-take-over-xyz - "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records
Subdomain takeover vulnerabilities occur when a subdomain (subdomain.example.com) is pointing to a service (e.g. GitHub pages, Heroku, etc.) that has been removed or deleted. This allows an attacker to set up a page on the service that was being used and point their page to that subdomain. For example, if subdomain.example.com was pointing to a GitHub page and the user decided to delete their GitHub page, an attacker can now create a GitHub page, add a CNAME file containing subdomain.example.com, and claim subdomain.example.com. You can read up more about subdomain takeovers here: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/.
security infosec bugbounty list
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.
