fourteenminusone Goto Github PK

ad-attack-defense

Attack and defend active directory using modern post exploitation adversary tradecraft activity

apt_report

Interesting apt report collection and some special ioc express

auto-cpufreq

Automatic CPU speed & power optimizer for Linux

autophisher

Script to setup a phishing server on the cloud

autorecon

AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.

awesome-cloud-pentest

awesome-pentest

A collection of awesome penetration testing resources, tools and other shiny things

awesome-php-security

Awesome PHP Security Resources 🕶🐘🔐

awesome-threat-intelligence

A curated list of Awesome Threat Intelligence resources

awesome-vehicle-security

🚗 A curated list of resources for learning about vehicle security and car hacking.

badblood

BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active Directory. Each time this tool runs, it produces different results. The domain, users, groups, computers and permissions are different. Every. Single. Time.

bheem

bloodhound.py

A Python based ingestor for BloodHound

cheatsheetseries

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

cmseek

CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and over 170 other CMSs

cobaltstrike

CobaltStrike's source code

corsme

Cross Origin Resource Sharing MisConfiguration Scanner

credsleaker

Credsleaker allows an attacker to craft a highly convincing credentials prompt using Windows Security, validate it against the DC and in turn leak it via an HTTP request.

cve-2019-0708

Scanner PoC for CVE-2019-0708 RDP RCE vuln

duplicut

Remove duplicates from MASSIVE wordlist, without sorting it (for dictionnary-based password cracking)

dvcs-ripper

Rip web accessible (distributed) version control systems: SVN/GIT/HG...

edumorse

eyewitness

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

favfreak

Making Favicon.ico based Recon Great again !

fawkes

Fawkes is a tool to search for targets vulnerable to SQL Injection. Performs the search using Google search engine.

flare-vm

ghunt

🕵️‍♂️ Investigate Google Accounts with emails.

github-search

Tools to perform basic search on GitHub.

gtfo

Search gtfobins and lolbas files from your terminal

hetty

Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community.