Stars
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readines…
The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
This publication is a collection of various common attack scenarios on Microsoft Entra ID (formerly known as Azure Active Directory) and how they can be mitigated or detected.
A Microsoft Windows® USB installation media preparer for GNU+Linux
GraphQL threat framework used by security professionals to research security gaps in GraphQL implementations
graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.
Stand up a simple Elastic container with Kibana, Fleet, and the Detection Engine
Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections…
ScriptSentry finds misconfigured and dangerous logon scripts.
Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown
Collection of methodology and test case for various web vulnerabilities.
40X/HTTP bypasser in Go. Features: Verb tampering, headers, #bugbountytips, User-Agents, extensions, default credentials...
Bloodhound Reporting for Blue and Purple Teams
Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan & VirusTotal!
hauditor is a tool designed to analyze the security headers returned by a web page.
A list of Google Dorks for Bug Bounty, Web Application Security, and Pentesting
A recursive internet scanner for hackers.
Python tool to Check running WebClient services on multiple targets based on @leechristensen
Kooky cURL-powered replacement for reverse shell via /dev/tcp
This project aims to compare and evaluate the telemetry of various EDR products.
PowerShell MachineAccountQuota and DNS exploit tools
Detours is a software package for monitoring and instrumenting API calls on Windows. It is distributed in source code form.
Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated defensive and hardening guidance.
A tool which bypasses AMSI (AntiMalware Scan Interface) and PowerShell CLM (Constrained Language Mode) and gives you a FullLanguage PowerShell reverse shell.