security
Minisign is a dead simple tool to sign files and verify signatures.
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity . APT-Hunter use pre-defined detection rules and focus on statistics to uncover abnormalities which is very effective in compromise assessment . the output produced with timeline that can be analyzed directly from Excel , Timeline Explorer , Timesketch , etc...
Analyze assets authorization, who has access to what and how.
universal-data-permissions-scanner (AKA udps) helps DevOps and data engineers quickly understand who has access to what data and how.
DevOps and data engineers are often tasked with managing the security of the databases, data lakes or warehouses they operate. This usually involves setting permissions to enable users to query the data they need. However, as the number of users and use-cases increase, complexity explodes. It's no longer humanly possible to remember who had access to what, how and why, which makes meeting security and compliance requirements impossible.
Decrypt passwords/cookies/history/bookmarks from the browser.
HackBrowserData is a command-line tool for decrypting and exporting browser data ( passwords, history, cookies, bookmarks, credit cards, download records, localStorage and extension ) from the browser. It supports the most popular browsers on the market and runs on Windows, macOS and Linux.
A lightweight web security auditing toolkit. Caido aims to help security professionals and enthusiasts audit web applications with efficiency and ease.
The Dogtag Certificate System is an enterprise-class open source Certificate Authority (CA). It is a full-featured system, and has been hardened by real-world deployments. It supports all aspects of certificate lifecycle management, including key archival, OCSP and smartcard management, and much more. The Dogtag Certificate System can be downloaded for free and set up in less than an hour.
FreeIPA is an integrated security information management solution combining Linux (Fedora), 389 Directory Server, MIT Kerberos, NTP, DNS, Dogtag (Certificate System). It consists of a web interface and command-line administration tools.
FreeIPA is an integrated Identity and Authentication solution for Linux/UNIX networked environments. A FreeIPA server provides centralized authentication, authorization and account information by storing data about user, groups, hosts and other objects necessary to manage the security aspects of a network of computers.
Supply-chain Levels for Software Artifacts, or SLSA ("salsa").
SLSA is a specification for describing and incrementally improving supply chain security, established by industry consensus. It is organized into a series of levels that describe increasing security guarantees.
It’s a security framework, a checklist of standards and controls to prevent tampering, improve integrity, and secure packages and infrastructure. It’s how you get from "safe enough" to being as resilient as possible, at any link in the chain.
Related contents:
mimikatz extract plaintexts passwords, hash, PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash, pass-the-ticket or build Golden tickets.
Free Cloud Encryption for Dropbox & Co.
Cryptomator offers multi-platform transparent client-side encryption of your files in the cloud.
Related contents:
The Open Source Insights page for each package shows the full dependency graph and updates it every day. The information provided can help you make informed decisions about using, building, and maintaining your software.
Related contents:
Simple & secure two-factor authentication via mobile & desktop app that's free to users. Authy's 2FA API is by Twilio.
IPFire is a dedicated firewall that can be installed in any network - from data center down to your home. It is secure, fast and very versatile. Besides from being a stateful inspection firewall it can work as a VPN gateway, analyze data packets with its Intrusion Prevention System (IPS), and comes with many Add-ons that extend its functionality further.
Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.
pwndrop is a self-deployable file hosting service for sending out red teaming payloads or securely sharing your private files over HTTP and WebDAV.
Discover vulnerabilities across a codebase with CodeQL, our industry-leading semantic code analysis engine. CodeQL lets you query code as though it were data. Write a query to find all variants of a vulnerability, eradicating it forever. Then share your query to help others do the same.
Untitled Goose Tool is a robust and flexible hunt and incident response tool that adds novel authentication and data gathering methods in order to run a full investigation against a customer’s Azure Active Directory (AzureAD), Azure, and M365 environments. Untitled Goose Tool gathers additional telemetry from Microsoft Defender for Endpoint (MDE) and Defender for Internet of Things (IoT) (D4IoT).
A full-featured, open source, state-of-the-art video surveillance software system.
Monitor your home, office, or wherever you want. Using off the shelf hardware with any camera, you can design a system as large or as small as you need.
Content Security Policy Reference.
The new Content-Security-Policy HTTP response header helps you reduce XSS risks on modern browsers by declaring which dynamic resources are allowed to load.
Script permettant de créer automatiquement une VM Kali VirtualBox ou VMware avec l'installation de tous les outils nécessaires de pentest.
L'outil kali-automation-install est un projet qui a pour vocation d'aider les pentester à créer de façon automatique des VM Kali Linux avec tous les outils nécessaires à la réalisation de la mission confiés. C'est une vitrine de mes compétences acquises dans le monde opérationnel en tant qu'Administrateur/Ingénieur Système Réseaux et Sécurité avec des compétences dite DevOps pour le monde offensive cyber dans lequel je m'oriente.
Secure your supply chain. Ship with confidence. Socket fights vulnerabilities and provides visibility, defense-in-depth, and proactive supply chain protection for JavaScript and Python dependencies.
The Cyber Citizen initiative will produce a model for cybersecurity learning and a learning portal based on that model. The learning portal will have content for all citizens, and this content, such as a cyber citizen skills learning game, will take into account different target groups. Citizens’ abilities to act in a safe and secure manner in the digital world are improved with educational and communicative elements in the learning portal.
Like nmap for mapping wifi networks you're not connected to. Maps and tracks wifi networks and devices through raw 802.11 monitoring.
Récupérer les vidéos de caméras de surveillance qui vous sont de droit.
"Toute personne intéressée peut s'adresser au responsable d'un système de vidéoprotection afin d'obtenir un accès aux enregistrements qui la concernent […]. Cet accès est de droit."
Pour remercier les autorités de vous filmer, vous avez le droit de demander une copie de la vidéo où vous apparaissez. Ce site facilite l'exercice du droit d'accès !
Check your WAF before an attacker does this one.
WAF bypass Tool is an open source tool to analyze the security of any WAF for False Positives and False Negatives using predefined and customizable payloads. Check your WAF before an attacker does. WAF Bypass Tool is developed by Nemesida WAF team with the participation of community.
Infection Monkey graphic blue background Simulate, Validate, and Mitigate with the Infection Monkey
Continuously test your network security and use the insights to make informed security decisions based on real data, not speculations.
A web application that assists network defenders, analysts, and researcher in the process of mapping adversary behaviors to the MITRE ATT&CK® framework.
Identity-Native Infrastructure Access. Faster. More Secure.
Teleport replaces the #1 source of data breaches — secrets — with true identity to deliver phishing-proof zero trust access for every engineer and service connected to your global infrastructure.
Teleport is the easiest, most secure way to access all your infrastructure. Teleport is an identity-aware, multi-protocol access proxy which understands SSH, HTTPS, RDP, Kubernetes API, MySQL, MongoDB and PostgreSQL wire protocols.
Related contents:
Banhammer for Laravel offers a very simple way to ban any Model by ID and by IP. It also allows to block requests by IP addresses.
- Own proxy database creates the attack from the whole world, which makes it much more difficult to protect against
- Efficient on a large number of targets simultaneously
- A variety of different methods, both "classic" and proprietary ones
- Frequent automatic updates without user intervention
This is a simple distributed load generation tool written in Go. It is able to fetch a simple JSON config from a local or remote location. The config describes which load generation jobs should be launched in parallel. There are other existing tools doing the same kind of job. I do not intend to copy or replace them but rather provide a simple open source alternative so that users have more options. Feel free to use it in your load tests (wink-wink).
releases of pen-testing tool called 'distress' written in rust. Features:
- automatic target updates from ITArmy UA
- uses proxies by default
- supports usage of tor exit nodes (refer to use-tor flag)
- low cpu utilization
- advanced attacks
Minimal forward authentication service that provides Google/OpenID oauth based login and authentication for the traefik reverse proxy.
A minimal forward authentication service that provides OAuth/SSO login and authentication for the traefik reverse proxy/load balancer.
Red Flag Domains are lists of very recently registered probably malicious domain names in french TLDs. Data are published for security purposes only, and can be used to feed an automatic filtering solution like proxy. More details here.
A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.
age is a simple, modern and secure file encryption tool, format, and Go library. It features small explicit keys, no config options, and UNIX-style composability.
Yet Another Testing & Auditing Solution
A simple tool to audit your AWS infrastructure for misconfiguration or potential security issues with plugins integration.
The goal of YATAS is to help you create a secure AWS environment without too much hassle. It won't check for all best practices but only for the ones that are important for you based on my experience. Please feel free to tell me if you find something that is not covered.
Cowrie is a medium to high interaction SSH and Telnet honeypot designed to log brute force attacks and the shell interaction performed by the attacker. In medium interaction mode (shell) it emulates a UNIX system in Python, in high interaction mode (proxy) it functions as an SSH and telnet proxy to observe attacker behavior to another system.
This repository will contain many mindmaps for cyber security technologies, methodologies, courses, and certifications in a tree structure to give brief details about them.
OpenZiti is a free and open source project focused on bringing zero trust networking principles directly into any application. The project provides all the pieces required to implement a zero trust overlay network and provides all the tools necessary to integrate zero trust into your existing solutions. The OpenZiti project believes the principles of zero trust shouldn't stop at your network, those ideas belong in your application.
An open source sharing solution built on OpenZiti, the zero trust networking platform. Available as SaaS or self-hosted.
zrok is a next-generation sharing platform built on top of OpenZiti, a programmable zero-trust network overlay. zrok is a Ziti Native Application. zrok facilitates sharing resources both publicly and privately, exposing them to an audience you can easily control.
Machinae is a tool for collecting intelligence from public sites/feeds about various security-related pieces of data: IP addresses, domain names, URLs, email addresses, file hashes and SSL fingerprints. It was inspired by Automater, another excellent tool for collecting information. The Machinae project was born from wishing to improve Automater in 4 areas:
Extract and aggregate threat intelligence. An extendable tool to extract and aggregate IOCs from threat feeds.
ThreatIngestor can be configured to watch Twitter, RSS feeds, or other sources, extract meaningful information such as malicious IPs/domains and YARA signatures, and send that information to another system for analysis.
Microsoft Threat Intelligence Python Security Tools. msticpy is a library for InfoSec investigation and hunting in Jupyter Notebooks.
Real Intelligence Threat Analytics (R-I-T-A) is an open-source framework for detecting command and control communication through network traffic analysis. The RITA framework ingests Zeek logs or PCAPs converted to Zeek logs for analysis.
A complete guide to Nostr.
The simplest open protocol that is able to create a censorship-resistant global "social" network once and for all. A social network for the decentralized era. A simple, open protocol that enables a truly censorship-resistant & global social network.
Web clipboard and simple messanger with end-to-end RSA+AES encryption. Cryptboard.io allows to send text messages and files between multiple devices.
Volatile memory extraction utility framework - An advanced memory forensics framework.
The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offer visibilty into the runtime state of the system.
Atomic Red Team™ is a library of tests mapped to the MITRE ATT&CK® framework. Security teams can use Atomic Red Team to quickly, portably, and reproducibly test their environments.
A free, community-sourced, machine-readable knowledge base of digital forensic artifacts that the world can use both as an information source and within other tools.
If you'd like to use the artifacts in your own tools, all you need to be able to do is read YAML. That is it, no other dependencies. The Python code in this project is just used to validate all the artifacts to make sure they follow the specification.
FIR (Fast Incident Response) is an cybersecurity incident management platform designed with agility and speed in mind. It allows for easy creation, tracking, and reporting of cybersecurity incidents.
FIR is for anyone needing to track cybersecurity incidents (CSIRTs, CERTs, SOCs, etc.). It was tailored to suit our needs and our team's habits, but we put a great deal of effort into making it as generic as possible before releasing it so that other teams around the world may also use it and customize it as they see fit.
StreamAlert is a serverless, real-time data analysis framework which empowers you to ingest, analyze, and alert on data from any environment, using data sources and alerting logic you define. Computer security teams use StreamAlert to scan terabytes of log data every day for incident detection and response.
An AI-powered Personal Identifiable Information (PII) scanner.. Octopii is an open-source AI-powered Personal Identifiable Information (PII) scanner that can look for image assets such as Government IDs, passports, photos and signatures in a directory.
A python script to help red teamers discover KeePass instances and extract secrets.
Hacking Training For The Best | Individuals & Companies. A Massive Hacking Playground.
Join a dynamically growing hacking community and take your cybersecurity skills to the next level through the most captivating, gamified, hands-on training experience!
Firefox Decrypt is a tool to extract passwords from profiles of Mozilla (Fire/Water)fox™, Thunderbird®, SeaMonkey® and derivates.
It can be used to recover passwords from a profile protected by a Master Password as long as the latter is known. If a profile is not protected by a Master Password, passwords are displayed without prompt.
continuous fuzzing for open source software. Fuzz testing is a well-known technique for uncovering programming errors in software. Many of these detectable errors, like buffer overflow, can have serious security implications. Google has found thousands of security vulnerabilities and stability bugs by deploying guided in-process fuzzing of Chrome components, and we now want to share that service with the open source community.
This project aims at hosting tutorials, examples, discussions, research proposals, and other resources related to fuzzing.
Fuzz testing is a well-known technique for uncovering programming errors in software. Many of these detectable errors, like buffer overflow, can have serious security implications. Google has found thousands of security vulnerabilities and stability bugs by deploying guided in-process fuzzing of Chrome components, and we now want to share that service with the open source community.
OpenVEX is an implementation of the Vulnerability Exploitability Exchange (VEX for short) that is designed to be minimal, compliant, interoperable, and embeddable. The specification is available in the OPENVEX-SPEC.md file of this repository.
This project is aimed at providing technical guides on various hacking tools. Keep in mind that these guides are maintained by non-omniscient security enthusiasts in their spare time. You will probably find things missing or mistakes.
This project is aimed at providing technical guides on various hacking topics.
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics. These cheat sheets were created by various application security professionals who have expertise in specific topics.