Tools Catch all
| URL | Last Commit | Comments |
|---|---|---|
| TerraformGoat |  |
TerraformGoat is HXSecurity research lab's "Vulnerable by Design" multi cloud deployment tool. |
| TerraGoat - Vulnerable Terraform Infrastructure |  |
TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. |
| Kubernetes Goat |  |
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground. |
| Kube-goat |  |
A deliberately vulnerable Kubernetes cluster. |
| URL | Last Commit | Comments |
|---|---|---|
| OSINT Framework |  |
OSINT framework focused on gathering information from free tools or resources. |
| Blackbird |  |
An OSINT tool to search for accounts by username in social networks. |
| ASTERISKS & OBELIX |  |
Identify the emails hidden behind asterisks. |
| Terra |  |
OSINT Tool on Twitter and Instagram. |
| Profil3r |  |
OSINT tool that allows you to find a person's accounts and emails + breached emails. |
| Postal - Email OSINT |  |
Poastal - the Email OSINT tool |
| TLDHunt |  |
Domain Availability Checker. |
| KnockKnock |  |
Enumerate valid users within Microsoft Teams and OneDrive with clean output. |
| Sirius Scan |  |
The first truly open-source general purpose vulnerability scanner. |
| Spoofy |  |
Checks if a list of domains can be spoofed based on SPF and DMARC records. |
| EmploLeaks |  |
An OSINT tool that helps detect members of a company with leaked credentials |
| web-check |  |
All-in-one OSINT tool for analysing any website Tool Demo |
| CloakQuest3r |  |
Uncover the true IP address of websites safeguarded by Cloudflare & Others |
| WAF Bypass Tool |  |
Check your WAF before an attacker does |
| PIP-INTEL |  |
PIP-INTEL is an OSINT (Open Source Intelligence) tool designed using various open-source tools and pip packages. |
| URL | Last Commit | Comments |
|---|---|---|
| 365 Inspect |  |
A PowerShell script that automates the security assessment of Microsoft Office 365 environments. |
| ScubaGear |  |
Automation to assess the state of your M365 tenant against CISA's baselines. (untested) |
| URL | Last Commit | Comments |
|---|---|---|
| ADRecon |  |
Gathers information about the Active Directory. |
| ADAudit |  |
Active Directory Audit Tools for IT Audits. |
| ADxRay |  |
Health Check script that generates a full HTML report of the environment's health, security and status based on Microsoft's Best Practices. |
| Domain Audit |  |
Automates a lot of checks from a pentester perspective. |
| Testimo |  |
PowerShell module for running health checks for Active Directory against a bunch of different tests. |
| adaudit |  |
Powershell script to do domain auditing automation. |
| PingCastle |  |
PingCastle - Get Active Directory Security at 80% in 20% of the time - Free for own business us. |
| msLDAPDump |  |
LDAP enumeration tool implemented in Python3. |
| URL | Last Commit | Comments |
|---|---|---|
| KnowsMore |  |
Swiss Army tool for AD |
| URL | Last Commit | Comments |
|---|---|---|
| MS ICSpector |  |
Microsoft ICSpector (ICS Forensics Tools framework) is an open-source forensics framework that enables the analysis of Industrial PLC metadata and project files. |
| URL | Last Commit | Comments |
|---|---|---|
| Github Sheilds |  |
Concise, consistent, and legible badges in SVG and raster format. |
| Kali Packerage Manager |  |
Tool to help manage and upgrade Kali packages and configuration |
| SecuSphere |  |
Efficient DevSecOps PLatform. |
| PatchaPalooza |  |
Insightful analysis of Microsoft's monthly security updates. |
| s3enum |  |
Fast and stealthy Amazon S3 bucket enumeration tool for pentesters. |
| Goblob |  |
fast enumeration tool for publicly exposed Azure Storage blobs. |
| PassBreaker |  |
A command-line password cracking tool. |
| Ethical Insight |  |
Centralized Active Directory Auditing Tool. |
| cheat.sh |  |
Unified access to the best community driven cheat sheets repositories of the world. |
| HardeningKitty |  |
Checks and hardens your Windows configuration. |
| BucketLoot |  |
BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text. |
| CloudSploit |  |
Cloud Security Posture Management (CSPM) |
| Galah |  |
Galah: An LLM-powered web honeypot. Wasting attackers' time with faker-than-ever HTTP responses! |
| C2 Tracker |  |
Live Feed of C2 servers, tools, and botnets |
| T-Pot |  |
🍯 T-Pot - The All In One Multi Honeypot Platform 🐝 |
| URL | Last Commit | Comments |
|---|---|---|
| Nuclei + Paramspider = NucleiFuzzer |  |
Tool for detecting XSS, SQLi, SSRF, Open-Redirect, etc.. Vulnerabilities in Web Apps |
| Unprotect Project | Evasion Technique Search Engine. | |
| PS Script Analyzer |  |
z9 PowerShell Log Analyzer. |
| Active Directory Exploitation Cheat Sheet |  |
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory. |
| Smartbrute |  |
Password spraying and bruteforcing tool for Active Directory Domain Services. |
| BlueHound |  |
BlueHound - pinpoint the security issues that actually matter. |
| CLZero |  |
A project for fuzzing HTTP/1.1 CL.0 Request Smuggling Attack Vectors |
| cve-maker |  |
Tool to find CVEs and Exploits. |