#Information-security
Showing 60 of 108 repositories tagged #information-security, ranked by stars
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑
MISP (core software) - Open Source Threat Intelligence and Sharing Platform
An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
Automate the creation of a lab environment complete with security tooling and logging best practices
Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, and case management. It also includes other tools such as osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.
Security automation content in SCAP, Bash, Ansible, and other formats
OSINT cheat sheet, list OSINT tools, wiki, dataset, article, book , red team OSINT for hackers and OSINT tips and OSINT branch. This repository will grow every time will research, there is a research, science and technology, tutorial. Please use it wisely.
iOS/macOS/Linux Remote Administration Tool
Macro-header for compile-time C obfuscation (tcc, win x86/x64)
Hardening Ubuntu. Systemd edition.
Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.
Automatic SSTI detection tool with interactive interface
API Security Project aims to present unique attack & defense methods in API Security field
AIL framework - Analysis Information Leak framework. Project moved to https://github.com/ail-project
Most usable tools for iOS penetration testing
AIL framework - Analysis Information Leak framework
Official DedSec Project GitHub Repository
APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers, it can be used by anyone to identify and address potential security vulnerabilities in their code.
A concise, directive, specific, flexible, and free incident response plan template
BlueToolkit is an extensible Bluetooth Classic vulnerability testing framework that helps uncover new and old vulnerabilities in Bluetooth-enabled devices. Could be used in the vulnerability research, penetration testing and bluetooth hacking. We also collected and classified Bluetooth vulnerabilities in an "Awesome Bluetooth Security" way
A curated list of awesome cloud security blogs, podcasts, standards, projects, and examples.
Checklist of the most important security countermeasures when designing, creating, testing your web/mobile application
Ansible role to apply a security baseline. Systemd edition.
OPCDE Cybersecurity Conference Materials
[PH0MBER]: An open source infomation grathering & reconnaissance framework!
ICP备案查询,可查询企业或域名的ICP备案信息,自动完成滑动验证,保存结果到Excel表格,适用于新版的工信部备案管理系统网站,告别频繁拖动验证,以及某站*工具要开通VIP才可查看备案信息的坑
A robust, and flexible open source User & Entity Behavior Analytics (UEBA) framework used for Security Analytics. Developed with luv by Data Scientists & Security Analysts from the Cyber Security Industry. [BETA]
Don't let buffer overflows overflow your mind
Учебное пособие по защите информации кафедры радиотехники и систем управления МФТИ
Roadmap for Web Application Penetration Testing | FREE Resources (Not Pirated)
A checklist of important security issues you should consider when creating a web application.
:keyboard: Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases
A webshell framework for penetration testers.
CredPhish is a PowerShell script designed to invoke legitimate credential prompts and exfiltrate passwords over DNS.
Armor is a simple Bash script designed to create encrypted macOS payloads capable of evading antivirus scanners.
A (hopefully) actively maintained activity-based-autosorted list of InfoSec Streamers
输入一个域名,输出ICP备案所有关联域名
My useful files for penetration tests, security assessments, bug bounty and other security related stuff
Opensource assets and vulnerability scanning tool
one-stop resource for all things offensive security.
This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions
Automated Docker MISP container - Malware Information Sharing Platform and Threat Sharing
A reconnaissance tool for capturing and displaying SSIDs from device's Preferred Network List.
Open Source Platform for storing, organizing, and searching documents related to cyber threats
DPULSE - Tool for complex approach to domain OSINT
初学者怎样学习密码学Cryptography
Arcane is a simple script designed to backdoor iOS packages (iphone-arm) and create the necessary resources for APT repositories.
Pointing cybersecurity teams to thousands of detection rules and offensive security tests aligned with common attacker techniques
Structured Certified Ethical Hacker (CEH v12) study notes — 20 modules from footprinting and scanning to web, wireless, cloud & cryptography, each with tools, commands, and hands-on labs.
A wordlist generator tool, that allows you to supply a set of words, giving you the possibility to craft multiple variations from the given words, creating a unique and ideal wordlist to use regarding a specific target.
Asynchronous Python implementation of SlowLoris DoS attack
Automated Docker MISP container - Malware Information Sharing Platform and Threat Sharing
A fast, lightweight, and full duplex secure end-to-end encryption protocol based on ECDHE
A honeypot proxy for mongodb. When run, this will proxy and log all traffic to a dummy mongodb server.
Information Gathering Simplified.
mapAccountHijack is a tool designed to carry out a MAP Account hijack attack, which exploits the Message Access Profile (MAP) in Bluetooth Classic, enables the theft of MFA and OTPs leading to the successful hijacking of accounts on services that rely on SMS OTPs during login or recovery. Tool leaks phone numbers, emails, can send and retrieve SMS
This application was created as a POC for how to scan your local network traffic for HTTP requests and then inject various javascript cryptocurrency miners into the response payloads
A collection of my quick and dirty scripts for vulnerability POC and detections