Run macOS VM in a Docker! Run near native OSX-KVM in Docker! X11 Forwarding! CI/CD for OS X Security Research! Docker mac Containers.

This repository started out as a learning in public project for myself and has now become a structured learning map for many in the community. We have 3 years under our belt covering all things Dev…

Scripts to build your own IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2

The Elastic stack (ELK) powered by Docker and Compose.

Set up your own OpenVPN server on Debian, Ubuntu, Fedora, CentOS or Arch Linux.

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

WireGuard VPN installer for Linux servers

Attack Surface Management Platform

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!

Rockyou for web fuzzing

Find exploits in local and online databases instantly

A curated list of the most common and most interesting robots.txt disallowed directories.

A script to set up a quick Ubuntu 17.10 x64 box with tools I use.

An automated SSRF finder. Just give the domain name and your server and chill! ;) Also has options to find XSS and open redirects

Automation for javascript recon in bug bounty.

slacktee is a bash script that works like tee command. Instead of writing the standard input to files, slacktee posts it to Slack.

⡷⠂𝚔𝚊𝚛𝚖𝚊 𝚟𝟸⠐⢾ is a Passive Open Source Intelligence (OSINT) Automated Reconnaissance (framework)

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

Content discovery wordlists generated using BigQuery

Automated security reporting from markdown templates (HackerOne and Bugcrowd are currently the platforms supported)

Web recon script. No need to fear, sumrecon is here!

Automating XSS using Bash

Master script for web reconnaissance

You can read the writeup on this script here

Arsenal is a Simple shell script (Bash) used to install tools and requirements for Bug Bounty

Secret and/or credential patterns used for gf.