EMBA - The firmware security analyzer

Automatic Enumeration Tool based in Open Source tools

WADComs is an interactive cheat sheet, containing a curated list of offensive security tools and their respective commands, to be used against Windows/AD environments.

Reconnaissance Swiss Army Knife

A checklist of things to look for when auditing Solidity smart contracts.

Scan for misconfigured S3 buckets across S3-compatible APIs!

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

Brute forcing scripts for bad CTF problems

Deepfakes Software For All

HS4 comes with a free MyQ plugin from HomeSeer, so this HS3 plugin is deprecated.

PowerShell script to quickly find missing software patches for local privilege escalation vulnerabilities.

Parse PowerShell and Security event logs for sensitive information.

Run PowerShell command without invoking powershell.exe

Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

🇫🇷 Oh my tmux! My self-contained, pretty & versatile tmux configuration made with ❤️

Try `telnet macnugget.org`

Tools for handling/displaying GoPro HTTP/UDP stream (Python/Ruby)

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Drive, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files

Static DOM XSS Scanner is a Static Analysis tool written in python that will iterate through all the JavaScript and HTML files under the given directory and will list out all the possible sources a…

Open Source Computer Vision Library

A black hole for Internet advertisements

Welcome to the XSS Challenge Wiki!

🙃 A delightful community-driven (with 2,300+ contributors) framework for managing your zsh configuration. Includes 300+ optional plugins (rails, git, macOS, hub, docker, homebrew, node, php, python…

Simple test for the May 2016 OpenSSL padding oracle (CVE-2016-2107)

freeCodeCamp.org's open-source codebase and curriculum. Learn to code for free.

Transmits AM radio on computers without radio transmitting hardware.

The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.