Chandrapal Badshah

Curated List of MitM frameworks on GitHub

A free open source python program to start WiFi hotspot in Windows without any external software

Serverless function to automate enforcement of Multi-Factor Authentication (MFA) to all AWS IAM users with access to AWS Management Console.

No description.

No description.

The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security development, testing and reverse engineering.

A default credential scanner.

No description.

Open-source AI agents for penetration testing

Analyzes CloudTrail data of a given AWS account and generates a summary of recently active IAM principals, API calls they made, as well as regions, IP addresses and user agents they used.

Full-tunnel WireGuard client for cloud VMs. Routes all traffic through your WireGuard server, survives system updates, keeps SSH working.

Awesome deals on Black Friday: Apps, SaaS, Books, Courses, etc.

List of Awesome Asset Discovery Resources

A vulnerable environment for exploring common GCP misconfigurations and vulnerabilities

Ansible playbook to deploy a static html, php, php+mysql or wordpress website with Let's Encrypt SSL/TLS certificate

Enhanced with logging, OpenAPI 3.0 and Python 3 for security monitoring workshops

A collection of android security related resources

Print out URL schemas from an Android app

Official Black Hat Arsenal Security Tools Repository

Starter Kit for running Headless-Chrome by Puppeteer on AWS Lambda.

Think of Local sheriff as a recon tool in your browser (WebExtension). While you normally browse the internet, Local Sheriff works in the background to empower you in identifying what data points (PII) are being shared / leaked to which all third-parties.

Find GitHub secrets in real time

Python program to check accessible proxy sites

No description.

Agent-less vulnerability scanner for Linux/FreeBSD/WordPress/Programming language libraries/Network devices

Pentester-focused Docker registry tool to enumerate and pull images

Slides from my ShellCon Talk, OSINT for Pen Tests, given 10/19.

🐶 A curated list of Web Security materials and resources.

SpiderFoot, the open source footprinting and intelligence-gathering tool.

Some tools to automate recon - 003random

bXSS is a simple Blind XSS application adapted from https://cure53.de/m

Use SQL to instantly query accounts, zones and more from Cloudflare. Open source CLI. No DB required.

All the deals for InfoSec related software/tools this Black Friday

Prowler is an Open Cloud Security tool for AWS, Azure, GCP and Kubernetes. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more.

No description.

Sample Android apps I made to learn Kotlin

A security monitoring solution for Kubernetes

CVE-2018-13379

No description.

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

A Burp Suite extension for headless, unattended scanning.

A collection of useful Serverless functions I use when pentesting

Random scripts which helped me to improve my programming skills

Automated reconnaissance wrapper — TomNomNom's meg on steroids.

Gorsair hacks its way into remote docker containers that expose their APIs.

A basic Ruby/Rack app for publishing a static HTML/CSS/javascript website on Heroku (for free)

Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

All that is required to run MobSF in the ci

No description.

A simple Google Protobuf Decoder for Burp

A Java implementation of resolving K-Maps

Implements general patterns related to machine learning and information classification.

LinkedInt: A LinkedIn scraper for reconnaissance during adversary simulation

Break Apps with Frida workshop material

The Traditional Swiss Army Knife for OSINT

Collection of the cheat sheets useful for pentesting

A tool to perform various OSINT techniques, aggregate all the raw data, visualise it on a dashboard, and facilitate alerting and monitoring on the data.

A command line tool to download Android applications directly from the Google Play Store

Google Play Downloader via Command line

Some Docker for CTF environments

Collection of useful Vagrantfiles

The Open Source DocuSign Alternative.

Edit your Markdown website, in production.

No description.

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

Open Source Next.js Saas Boilerplate Alternative to ShipFast

No description.

An experimental project exploring the use of Large Language Models (LLMs) to solve HackTheBox machines autonomously.

Vulnerable React/Next application

No description.

CVE-Genie

This repository shows the prompts we used for each agent in CVE-Genie

The Python interface for YARA

No description.

Damn Vulnerable Web Service is a vulnerable web service/API/application that can be used to learn webservices/API vulnerabilities.

Repo to hold all comments made on my website - https://badshah.io

❤️A clean, elegant but advanced blog theme for Hugo 一个简洁、优雅且高效的 Hugo 主题

Swachalit - The null Automation Platform that hosts null.co.in. This repository contains code that is periodically synced from development repository. We plan to eventually move to completely open source development.

Simple python script to extract unsafe functions from php projects

:ramen: Minimalist Jekyll Template

Namecheap API client in Python.

Virtual environment for learning DevSecOps

Pathbrute

Repo for reconvillage.org website.

DEF CON 26 WorkShop - Fuzzing FTW

Automated Security Testing For REST API's

A highly configurable tool to check for whatever you like against any number of hosts.

a Damn Vulnerable Serverless Application

Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources

Cloud Custodian Policies for Automated Amazon Resource Management

A sample of using docker to deploy a Python based app

No description.

Serverless Examples – A collection of boilerplates and examples of serverless architectures built with the Serverless Framework and AWS Lambda

Serverless Framework – Build web, mobile and IoT applications with serverless architectures using AWS Lambda, Azure Functions, Google CloudFunctions & more! –

No description.

Reviews and notes of technical books I read

From IoT Pentesting to IoT Security

IDA, Radare2 and Bninja scripts

template

Runs frida-server on boot as root with magisk.

No description.

TIL for Frida

dns dig for golang

A list of interesting payloads, tips and tricks for bug bounty hunters.

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.

Awesome Frida - A curated list of Frida resources http://www.frida.re/ (https://github.com/frida/frida)

ToolsWatch and Black Hat Arsenal selection of badges

Some kernel fuzzing paper about windows and linux

Vagrant + ansible scripts used to create the AndroidTamer distribution

The most complete open-source tool for Twitter intelligence analysis

Source code for a core component of the iPhone's operating system

collaborative (mitm) cryptocurrency mining pool in wifi networks

List of Awesome Red Teaming Resources

Random College stuff