jose nazario

an awesome list of honeypot resources

A curated list of honeypot tools, decoy systems that attract and log attackers, organized by the type of service they fake, including databases, web apps, SSH, FTP, and industrial control systems.

a list of cybersecurity internships

small set of PHP scripts to practice exploiting LFI, RFI and CMD injection vulns

A curated list of awesome Internet port and host scanners, plus related components and much more, with a focus on free and open source projects.

Awesome Penetration Testing A collection of awesome penetration testing resources

small set of scripts to practice exploit XSS and CSRF vulnerabilities

Nmap and NSE command line wrapper in the style of Metasploit

Honeypot log processor to create OTX Pulse entries

personal fork of OSINT tool recon-ng

processes Bibtex files, produces Word Source.xml output

a few of my cybersecurity MCP tools

reddit daily_programmer challenge ideas

Additional modules for recon-ng

wordpress honeypot

yara rules

Collection of Cyber Threat Intelligence sources from the deep and dark web

codename/mascot generator, also good for band names

functional encryption library. Automatically exported from code.google.com/p/libfenc

network traffic dump in the style of the Matrix movies

Penetration Testing notes, resources and scripts

A public compilation of Webflow's documentation that outlines how we practice servant leadership and the management strategies that follow.

Stealth post-exploitation framework

Vulnerable Banking Application for Android

simple server-side connection logger, useful as a simple honeypot

Windows Hardening settings and configurations

Cloud security configuration checks

Configuration Hardening Assessment PowerShell Script (CHAPS)

Automated pentest framework for offensive security experts

Lateral Movement graph for Azure Active Directory

ParadoxiaRat : Native Windows Remote access Tool.

Agentic coded experiment on building a web app for using DNS in CTI

Some of my public exploits

Collection of the cheat sheets useful for pentesting

:gem: A curated list of awesome Competitive Programming, Algorithm and Data Structure resources

A compact MUD framework written in Python and YAML

:no_entry: offsec batteries included

Advance Update in a Elasticsearch plugin that provides you control over the document update functionality of elasticsearch.

Python bindings for FastBit

Red Team PowerShell Script

Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale

VirusTotal Full api

Identify privilege escalation paths within and across different clouds

Cloud Exploit Framework

A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.

A curated list of awesome malware analysis tools and resources

Blockchain-powered password manager

Find exploits in local and online databases instantly

Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.

A collection of awesome penetration testing resources, tools and other shiny things

OASIS TC Open Repository: TAXII 2 Server Library Written in Python

📊 A custom react-scripts for building highly-customizable dashboards using former-kit components

"Opening Pandora's Box through ATFuzzer: Dynamic Analysis of AT Interface for Android Smartphones" ACSAC 2019

Drone pentesting framework console

bingip2hosts is a Bing.com web scraper that discovers websites by IP address

Red Team's SIEM - easy deployable tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.

DNS Recon | Brute Forcer | DNS Zone Transfer | DNS Wild Card Checks | DNS Wild Card Brute Forcer | Email Enumeration | Staff Enumeration | Compromised Account Checking

Open Source Threat Intelligence Chat Bot

:mailbox: The Phishing Intelligence Engine - An Active Defense PowerShell Framework for Phishing Defense with Office 365

:mag_right: ScanCode scans code and detects licenses, copyrights, package manifests & dependencies and more ... to discover and inventory open source and third-party packages used in your code.

Tabler - Free HTML Dashboard Theme Built On Bootstrap 4

A Python Tool For google Hacking

CloudMapper creates network diagrams of AWS environments

A tool to perform Kerberos pre-auth bruteforcing

A curated list of awesome test automation frameworks, tools, libraries, and software for different programming languages

Loki - Simple IOC and Incident Response Scanner

The cheat sheet about Java Deserialization vulnerabilities

Recog-Go: Pattern Recognition using Rapid7 Recog

Exploitation Framework for Embedded Devices

A collection of AWS penetration testing junk

Next generation web scanner

The SOC Analysts all-in-one CLI tool to automate and speed up workflow.

Detect and log CVE-2019-19781 scan and exploitation attempts.

python bindings for kornblum's ssdeep fuzzy hasher

SQLI labs to test error based, Blind boolean based, Time based.

A curated list of resources for blockchain engineers

A list of back-end related questions you can be inspired from to interview potential candidates, test yourself or completely ignore

A Kubernetes controller and tool for one-way encrypted Secrets

Agentic coded experiment for developing CTI from a web page

Streaming pivot visualization via WebAssembly

Fast key-value DB in Go.

Phishing catcher using Certstream

An in-memory incremental Datalog engine based on Differential Dataflow

HTTP security headers for Phoenix/Plug

A blind mode exploit framework (a dns server and a web app) that like wvs's AcuMonitor Service or burpsuite's collabrator or cloudeye

node/websocket powered oscilloscope

command-line grammar checker

Fast and stealthy Amazon S3 bucket enumeration tool for pentesters.

LinkedIn reconnaissance tool

Searches through git repositories for high entropy strings and secrets, digging deep into commit history

A simple auditing utility for macOS

LZR quickly detects and fingerprints unexpected services running on unexpected ports.

A book covering the fundamentals of data visualization.

BadUSB in Routers

Open-source web app. Built with React, Material-UI, Next, Express, Mongoose, MongoDB.

A fullstack but simple mailserver (smtp, imap, antispam, antivirus, ssl...) using Docker.

Apollo - The logz.io continuous deployment solution over kubernetes

RF transmitter for Raspberry Pi

SDK-SMS-Stack

No description.

profile

No description.

A post exploitation framework designed to operate covertly on heavily monitored enviroments

A dynamic infrastructure toolkit for red teamers and bug bounty hunters!

Machine-learn password mangling rules

Injects code into ELF executables post-build

Hypercore is a secure, distributed append-only log.

Threat Report ATT&CK™ Mapping (TRAM) is a tool to aid analyst in mapping finished reports to ATT&CK.

No description.

A curated list of static analysis tools, linters and code quality checkers for various programming languages

This repo gives an overview of some GCP metadata API attack and defend patterns

Smart ssrf scanner using different methods like parameter brute forcing in post and get...

A set of tools to work with the feeds (vulnerabilities, CPE dictionary etc.) distributed by National Vulnerability Database (NVD)

Clone network interface from one host as a tap interface on another host

PowerShell script to interact with Azure

No description.

No description.

Type-safe GraphQL Server without the hassle

LKRG bypass methods

:city_sunrise: A collection of links for free stock photography, video and Illustration websites

Keyfinder🔑 is a tool that let you find keys while surfing the web!

thethe

CORS Misconfiguration Scanner

Python dependency management and packaging made easy.

Python automation of Docker.sock abuse

Sandboxing File System

Blind SQL Injection Tool with Golang

The uncompromising Python code formatter

Grep rough audit - source code auditing tool

A curated list of useful Elm tutorials, libraries and software. Inspired by awesome list. Feel free to contribute. :rocket:

A collective list of public JSON APIs for use in web development.

Golang event sourcing made easy

Manufacturer Usage Description (MUD) is a technique whereby constrained end devices (e.g., IoT devices) can signal to the network what sort of access and network functionality they require to properly function

Simple bookmark manager built with Go

A medium interaction printer honeypot 🍯

Python script to parse txt files containing Mimikatz output

A Java tool for generating json strings

A collection of safe data types that are compatible with, and can substitute for, common unsafe native c++ types. http://duneroadrunner.github.io/SaferCPlusPlus/

Build and run tiny vms from Dockerfiles. Small and sleek.

A universal memory dumper using Frida for Python 3

Python library for building highly effective data science workflows

Telnet Honeypot

Perform Static and dynamic analysis on 32 bit ELF binary, and automate the process of stack based overflow exploitation.

A JavaScript library for generating random user agents with data that's updated daily.

a Damn Vulnerable Serverless Application

🛡️ An online certificate authority and related tools for secure automated certificate management, so you can use TLS everywhere.

Vagrant setup for a VM for Elixir development

library is used to compare pieces of data for similarity

OCaml bindings for TensorFlow

A post-exploitation powershell tool for extracting juicy info from memory.

Fast, pipelined, resilient Redis driver for Elixir

Empire is a PowerShell and Python post-exploitation agent.

Loader, dropper generator with multiple features for bypassing client-side and network-side countermeasures.

Python api for usage with cobalt strike's External C2 specification

Implementation of the Google Assistant SDK as an Alexa skill

Tool designed to study the answers of your DNS resolver and make easier the identification of techniques such as DNS Hijacking/Poisoning

Chiron - An IPv6 Security Assessment framework with advanced IPv6 Extension Headers manipulation capabilities.

public list of suspect domains for ML training

Low-interaction Postgres Honeypot

SSR for React that's invisible (zero config! - only needs an App.js) and quick (no Webpack! - Parcel <3)

No description.

UNIX's missing `loop` command

SHELLING - a comprehensive OS command injection payload generator

C4.5 Decision Tree python implementation with validation, pruning, and attribute multi-splitting

An Interpreter In Go

Nzyme collects 802.11 management frames directly from the air and sends them to a Graylog (Open Source log management) setup for WiFi IDS, monitoring, and incident response. It only needs a JVM and a WiFi adapter that supports monitor mode.

The open telemetry framework

Scalable PostgreSQL connection pooler

TopN is an open source PostgreSQL extension that returns the top values in a database according to some criteria

Stop searching for sample hashes on 10 different sites.

A simple JS library that mimics some of the C# LINQ Extension.

Highly configurable command line typing tutor designed for linux distros written in C. It is fast and efficient and with a good progress report display. Become a pro in typing with the DVORAK and QWERTY keyboards.

Pion TURN server, a simple extendable Golang TURN server

A High Performance HTTP Server for Ruby

No description.

CadQuery-- a parametric cad script framework

A Python library for prototyping MapReduce jobs

🏡 Open-source home automation / smarthome platform running on PHP (Laravel).

A framework for writing declarative, curl based tests for your APIs

Here you can get all the Quantum Machine learning Basics, Algorithms ,Study Materials ,Projects and the descriptions of the projects around the web

Primary Repo for Open Source Project

Chrome extension to bypass Wall Street Journal, New York Times, FT.com, Bloomberg paywalls. Support Firefox and Edge

No description.

XSS in pastebin.com via unsanitized markdown output

Real-time continious testing tool for your docker builds helping you containerize with confidence!

Diamond is a powerful MVC / Template Framework written in the D Programming Language, inspired by ASP.NET using vibe.d as backend.

Learn Go with test-driven development

Hello and welcome to DNS!

Axibase Time Series Database: Usage Examples and Research Articles

Transfer files over wifi from your computer to your mobile device by scanning a QR code without leaving the terminal.

"Evolving AppCompat/AmCache data analysis beyond grep"

Slice and dice log files on the command line

Create React + Redux app structure with build configurations ✨

📝Next generation markdown editor, running on platforms of MacOS Windows and Linux.

Google Datastore cache layer for the Node.js API

Simplest JavaScript form validation

High performance, distributed and low latency publish-subscribe platform.

:robot: A scalable multi-function group robot for QQ and Discord. 多功能、可扩展的群机器人，支持QQ和Discord。

Anything on Any Linux (sm)

No description.

midas is a data enrichment platform that takes away the pain from enriching CSV, JSON and Excel files.