Members
-
social-analyzer ★ PINNED
API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites
JavaScript ★ 23k 5mo agoExplain → -
analyzer ★ PINNED
Analyze, extract and visualize features, artifacts and IoCs of files and memory dumps (Windows, Linux, Android, iPhone, Blackberry, macOS binaries, emails and more)
Python ★ 319 2y agoExplain → -
chameleon ★ PINNED
19 Customizable honeypots for monitoring network traffic, bots activities and username\password credentials (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, RDP, VNC, SMB, SOCKS5, Redis, TELNET, Postgres, MySQL, MSSQL, Elastic and ldap)
Dockerfile ★ 836 2y agoExplain → -
url-sandbox ★ PINNED
Scalable URL Sandbox for analyzing URLs and Domains from phishing attacks
Python ★ 199 3y agoExplain → -
raven ★ PINNED
Advanced Cyber Threat Map (Simplified, customizable, responsive and optimized)
JavaScript ★ 232 2y agoExplain → -
honeypots ★ PINNED
30 different honeypots in one package! (dhcp, dns, elastic, ftp, http proxy, https proxy, http, https, imap, ipp, irc, ldap, memcache, mssql, mysql, ntp, oracle, pjl, pop3, postgres, rdp, redis, sip, smb, smtp, snmp, socks5, ssh, telnet, vnc)
Python ★ 974 7mo agoExplain → -
docker-images
Kali and Parrot OS docker images accessible via VNC, RDP and Web
Dockerfile ★ 130 4y agoExplain → -
osint
Build custom OSINT tools and APIs (Ping, Traceroute, Scans, Archives, DNS, Scrape, Whois, Metadata & built-in database for more info) with this python package
Python ★ 110 5y agoExplain → -
mitre-visualizer
🧬 Mitre Interactive Network Graph (APTs, Malware, Tools, Techniques & Tactics)
Python ★ 106 4y agoExplain → -
rhino
Agile Sandbox for analyzing Windows, Linux and macOS malware and execution behaviors
JavaScript ★ 75 2y agoExplain → -
woodpecker
Custom security distro for remote penetration testing
★ 58 5y agoExplain → -
seahorse
ELKFH - Elastic, Logstash, Kibana, Filebeat and Honeypot (HTTP, HTTPS, SSH, RDP, VNC, Redis, MySQL, MONGO, SMB, LDAP)
Python ★ 49 5y agoExplain → -
image-analyzer
Interface for Image-Related Deep Learning Models (E.g. NSFW, MAYBE and SFW)
HTML ★ 37 4y agoExplain → -
two-factor-authentication-sim-swapping
An adversary may utilize a sim swapping attack for defeating 2fa authentication
★ 26 2y agoExplain → -
two-factor-authentication-sim-cloning
An adversary may utilize a sim swapping attack for defeating 2fa authentication
★ 26 2y agoExplain → -
octopus
Pure Honeypots with an automated bash script
Shell ★ 21 4y agoExplain → -
cyber-attacks
A collection of attacks metadata that were used in my previous pen-test tools
★ 17 3y agoExplain → -
reports
Recent cyber attacks reports & interesting analysis files
★ 15 4y agoExplain → -
APT-Malware-Reports-Set-1
Some extracted Features\IoCs\Artifacts\Patterns from APT Malware
HTML ★ 14 6y agoExplain → -
pentest-labs
No description.
HTML ★ 13 5y agoExplain → -
worldmap
An interactive world-map that has been used in live Cyber Threat interfaces
JavaScript ★ 13 4y agoExplain → -
threat-intelligence
Threat intelligence or Cyber Threat Intelligence is the process of identifying and analyzing gathered information about past, current, and future cyber threats (Collecting information about a potential threat, then analyzing that information to learn more about the negative events)
★ 13 2y agoExplain → -
falcon
Collection of exploits that were verified by an automated system
★ 12 5y agoExplain → -
cyber-kill-chain
Cyber Kill Chain is a model that Lockheed Martin created for understanding (Describe the sequence of events) and stopping cyberattacks
★ 10 2y agoExplain → -
authentication-bypass
A threat actor may gain access to data and functionalities by bypassing the target authentication mechanism
★ 8 15d agoExplain → -
world-json
Multiple JSON files contain world cities with names, longitude & latitude, country, and timezone
★ 7 4y agoExplain → -
ixora
Internal package for visualization
HTML ★ 7 3mo agoExplain → -
cybersecurity
Cybersecurity is the measures taken to protect networks, devices, and data against cyberattacks
★ 6 2y agoExplain → -
digital-forensics
Digital Forensics is the process of finding and analyzing electronic data
★ 6 2y agoExplain → -
automation-protocols-metadata
JSON file that contains an update metadata of Automation Protocols (Industrial control system, process automation, building automation, automatic meter reading, and automobile)
★ 6 4y agoExplain → -
mobile-numbers-metadata
JSON file contains all mobile number metadata (Country, prefix, and carrier)
★ 5 4y agoExplain → -
stored-cross-site-scripting
A threat actor may inject malicious content into a vulnerable target
★ 5 15d agoExplain → -
reflected-cross-site-scripting
A threat actor may inject malicious content into webapp. The payload is reflected in the HTTP request and response, then executed in the victim's browser
★ 5 11mo agoExplain → -
two-factor-authentication-brute-force
A threat actor may lunch brute force to the two-factor authentication (2FA) logic causing unauthorized access to the target
★ 5 2y agoExplain → -
incident-response
Incident response is a set of steps that are used to handle the aftermath of a data breach or cyberattack
★ 5 2y agoExplain → -
ics-visualizer
ICS-Visualizer is an interactive Industrial Control Systems (ICS) network graph that contains up-to-date related automation protocols metadata (Name, company, port, user manuals, external links, and mapped wireshark\namp modules and scripts).
Python ★ 5 4y agoExplain → -
blind-sql-injection
blind-sql-injection
★ 4 11mo agoExplain → -
dom-based-cross-site-scripting
A threat actor may inject malicious content into webapp. The payload is not reflected in the HTTP request and response, then executed in the victim's browser
★ 4 11mo agoExplain → -
countries-metadata
JSON file contains all countries metadata (Country name, cc, a3, and flag)
★ 4 4y agoExplain → -
vulnerable-web-app
vulnerable-web-app
HTML ★ 3 15d agoExplain → -
default-credential
A threat actor may gain unauthorized access using the default username and password
★ 3 11mo agoExplain → -
credential-stuffing
A threat actor may guess the target credentials using a known username and password pairs gathered from previous brute-force attacks
★ 3 2y agoExplain → -
proxy-firewall
HTTPS Proxy Firewall for testing
Python ★ 3 3y agoExplain → -
captcha-bypass
A threat actor may bypass the Completely Automated Public Turing test to tell Computers and Humans Apart (captcha) by breaking the solving logic, human-assisted solving services, or utilizing automated technology
★ 3 2y agoExplain → -
session-hijacking
A threat actor may access the user's account using a stolen or leaked valid (existing) session identifier
★ 3 2y agoExplain → -
vertical-privilege-escalation
A threat actor may perform unauthorized functions belonging to another user with a higher privileges level
★ 3 11mo agoExplain → -
data-compliance
Data compliance is the process of following various regulations and standards to ensure that sensitive digital assets (data) are guarded against loss, theft, and misuse
★ 3 2y agoExplain → -
ports-metadata
JSON file contains all ports metadata
★ 3 4y agoExplain → -
client-side-template-injection
A threat actor may trick a victim into executing native template syntax on a vulnerable target
★ 3 2y agoExplain → -
directory-listing
A threat actor may list files on a misconfigured server
★ 3 2y agoExplain → -
risk-management
Risk management is the process of identifying, assessing, treating, and monitoring any negative events that affect a company's ability to operate (Preventing them or minimizing their harmful impact)
★ 3 2y agoExplain → -
network-security-for-qeeqs
qeeqbox.github.io/network-security-for-qeeqs
HTML ★ 2 1y agoExplain → -
session-replay
A threat actor may re-use a stolen or leaked session identifier to access the user's account
★ 2 2y agoExplain → -
social-engineering-methods
No description.
★ 2 2y agoExplain → -
sql-injection
A threat actor may alter structured query language (SQL) query to read, modify and write to the database or execute administrative commands for further chained attacks
★ 2 11mo agoExplain → -
open-redirect
A threat actor may send a malicious redirect request for a vulnerable target to a victim; the victim gets redirected to a malicious website that threat actor controls
★ 2 11mo agoExplain → -
malware-and-indicators-of-compromise
No description.
★ 2 2y agoExplain → -
security-tools-and-technologies
No description.
★ 2 2y agoExplain → -
horizontal-privilege-escalation
A threat actor may perform unauthorized functions belonging to another user with a similar privileges level
★ 2 11mo agoExplain → -
xxe-injection
A threat actor may interfere with an application's processing of extensible markup language (XML) data to view the content of a target's files
★ 2 2y agoExplain → -
threat-actors
A threat actor is any person, group, or entity that could harm to the cyber realm
★ 2 2y agoExplain → -
session-fixation
A threat actor may trick a user into using a known session identifier to log in. after logging in, the session identifier is used to gain access to the user's account
★ 2 2y agoExplain → -
xslt-injection
A threat actor may interfere with an application's processing of extensible stylesheet language transformations (XSLT) for extensible markup language (XML) to read or modify data on the target
★ 2 2y agoExplain → -
authorization-bypass
A threat actor may access the user's account using a stolen or leaked valid (existing) session identifier
★ 2 2y agoExplain → -
icterid-template
Icterid Webapp Template
HTML ★ 2 4y agoExplain → -
minimal-server
Asyncio websocket http server [Needed for internal testing]
Python ★ 2 4y agoExplain → -
private-ip-metadata
JSON file contains all private ip ranges with description
★ 1 4y agoExplain → -
public-ip-metadata
JSON file contains all public ip ranges with description
★ 1 4y agoExplain → -
.github
Github Settings
★ 1 4y agoExplain → -
os-command-injection
A threat actor may inject arbitrary operating system (OS) commands on target
★ 1 11mo agoExplain → -
insecure-deserialization
A threat actor may tamper with a stream that gets deserialized on the target, causing the target to access data or perform non-intended actions
★ 1 2y agoExplain → -
remote-file-inclusion
A threat actor may cause a vulnerable target to include/retrieve remote file
★ 1 2y agoExplain → -
local-file-inclusion
A threat actor may cause a vulnerable target to include/retrieve local file
★ 1 2y agoExplain → -
cross-site-request-forgery
A threat actor may trick an authenticated or trusted victim into executing unauthorized actions on their behalf
★ 1 2y agoExplain → -
cryptography
No description.
★ 1 2y agoExplain → -
identity-and-access-management
The practice of ensuring that people or objects have the right level of access to assets
★ 1 2y agoExplain → -
data-privacy-and-security
No description.
★ 1 2y agoExplain → -
application-service-attacks
No description.
★ 1 2y agoExplain → -
password-spraying
A threat actor may guess the target credentials using a single password with a large set of usernames against the target
★ 1 2y agoExplain → -
xpath-injection
A threat actor may alter the XML path language (XPath) query to read data on the target
★ 1 2y agoExplain → -
access-control
Access Control is using security techniques to protect a system against unauthorized access
★ 1 2y agoExplain → -
data-security
Safeguarding your personal information (How your info is protected)
★ 1 2y agoExplain → -
security-controls
Countermeasures or safeguards for detecting, preventing, and mitigating cyber threats and attacks (Protect assets)
★ 1 2y agoExplain → -
data-classification
Data classification defines and categorizes data according to its type, sensitivity, and value
★ 1 2y agoExplain → -
server-side-template-injection
A threat actor may alter the template syntax on the vulnerable target to execute commands
★ 1 2y agoExplain → -
data-states
Data states refer to structured and unstructured data divided into three categories (At Rest, In Use, and In Transit)
★ 1 3y agoExplain → -
data-lifecycle-management
Data Lifecycle Management (DLM) is a policy-based model for managing data in an organization
★ 1 2y agoExplain → -
asynico-websockets-redis-server
asynico websockets redis server (Needed for internal testing)
Python ★ 1 4y agoExplain → -
tornado-websockets-redis-server
tornado websockets redis server (Needed for internal testing)
Python ★ 1 4y agoExplain → -
global-scripts
Some scripts for workflows (Moved from Macaw)
Shell ★ 1 5y agoExplain → -
galeodes
No description.
Python ★ 0 4y agoExplain → -
nginx-reverse-proxy
Nginx reverse proxy for testing
Dockerfile ★ 0 4y agoExplain → -
oxen-template
Tasker for internal projects
Python ★ 0 4y agoExplain →
No repos match these filters.
More creators on gitmyhub
paulirish iam-veeramalla tiangolo kennethreitz StephenGrider