Skip to content

Instantly share code, notes, and snippets.

@njmulsqb
Last active October 14, 2024 21:21
Show Gist options
  • Save njmulsqb/6d47daedd15c779891fefd9db347d87b to your computer and use it in GitHub Desktop.
Save njmulsqb/6d47daedd15c779891fefd9db347d87b to your computer and use it in GitHub Desktop.
Awesome Security Projects

Awesome-Security-Repos

Here's a list of github repos and tools that I believe are awesome and should be promoted and used.

Source Code Analysis

  1. Semgrep - Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
  2. RegexPassive - Collection of regexp pattern for security passive scanning
  3. Secure Codebox - secureCodeBox (SCB) - continuous secure delivery out of the box

Wordlist and Payloads

  1. PayloadAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
  2. OneListForAll - Rockyou for web fuzzing by six2dez

Cloud Security

  1. Prowler - Prowler is an Open Source security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 240 controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.
  2. PurplePanda - Identify privilege escalation paths within and across different clouds

Hacking Tools

  1. Tornado - Anonymously Reverse Shell over Tor Network using Hidden services without Portforwarding.
  2. Hakoriginfinder - Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!
  3. Nemesis - URL scanner for recon, vulnerabilities, secrets and more!
  4. sshuttle - Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.

Recon Frameworks

  1. reconFTW - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
  2. rengine - reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface.

Misc - Bug Bounty Hunting | Penetration Testing

  1. Inventory - Asset inventory on public bug bounty programs.
  2. HowToHunt - Tutorials and Things to Do while Hunting Vulnerability.
  3. Keyhacks - Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
  4. TruffleHog - Find credentials all over the place on Github Repos

Checklists and Cheatsheets

  1. Web Application Pentest Checklist
  2. OWASP/ASVS - Application Security Verification Standard
  3. Cheatsheets - Community Sourced Linux Cheatsheet

Vulnerable Labs

  1. Buggyapp - Android - Buggyapp is an vulnerable android application. This app can be used by pentesters, security researchers to practice Android application pentesting. This is build for beginners to learn basics about Android application pentesting

Similar Projects

  1. Awesome Pentest - A collection of awesome penetration testing resources, tools and other shiny things
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment