🔯 Google/Fuzzing-AllTheThings --- OSS-Fuzz ||| honggfuzz

🐝 TheHive-Project |Security Incident Response for the Masses| --- Unveiling Cortex 2

1. TheHive-Docs - Documentation of TheHive
2. Cortex - Powerful Observable Analysis Engine.
3. TheHive - Scalable, Open Source and Free Security Incident Response Platform.

⚠️⚠️ FIRST.org/Common Vulnerability Scoring System Version 3.0 Calculator - Forum of Incident Response and Security Teams

• [global-irt] - Global IRT (Incident Response Team) is a project to describe common IRT and abuse contact information.

🌃 CERT Coordination Center (CERT/CC) - The CERT Coordination Center is part of the CERT Division of the Software Engineering Institute at Carnegie Mellon University.

1. certfuzz - This project contains the source code for the CERT Basic Fuzzing Framework (BFF) and the CERT Failure Observation Engine.
2. Vulnerability Data Archive Tools - attempt at providing a simple means of interacting with the CERT Vulnerability Data Archive.

🛒 Amazon - Amazon Web Services - AWS Labs

1. Amazon Web Services — a practical guide -- The Open Guide to Amazon Web Services.

2. AWS Samples -- Amazon ECS Interstella workshop

3. AWS Security Automation - Collection of scripts and resources for DevSecOps, Security Automation and Automated Incident Response Remediation.

🔗 MitM-proxy

• MitM proxy - An opensource interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

---

❄️ Cilium -| bpf-map

1. Why is the kernel community replacing iptables with BPF?

2. Clilium -- HTTP, gRPC, and Kafka Aware Security and Networking for Containers with BPF and XDP

3. IO Visor Project/ bcc -- Tools for BPF-based Linux IO analysis, networking, monitoring, etc

---

📊 Netperf -|- Netperf 2.7.X manual -|- Netperf online tools

1. Netperf training -- Netperf is a benchmark that can be used to measure the performance of many different types of networking. It provides tests for both unidirectional throughput, and end-to-end latency.
2. Network Test Tools
3. CeroWRT project/Netperf

---

✨ Comae Technologies | Stardust |

1. OPCDE - OPCDE DXB 2017 + 2018 Materials
2. Hibr2Bin - Comae Hibernation File Decompressor (SANDMAN project)
3. porosity - Decompiler and Security Analysis tool for Blockchain-based Ethereum Smart-Contracts

---

🆖 Ngrok - ”I want to expose a local server behind a NAT or firewall to the internet.” -- The making of Ngrok - Alan Shreve

Documentation

UndeadSec/Social Fish -- Ultimate phishing tool with Ngrok integrated.

---

📗 Splunk/BOSS of SOC Dataset v1 -

1. EventGen - The Splunk Event Generator is a utility which allows its user to easily build real-time event generators.
2. Docker Logging plugin - Splunk Connect for Docker is a Docker logging plugin that allows docker containers to send their logs directly to Splunk Enterprise or a Splunk Cloud deployment.

---

📺 Netflix/Scumblr -- Web framework that allows performing periodic syncs of data sources and performing analysis on the identified results.

1. ChaosMonkey -- is a resiliency tool that helps applications tolerate random instance failures.
2. Security_Monkey -- monitors your AWS and GCP accounts for policy changes and alerts on insecure configurations. Support is available for OpenStack public and private clouds. Security Monkey can also watch and monitor your GitHub organizations, teams, and repositories.
3. Repokid -- uses Access Advisor provided by Aardvark to remove permissions granting access to unused services from the inline policies of IAM roles in an AWS account.

---

HARDCORE

🐻 scip AG/ vulscan - Advanced vulnerability scanning with Nmap NSE

httpRecon-NSE - Advanced web server fingerprinting for Nmap

• FileRecon - Advanced File Fingerprinting

🕷 SpiderLabs/ Responder - Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.

1. ModSecurity/Wiki - It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. With over 10,000 deployments world-wide, ModSecurity is the most widely deployed WAF in existence.

2. ModSecurity v3 Apache Connector - The ModSecurity-apache connector takes the form of an Apache module. The module simply serves as a layer of communication between Apache and ModSecurity.

3. ModSecurity v3 Nginx Connector - The ModSecurity-nginx connector takes the form of an nginx module. The module simply serves as a layer of communication between nginx and ModSecurity.

Scenario

• Responder -> MultiRelay -> Mimikatz -> Crackmapexec -> Windows PWNage

---

🕵 NSACyber.io - NSA Cybersecurity

1. Windows Secure Host Baseline - Secure Host Baseline (SHB) provides an automated and flexible approach for assisting the DoD in deploying the latest releases of Windows 10 using a framework that can be consumed by organizations of all sizes.

2. Unfetter - Identifies defensive gaps in security posture by leveraging Mitre's ATT&CK framework. A unique platform that unifies the Network Defender and Threat Analysts, letting them create, share, and use threat intel.

3. WALKOFF - A flexible, easy to use, automation framework allowing users to integrate their capabilities and devices to cut through the repetitive, tedious tasks slowing them down

4. WALKOFF-Apps

---

• NCC Group PLC

• Trail of Bits

• Information Assurance by NSA

• Hack-Night from OSIRIS Lab (former @isislab

• Recon-NG source

• Yandex

• Infobyte LLC - Faraday: Collaborative Penetration Test and Vulnerability Management Platform

• Wifi Analyzer - detect people around || netattack2.

[-] FluxionNetwork - fluxion

• Lockheed Martin - Laika BOSS: Object Scanning System

• HashiCorp - Terraform | vault

• EthereumJS

• Malware.lu

• Bastille Threat Research Team/Mousejack -- MouseJack device discovery and research tools || CableTap -- CableTap: Wirelessly Tapping Your Home Network, as presented at DEF CON 25.

• Rapid7

• Sensepost - DNS-Shell | Mana (toolkit for wifi rogue AP attacks and MitM)

• Reverse shell

• MWR Labs - Drozer | Athena | Needle

• Gotham Digital Sec

• Synack

2017_Oct

• OpenObservatory

• DataDog -- .Docs || API

• Zmap.io

• 11Paths -- HiddenNetworks-Python

2017_Nov

• UndeadSec -- EvilURL - Generate unicode evil domains for IDN Homograph Attack and detect them. ||| Enigma - Multiplatform payload dropper

• PowerShell Mafia/PowerSploit -- collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment.

• MLSec Project

• Palantir Technologies

• Genetic Malware

• EnableSecurity

• CRoCS

• Embedi

• The Neo Project - Distributed Smart Economy Network (Blockchain techs)

• Project Naptha - highlight, copy, search, edit and translate text in any image _ OCR

• Red Canary

• The Honeynet Project - Droidbot | Cuckoo Droid | CuckooML

• Recorded Future - API | IoC Enrichment in Threat Intel

• REST Cheatsheet - RESTFUL cheatsheet

• ThreatStream - Modern Honey Network | API |

• CyberArk - CyberArk, the undisputed leader in Privileged Account Security, secures secrets used by machines and users to protect traditional and cloud-native apps.

• AppSecCo - OWASP Threat Dragon | Levelup-subdomain-enumeration

• TryoLabs - Luminoth - Deep Learning toolkit for Computer Vision

• Systems and Machine Learning - BlockMon| HyperNF | LightVM

• DroidSec - canhazaxs - enumerating the access of file system on Android devices

• KromTech - AWS S3 Inspector

• KudelskiSec - Scannerl | Check_all_apks | ThreatIntel_DomainGatherAggregator

• OpenSecResearch - hostapd-wpe | CuckooScraperScript | LANTapCap

• CERT-Tools - IntelMQ | Contactdb

2017_DEC

• Crypto101 - Crypto 101, the introductory book on cryptography.

• SecuritywithoutBorders

• CoinFoundry

• Shadowsocks - ChinaDNS | ShadowsocksX-NG

• Leviathan-Framework - wide range mass audit toolkit

• CloudFlare

• RuntimeTools - appmetrics | graphmetrics

• Click Security - Click Security Data Hacking Project

• Alert Logic - ActiveIntegration API

• Praetorian Inc - Damn Vulnerable Router Firmware Project | PyShell | Trudy

• SummitRoute blog - Serene | flAWS

• SintheticLabs - Docs

• SandiaLabs

• SySS-Research -- Seth | dns-mitm

• GoSecure - Malware IOCs

• OWASP OWTF - OWTF | WAF bypasser

• CENSUS

• SecurityInnovation

• Nightwatch Research

2018_JAN

• Target/Webbreaker -- Dynamic Application Security Test Orchestration.

• IOHK|Cardano - Carano-sl - Cryptographic currency implementing Ouroboros PoS protocol

• Capsule8, Inc. - Container-Aware Real-time Threat Protection for Linux

• Sense of Security

• Arachni - Arachni -- Web Application Security Scanner Framework

• Crowe Center for Cybersecurity/ ad-ldap-enum -- An LDAP based Active Directory user and group enumeration tool | ps1encode -- Script used to generate and encode a PowerShell based Metasploit payloads.

• Threat Express - collection of Red Team scripts

• cSploit/android - The most complete and advanced IT security professional toolkit on Android.

• Pi-hole - Blog | A BLACK HOLE FOR INTERNET ADVERTISEMENTS

• FireHOL Project

• Colly - Elegant Scraper Framework for Gophers

• RegexHQ - Collaboration on world-wide community-driven collections of RegExp patterns and tools that can make our life easier.

• Grey Noise Intelligence LLC - Web GUI

2018_FEB

• Demisto - Automated and collaborative incident response platform.

• Obscurity Labs © 2018

• RingZer0 - RingZer0 Online CTF

• CylanceSPEAR - Cylance's advanced research team

• MantaRay Forensics

• AlphaSOC || Splunk apps

• certBot - Certbot is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol.

• Unwired Labs ||| API docs

• The Pereval Team

• WebTorrent

• HyperionGray - Massweb || Starbelly

• TeamHG-Memex

• Log2Timeline - plaso

2018_MARCH

• HoneyTrap - Advanced Honeypot Framework

• Veil-Framework

• TransparencyToolkit

• Alephdata - Developed by @occrp and many others

• Alfresco Software - prowler || AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool

• Ruhr University Bochum - Chair for Network and Data Security - Printer Exploitation Toolkit

• HatBashBR - ShodanHAT || Hatwich

• Pentestify - Unofficial API OpenCorporates || Unofficial API Censys || WHOISology.

• Commix Project - Commix - Command Injection Exploiter

• CoreSecurity - impacket -- collection of Python classes for working with network protocols.

• Guardicore Ltd. -- Infection Monkey _ automated pentest monkey

• HardenedLinux -- Firmware_security || Linux Exploit Tutorial

• Taipan-scanner -- Webapp security scanner.

• SafeBreach-Labs

• MITRE Corp - Multi-scanner || Caldera

• RedHunt-OS -- VMs for Adversary Emulation and Threat Hunting

• Yelp - Threat Intelligence APIs

2018_APRIL

• SECFORCE -- sparta - Network Infra pentest tool || Tunna - set of tools to Wrap & Tunnel any TCP over HTTP

• NORMA-Inc/AtEar -- Wireless Hacking, WiFi Security, Vulnerability Analyzer, Pentestration

• SANS Blue Team -- DeepBlueCLI

• NetBlocks Framework -- WebRTC privacy ||| Block crawlers

• BetterCryoto.org -- Applied Crypto Hardening - Best Current Practices regarding secure online communication and configuration of services using cryptography.

• OpenDNS -- DNSCrypt Windows Client || py_investigate || Ninja_AppSec_Training || OpenGraphiti - OpenDNS Data Visualization Framework.

• AustralianCyberSecurityCentre/windows_event_logging -- Windows Event Forwarding subscriptions, configuration files and scripts that assist with implementing ACSC's protect publication, Technical Guidance for Windows Event Logging.

• Snort 3.0 -|- Documentation -- Snort3 project has been hard at work for a while now and we have released the 4th alpha of the next generation Snort IPS (Intrusion Prevention System).

• TwelveSec/Gasmask - OSINT gathering tool ||| Bluenotes - PowerShell notes on Windows.

2018_MAY

• Flipkart Incubator/Red Team Arsenal -- An intelligent scanner to detect security vulnerabilities in company's layer 7 assets ||| Astra -- Automated Security Testing For REST API

• Acceis/leakSraper -- set of tools to process and visualize huge text files containing credentials. Theses tools are designed to help penetration testers and redteamers doing OSINT by gathering credentials belonging to their target ||| crypto_identifier -- try to uncipher data using multiple algorithms and block chaining modes. Usefull for a quick check on unknown cipher text and key dictionnary

• OpenSecuritySummit -- https://open-security-summit.org

• CHIPSEC: Platform Security Assessment Framework -- CHIPSEC is a framework for analyzing the security of PC platforms including hardware, system firmware (BIOS/UEFI), and platform components. It includes a security test suite, tools for accessing various low level interfaces, and forensic capabilities. It can be run on Windows, Linux, Mac OS X and UEFI shell

2018_JUNE

• DefectDojo/django-DefectDojo -- an open-source application vulnerability correlation and security orchestration application.

2018_JULY

• 👁 LumenDatabase API Docs

WTF is LumenDatabase ???

The Lumen Database:
[+] Collects and analyzes legal complaints and requests for removal of online materials.
[+] Helping Internet users to know their rights and understand the law. 
These data enable us to study the prevalence of legal threats and let Internet users see the source of content removals.

• Kolide/Fleet Documentation

Kolide Fleet is a state of the art host monitoring platform tailored for security experts.
Leveraging Facebook's battle-tested osquery project, Fleet delivers fast answers to big questions

Ref >> https://blog.kolide.com/monitoring-macos-hosts-with-osquery-ba5dcc83122d

2018_AUG

• 🐎 360Pegasus/GhostTunnel -- a covert backdoor transmission method that can be used in an isolated environment.

2018_SEP

• Tevora-Threat/Dragnet -- Social Engineering sidekick

• Tevora-Threat/PowerView3-Aggressor -- Cobalt Strike Aggressor script menu for Powerview/SharpView

---

• LOLBAS-Project/LOLBAS -- Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

---

• ciscocsirt/MalSpider -- a web spidering framework that detects characteristics of web compromises.
• ciscocsirt/Netsarlacc -- a high performance enterprise HTTP (and SMTP) sinkhole designed to be used by corporate SOC or IR teams.

---

• [-] GhostPack/Seatbelt -- C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.

• SharpDump -- is a C# port of PowerSploit's Out-Minidump.ps1 functionality.
• SafetyKatz -- is a combination of slightly modified version of @gentilkiwi's Mimikatz project and @subTee's .NET PE Loader

• SharpSploit -- .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.

---

• ZDResearch/ OWASP Nettacker -- Automated Penetration Testing Framework
• ZDResearch/ OWASP-Honeypot -- OWASP Honeypot

2018_OCT

• TBG Security/ Weaponize_Splunk -- collection of creative uses of Splunk that penetration testers and red teamers can use to gain more access and move laterally within an organization.

• OWASP Secure Headers Project -- application to catch, search and analyze HTTP secure headers.

---

• iSEC Partners/ Android SSL Trustkiller
• iSEC Partners/ IOS Killswitch
• iSEC Partners/ LibTech-Audit-Cheatsheet

2018_NOV

• SyndicatedIntel --- DarkSpiritz -- penetration testing framework for Linux, MacOS, and Windows systems.

2018_DEC

• SekoiaLabs/FastIR_Collector -- FastIR Collector is a “Fast Forensic” acquisition tool. Traditional forensics has reached its limit with the constant evolution of information technology. With the exponentially growing size of hard drives, their copy can take several hours, and the volume of the data may be too large for a fast and efficient analysis. “Fast Forensic” allows to respond to those issues. It aims a extracting a limited, but with high informational value, amount of data. These targeted data are the most consistent and important ones for an incident response analyst and allows the analyst to quickly collect artifacts and thus, to be able to quickly take decisions about cases.

• FBK CyberSec/ThunderDNS -- This tool can forward TCP traffic over DNS protocol. Non-compile clients + SOCKS5 support.

2019_JAN

• SecureMode/Invoke-Apex -- PowerShell-based toolkit consisting of a collection of techniques and tradecraft for use in red team, post-exploitation, adversary simulation, or other offensive security tasks.

2019_FEB

• ThreatResponse -- Open Source Security Suite for Hardening and Responding in AWS --- ThreatResponse Suite: AWS_IR | Incident Pony | Margarita Shotgun

2019_APR

• LogRhythm-Labs -- Phishing Intelligence Engine __ LogRhythm Security Operations v3.0

2019_MAY

• SmartProxy -- Smartproxy is a rotating residential proxy network which enables users to gather any data from the web using a pool of over 10 million proxies.

• Vesper -- a Man-in-the-Middle detection tool for LANs -- pdf

• CellularPrivacy/Android-IMSI-Catcher-Detector -- AIMSICD • Fight IMSI-Catcher, StingRay and silent SMS! -- AIMSICD is an Android app to detect IMSI-Catchers. These devices are false mobile towers (base stations) acting between the target mobile phone(s) and the real towers of service providers. As such they are considered a Man-In-The-Middle (MITM) attack.

2019_JUL

• Chaitin-Tech/XRAY -- powerful security assessment tool: dirscan; SQL, CRLF injection; SSRF ; capture HTTP/S traffic ; JSON sensitive infoleak; usage of Reverse server.....

2019_AUG

• Inveigh -- Inveigh is a PowerShell ADIDNS/LLMNR/NBNS/mDNS/DNS spoofer and man-in-the-middle tool designed to assist penetration testers/red teamers that find themselves limited to a Windows system.