santhoshinty Goto Github PK

penetration-testing

List of awesome penetration testing resources, tools and other shiny things

pentest-book

prowler

Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains all CIS controls and many more additional checks that help on GDPR, HIPAA and other security frameworks.

public-pentesting-reports

Curated list of public penetration test reports released by several consulting firms and academic security groups

redteam-offensivesecurity

Tools & Interesting Things for RedTeam Ops

robotsdisallowed

A curated list of the most common and most interesting robots.txt disallowed directories.

scout2

Security auditing tool for AWS environments

scoutsuite

Multi-Cloud Security Auditing Tool

scumblr

Web framework that allows performing periodic syncs of data sources and performing analysis on the identified results

seclists

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

secure-coding-handbook

Web Application Secure Coding Handbook resource.

security-code-scan

Vulnerability Patterns Detector for C# and VB.NET

security-guide-for-developers

Security Guide for Developers (实用性开发人员安全须知)

security_monkey

Security Monkey monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time.

semgrep

Fast and syntax-aware semantic code pattern search for many languages: like grep but for code

semgrep-rules

Semgrep rules registry

serpico

SimplE RePort wrIting and COllaboration tool

shcheck

A basic tool to check security headers of a website

spotbugs

SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.

subfinder

Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.

sublist3r

Fast subdomains enumeration tool for penetration testers

syft

CLI tool and library for generating a Software Bill of Materials from container images and filesystems

syntribos

Python API security testing tool from OpenStack Security Group

system-design-primer

Learn how to design large-scale systems. Prep for the system design interview. Includes Anki flashcards.

terragoat

TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.

terrascan

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

tflint

A Pluggable Terraform Linter

the-book-of-secret-knowledge

A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.

threat-matrix-cicd

Threat matrix for CI/CD Pipeline

threat-model-cookbook

This project is about creating and publishing threat model examples.