Repositories list

• sliver

  Public
  Adversary Emulation Framework

  golanghttpdns-server+ 12red-teamsecurity-toolsc2red-team-engagementcommand-and-controlimplantadversarial-attacks+ 5

  Go

  •

  GNU General Public License v3.0

  •1.3k•9.5k•222•22•Updated May 21, 2025May 21, 2025

• cloudfoxable

  Public
  Create your own vulnerable by design AWS penetration testing playground

  Python

  •

  MIT License

  •42•381•0•0•Updated Apr 21, 2025Apr 21, 2025

• raink

  Public
  Use LLMs for document ranking

  Go

  •

  MIT License

  •7•131•1•0•Updated Apr 17, 2025Apr 17, 2025

• sj

  Public
  A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.

  Go

  •

  MIT License

  •93•658•3•0•Updated Apr 15, 2025Apr 15, 2025

• cloudfox

  Public
  Automating situational awareness for cloud penetration tests.

  golangcloudcloud-security+ 3penetration-testing-toolsawssecurity

  Go

  •

  MIT License

  •204•2.1k•8•3•Updated Mar 13, 2025Mar 13, 2025

• sonicrack

  Public
  Decrypt encrypted SonicOSX firmware images

  Python

  •

  GNU General Public License v3.0

  •2•15•0•0•Updated Feb 24, 2025Feb 24, 2025

• BrokenHill

  Public
  A productionized greedy coordinate gradient (GCG) attack tool for large language models (LLMs)

  Python

  •

  MIT License

  •18•117•1•1•Updated Dec 18, 2024Dec 18, 2024

• local-llm-ctf

  Public
  A small go harness that uses Ollama to orchestrate LLMs in a restricted process flow

  Go

  •

  MIT License

  •1•10•0•0•Updated Sep 10, 2024Sep 10, 2024

• cve-2024-21762-check

  Public
  Safely detect whether a FortiGate SSL VPN is vulnerable to CVE-2024-21762

  Python

  •

  GNU General Public License v3.0

  •17•101•3•1•Updated Jul 5, 2024Jul 5, 2024

• awsservicemap

  Public
  Go module that returns supported regions for a service or supported services for a region

  Go

  •

  MIT License

  •6•17•0•1•Updated Jun 4, 2024Jun 4, 2024

• jsluice

  Public
  Extract URLs, paths, secrets, and other interesting bits from JavaScript

  javascriptsecurity

  Go

  •

  MIT License

  •110•1.6k•7•1•Updated May 22, 2024May 22, 2024

• gcp-terraform-cloud-connector

  Public
  This repo provides a terraform module for customers looking to implement Google Cloud connector support for Bishop Fox Cosmos

  HCL

  •

  Apache License 2.0

  •1•0•0•0•Updated May 20, 2024May 20, 2024

• CVE-2023-27997-check

  Public
  Safely detect whether a FortiGate SSL VPN instance is vulnerable to CVE-2023-27997 based on response timing

  Python

  •

  GNU General Public License v3.0

  •26•133•0•0•Updated May 8, 2024May 8, 2024

• unredacter

  Public
  Never ever ever use pixelation as a redaction technique

  TypeScript

  •

  GNU General Public License v3.0

  •771•8k•23•11•Updated Mar 15, 2024Mar 15, 2024

• aws-signing

  Public
  CLI that allows user to submit http requests using AWS request signing

  engineering

  Go

  •

  MIT License

  •8•6•0•0•Updated Mar 14, 2024Mar 14, 2024

• GitGot

  Public
  Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.

  github-apisecurityosint+ 9fuzzy-matchingrecongistssecurity-scannersecurity-toolsreconnaissancesensitive-data-exposure+ 2

  Python

  •

  GNU Lesser General Public License v3.0

  •215•1.5k•3•0•Updated Mar 7, 2024Mar 7, 2024

• eyeballer

  Public
  Convolutional neural network for analyzing pentest screenshots

  pythonmachine-learningai+ 3tensorflowsecurity-toolspentesting-tools

  Python

  •

  GNU General Public License v3.0

  •142•1.2k•6•3•Updated Feb 19, 2024Feb 19, 2024

• llm-testing-findings

  Public
  LLM Testing Findings Templates

  reportingtemplatespenetration-testing+ 3gptllmgenai

  HTML

  •

  MIT License

  •16•72•0•0•Updated Feb 14, 2024Feb 14, 2024

• ysoserial-bf

  Public
  A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

  Java

  •

  MIT License

  •1.8k•26•0•0•Updated Feb 9, 2024Feb 9, 2024

• iam-vulnerable

  Public
  Use Terraform to create your own vulnerable by design AWS IAM privilege escalation playground.

  HCL

  •

  MIT License

  •88•502•0•0•Updated Feb 1, 2024Feb 1, 2024

• CVE-2022-22274_CVE-2023-0656

  Public
  Python

  •

  GNU General Public License v3.0

  •5•20•0•0•Updated Jan 12, 2024Jan 12, 2024

• bigip-scanner

  Public
  Determine the running software version of a remote F5 BIG-IP management interface.

  Python

  •

  MIT License

  •19•66•0•2•Updated Jan 3, 2024Jan 3, 2024

• knownawsaccountslookup

  Public
  Go module that provides two lookup functions for the data in https://github.com/fwdcloudsec/known_aws_accounts

  Go

  •

  MIT License

  •0•2•0•0•Updated Dec 28, 2023Dec 28, 2023

• VulnerableGWTApp

  Public
  An intentionally-vulnerable GWT-based web application to test tooling and techniques

  Java

  •0•3•0•0•Updated Dec 18, 2023Dec 18, 2023

• kafka-connect-field-and-time-partitioner

  Public
  Kafka Connect Store Partitioner by custom fields and time; also removing topic from s3 file path

  Java

  •

  Apache License 2.0

  •31•2•0•0•Updated Sep 18, 2023Sep 18, 2023

• action-gh-release

  Public
  📦 GitHub Action for creating GitHub Releases

  TypeScript

  •

  MIT License

  •521•0•0•0•Updated Aug 24, 2023Aug 24, 2023

• CVE-2023-3519

  Public
  RCE exploit for CVE-2023-3519

  Python

  •43•224•4•0•Updated Aug 23, 2023Aug 23, 2023

• mellon

  Public
  OSDP attack tool (and the Elvish word for friend)

  HTML

  •

  GNU General Public License v3.0

  •8•101•1•0•Updated Aug 15, 2023Aug 15, 2023

• forticrack

  Public
  Decrypt encrypted Fortienet FortiOS firmware images

  Python

  •

  GNU General Public License v3.0

  •29•126•0•0•Updated Aug 2, 2023Aug 2, 2023

• wordlist-sanitizer

  Public
  Remove Offensive and Profane Words from Wordlists

  Go

  •

  MIT License

  •7•14•0•2•Updated Jul 27, 2023Jul 27, 2023