ModSecurity
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave's SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. With over 10,000 deployments world-wide, ModSecurity is the most widely deployed WAF in existence.Responder
Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.owasp-modsecurity-crs
OWASP ModSecurity Core Rule Set (CRS) Project (Official Repository)ModSecurity-nginx
ModSecurity v3 Nginx ConnectorHostHunter
HostHunter a recon tool for discovering hostnames using OSINT techniques.portia
Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised.MCIR
The Magical Code Injection Rainbow! MCIR is a framework for building configurable vulnerability testbeds. MCIR is also a collection of configurable vulnerability testbeds.DoHC2
DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH).scavenger
scavenger : is a multi-threaded post-exploitation scanning tool for scavenging systems, finding most frequently used files and folders as well as "interesting" files containing sensitive information.SharpCompile
SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing using beacon's 'execute-assembly' in seconds.malware-analysis
A repository of tools and scripts related to malware analysisNmap-Tools
SpiderLabs shared Nmap Toolsikeforce
snappy
CryptOMG
CryptOMG is a configurable CTF style test bed that highlights common flaws in cryptographic implementations.jboss-autopwn
A JBoss script for obtaining remote shell accesscribdrag
cribdrag - an interactive crib dragging tool for cryptanalysis on ciphertext generated with reused or predictable stream cipher keysAirachnid-Burp-Extension
A Burp Extension to test applications for vulnerability to the Web Cache Deception attackbeef_injection_framework
Inject beef hooks into HTTP traffic and track hooked systems from cmdlineSQLol
A configurable SQL injection test-bedcve_server
Simple REST-style web service for the CVE searchingmsfrpc
Perl/Python modules for interfacing with Metasploit MSGRPCModSecurity-apache
ModSecurity v3 Apache ConnectorIOCs-IDPS
This repository will hold PCAP IOC data related with known malware samples (owner: Bryant Smith)burplay
Burplay is a Burp Extension allowing for replaying any number of requests using same modifications definition. Its main purpose is to aid in searching for Privilege Escalation issues.BurpNotesExtension
Burp Notes Extension is a plugin for Burp Suite that adds a Notes tab. The tool aims to better organize external files that are created during penetration testing.KoreLogic-Rules
Updated version of the 2010 KoreLogic password cracking rules for John the Ripperthicknet
TCP session interception and injection frameworkBlackByteDecryptor
groupenum
ModSecurity-log-utilities
Set of CLI tools to transform ModSecurity logs into a meaningful information, given a context.Firework
Firework is a proof of concept tool to interact with Microsoft Workplaces creating valid files required for the provisioning process.UPnP-request-generator
A tool to parse UPnP descriptor XML files and generate SOAP control requests for use with Burp Suite or netcatackack
A program to monitor network traffic and detect unauthorized sessions.OWASP-CRS-Documentation
Documentation for the OWASP CRS projectbatchyDNS
A reconnaissance tool that can quickly discover hostnames from a list of IP addresses.microphisher
µphisher spear phishing tool (reference implementation)deblaze
Performs method enumeration and interrogation against flash remoting end points.ModSecurity-status
ModSecurity statusXMLmao
A configurable XPath/XML injection testbednet-tns
Net::TNS, a Ruby library for connecting to Oracle databases.deface
A Java Server Faces (JSF) testing tool for decoding view state and creating view state attack vectors.yara-ruby
Ruby bindings for the yara file analysis and classification libraryowasp-distributed-web-honeypots
Repository for the OWASP/WASC Distributed Web Honeypots Project -oracle_pwd_tools
Oracle Database 12c password brute forcerModSecurity-pcap
The ModSecurity Pcap Connectorcerealbox
Arduino-based network monitorModSecurity-Python-bindings
Python bindings for libModSecurity (aka ModSecurity v3)pingback
modsecurity-mlogc-ng
Next generation remote logging tool for ModSecurity, supporting native and JSON format.modsec-sdbm-util
Utility to manipulate SDBM files used by ModSecurity. With that utility it is possible to _shrink_ SDBM databases. It is also possible to list the SDBM contents with filters such as: expired or invalid items only.XSSmh
XSSmh - A configurable Cross-Site Scripting testbedadvisories-poc
masher
multiple password 'asher using Python’s hashlibOWASP-CRS-regressions
Regression tests for OWASP CRS v3ShelLOL
A configurable OS shell command injection vulnerability testbedsecrules-language-evaluation
Set of Python scripts to perform SecRules language evaluation on a given http request.secrules-language-tests
Set of test cases that can be used to test custom implementations of the SecRules language (ModSecurity rules format).Keystone
This repository contains the scripts released under the "Keystone Rocks" series of the SpiderLabs blognrfdump
Python script for dumping firmware from read-back protected nRF51 chipsTWSL2011-007_iOS_code_workaround
Workaround for the vulnerability identified by TWSL2011-007 or CVE-2008-0228 - iOS x509 Certificate Chain Validation Vulnerabilityjson_crypto_helper
Jorogumo
Red Team Stored XSS SVG phishing-companion tool with the ability to serve a malicious login page, or clone an html page and implement custom javascript. It then generates a relevant SVG.zpminternational
REvil_config
Configuration file for REvil / Kaseya July campaignMisc
A repository for miscellaneous files shared by SpiderLabsScripts
Various ScriptsGrandoreiro-decryptor
Grandoreiro decryptor and DGA generator (26.May.2022)Love Open Source and this site? Check out how you can help us