social-analyzer
API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websiteshoneypots
30 different honeypots in one package! (dhcp, dns, elastic, ftp, http proxy, https proxy, http, https, imap, ipp, irc, ldap, memcache, mssql, mysql, ntp, oracle, pjl, pop3, postgres, rdp, redis, sip, smb, smtp, snmp, socks5, ssh, telnet, vnc)chameleon
19 Customizable honeypots for monitoring network traffic, bots activities and username\password credentials (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, RDP, VNC, SMB, SOCKS5, Redis, TELNET, Postgres, MySQL, MSSQL, Elastic and ldap)analyzer
Analyze, extract and visualize features, artifacts and IoCs of files and memory dumps (Windows, Linux, Android, iPhone, Blackberry, macOS binaries, emails and more)url-sandbox
Scalable URL Sandbox for analyzing URLs and Domains from phishing attacksraven
Advanced Cyber Threat Map (Simplified, customizable, responsive and optimized)docker-images
Kali and Parrot OS docker images accessible via VNC, RDP and Webmitre-visualizer
🧬 Mitre Interactive Network Graph (APTs, Malware, Tools, Techniques & Tactics)osint
Build custom OSINT tools and APIs (Ping, Traceroute, Scans, Archives, DNS, Scrape, Whois, Metadata & built-in database for more info) with this python packagerhino
Agile Sandbox for analyzing Windows, Linux and macOS malware and execution behaviorswoodpecker
Custom security distro for remote penetration testingseahorse
ELKFH - Elastic, Logstash, Kibana, Filebeat and Honeypot (HTTP, HTTPS, SSH, RDP, VNC, Redis, MySQL, MONGO, SMB, LDAP)image-analyzer
Interface for Image-Related Deep Learning Models (E.g. NSFW, MAYBE and SFW)octopus
Pure Honeypots with an automated bash scriptcyber-attacks
A collection of attacks metadata that were used in my previous pen-test toolsreports
Recent cyber attacks reports & interesting analysis filesAPT-Malware-Reports-Set-1
Some extracted Features\IoCs\Artifacts\Patterns from APT Malwarepentest-labs
falcon
Collection of exploits that were verified by an automated systemtwo-factor-authentication-sim-swapping
An adversary may utilize a sim swapping attack for defeating 2fa authenticationworldmap
An interactive world-map that has been used in live Cyber Threat interfacestwo-factor-authentication-sim-cloning
An adversary may utilize a sim swapping attack for defeating 2fa authenticationthreat-intelligence
Threat intelligence or Cyber Threat Intelligence is the process of identifying and analyzing gathered information about past, current, and future cyber threats (Collecting information about a potential threat, then analyzing that information to learn more about the negative events)cyber-kill-chain
Cyber Kill Chain is a model that Lockheed Martin created for understanding (Describe the sequence of events) and stopping cyberattacksixora
Internal package for visualizationworld-json
Multiple JSON files contain world cities with names, longitude & latitude, country, and timezoneautomation-protocols-metadata
JSON file that contains an update metadata of Automation Protocols (Industrial control system, process automation, building automation, automatic meter reading, and automobile)incident-response
Incident response is a set of steps that are used to handle the aftermath of a data breach or cyberattackics-visualizer
ICS-Visualizer is an interactive Industrial Control Systems (ICS) network graph that contains up-to-date related automation protocols metadata (Name, company, port, user manuals, external links, and mapped wireshark\namp modules and scripts).mobile-numbers-metadata
JSON file contains all mobile number metadata (Country, prefix, and carrier)countries-metadata
JSON file contains all countries metadata (Country name, cc, a3, and flag)digital-forensics
Digital Forensics is the process of finding and analyzing electronic datastored-cross-site-scripting
An adversary may inject malicious content into a vulnerable targetcybersecurity
Cybersecurity is the measures taken to protect networks, devices, and data against cyberattacksdirectory-listing
A threat actor may list files on a misconfigured serverdom-based-cross-site-scripting
A threat actor may inject malicious content into HTTP requests. The content is not reflected in the HTTP response and executed in the victim's browser.vertical-privilege-escalation
A threat actor may perform unauthorized functions belonging to another user with a higher privileges levelports-metadata
JSON file contains all ports metadatareflected-cross-site-scripting
A threat actor may inject malicious content into HTTP requests. The content will be reflected in the HTTP response and executed in the victim's browserclient-side-template-injection
A threat actor may trick a victim into executing native template syntax on a vulnerable targetrisk-management
Risk management is the process of identifying, assessing, treating, and monitoring any negative events that affect a company's ability to operate (Preventing them or minimizing their harmful impact)data-compliance
Data compliance is the process of following various regulations and standards to ensure that sensitive digital assets (data) are guarded against loss, theft, and misuseopen-redirect
A threat actor may send a malicious redirection request for a vulnerable target to a victim; the victim gets redirected to a malicious website that downloads an executable filepublic-ip-metadata
JSON file contains all public ip ranges with descriptionminimal-server
Asyncio websocket http server [Needed for internal testing]authentication-bypass
A threat actor may gain access to data and functionalities by bypassing the target authentication mechanismcredential-stuffing
A threat actor may guess the target credentials using a known username and password pairs gathered from previous brute-force attackshorizontal-privilege-escalation
A threat actor may perform unauthorized functions belonging to another user with a similar privileges levelicterid-template
Icterid Webapp Templatethreat-actors
A threat actor is any person, group, or entity that could harm to the cyber realmsession-hijacking
A threat actor may access the user's account using a stolen or leaked valid (existing) session identifierxslt-injection
A threat actor may interfere with an application's processing of extensible stylesheet language transformations (XSLT) for extensible markup language (XML) to read or modify data on the targetdefault-credential
A threat actor may gain unauthorized access using the default username and passwordprivate-ip-metadata
JSON file contains all private ip ranges with descriptionauthorization-bypass
A threat actor may access the user's account using a stolen or leaked valid (existing) session identifierproxy-firewall
HTTPS Proxy Firewall for testingtwo-factor-authentication-brute-force
A threat actor may lunch brute force to the two-factor authentication (2FA) logic causing unauthorized access to the targetsession-fixation
A threat actor may trick a user into using a known session identifier to log in. after logging in, the session identifier is used to gain access to the user's accountxxe-injection
A threat actor may interfere with an application's processing of extensible markup language (XML) data to view the content of a target's filesdata-security
Safeguarding your personal information (How your info is protected)cross-site-request-forgery
A threat actor may trick an authenticated or trusted victim into executing unauthorized actions on their behalfos-command-injection
A threat actor may inject arbitrary operating system (OS) commands on targetasynico-websockets-redis-server
asynico websockets redis server (Needed for internal testing).github
Github Settingsglobal-scripts
Some scripts for workflows (Moved from Macaw)xpath-injection
A threat actor may alter the XML path language (XPath) query to read data on the targetpassword-spraying
A threat actor may guess the target credentials using a single password with a large set of usernames against the targetdata-classification
Data classification defines and categorizes data according to its type, sensitivity, and valueremote-file-inclusion
A threat actor may cause a vulnerable target to include/retrieve remote filesession-replay
A threat actor may re-use a stolen or leaked session identifier to access the user's accountsecurity-controls
Countermeasures or safeguards for detecting, preventing, and mitigating cyber threats and attacks (Protect assets)access-control
Access Control is using security techniques to protect a system against unauthorized accesssql-injection
A threat actor may alter structured query language (SQL) query to read, modify and write to the database or execute administrative commands for further chained attackssocial-engineering-methods
cryptography
malware-and-indicators-of-compromise
local-file-inclusion
A threat actor may cause a vulnerable target to include/retrieve local filesecurity-tools-and-technologies
data-states
Data states refer to structured and unstructured data divided into three categories (At Rest, In Use, and In Transit)insecure-deserialization
A threat actor may tamper with a stream that gets deserialized on the target, causing the target to access data or perform non-intended actionsdata-privacy-and-security
application-service-attacks
data-lifecycle-management
Data Lifecycle Management (DLM) is a policy-based model for managing data in an organizationtornado-websockets-redis-server
tornado websockets redis server (Needed for internal testing)identity-and-access-management
The practice of ensuring that people or objects have the right level of access to assetsserver-side-template-injection
A threat actor may alter the template syntax on the vulnerable target to execute commandscaptcha-bypass
captcha bypass vulnerabilityLove Open Source and this site? Check out how you can help us