Discover qeeqbox/vertical-privilege-escalation Open Source project

30 different honeypots in one package! (dhcp, dns, elastic, ftp, http proxy, https proxy, http, https, imap, ipp, irc, ldap, memcache, mssql, mysql, ntp, oracle, pjl, pop3, postgres, rdp, redis, sip, smb, smtp, snmp, socks5, ssh, telnet, vnc)

11,527

honeypots

19 Customizable honeypots for monitoring network traffic, bots activities and username\password credentials (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, RDP, VNC, SMB, SOCKS5, Redis, TELNET, Postgres, MySQL, MSSQL, Elastic and ldap)

666

chameleon

Dockerfile

657

analyzer

Analyze, extract and visualize features, artifacts and IoCs of files and memory dumps (Windows, Linux, Android, iPhone, Blackberry, macOS binaries, emails and more)

Scalable URL Sandbox for analyzing URLs and Domains from phishing attacks

267

url-sandbox

Advanced Cyber Threat Map (Simplified, customizable, responsive and optimized)

167

raven

Kali and Parrot OS docker images accessible via VNC, RDP and Web

159

docker-images

Dockerfile

111

mitre-visualizer

🧬 Mitre Interactive Network Graph (APTs, Malware, Tools, Techniques & Tactics)

Build custom OSINT tools and APIs (Ping, Traceroute, Scans, Archives, DNS, Scrape, Whois, Metadata & built-in database for more info) with this python package

osint

Agile Sandbox for analyzing Windows, Linux and macOS malware and execution behaviors

rhino

Custom security distro for remote penetration testing

woodpecker

seahorse

ELKFH - Elastic, Logstash, Kibana, Filebeat and Honeypot (HTTP, HTTPS, SSH, RDP, VNC, Redis, MySQL, MONGO, SMB, LDAP)

Interface for Image-Related Deep Learning Models (E.g. NSFW, MAYBE and SFW)

image-analyzer

Pure Honeypots with an automated bash script

octopus

Shell

cyber-attacks

A collection of attacks metadata that were used in my previous pen-test tools

reports

Recent cyber attacks reports & interesting analysis files

APT-Malware-Reports-Set-1

Some extracted Features\IoCs\Artifacts\Patterns from APT Malware

pentest-labs

Collection of exploits that were verified by an automated system

falcon

two-factor-authentication-sim-swapping

An adversary may utilize a sim swapping attack for defeating 2fa authentication

worldmap

An interactive world-map that has been used in live Cyber Threat interfaces

An adversary may utilize a sim swapping attack for defeating 2fa authentication

two-factor-authentication-sim-cloning

threat-intelligence

Threat intelligence or Cyber Threat Intelligence is the process of identifying and analyzing gathered information about past, current, and future cyber threats (Collecting information about a potential threat, then analyzing that information to learn more about the negative events)

cyber-kill-chain

Cyber Kill Chain is a model that Lockheed Martin created for understanding (Describe the sequence of events) and stopping cyberattacks

ixora

Internal package for visualization

Multiple JSON files contain world cities with names, longitude & latitude, country, and timezone

world-json

automation-protocols-metadata

JSON file that contains an update metadata of Automation Protocols (Industrial control system, process automation, building automation, automatic meter reading, and automobile)

incident-response

Incident response is a set of steps that are used to handle the aftermath of a data breach or cyberattack

ics-visualizer

ICS-Visualizer is an interactive Industrial Control Systems (ICS) network graph that contains up-to-date related automation protocols metadata (Name, company, port, user manuals, external links, and mapped wireshark\namp modules and scripts).

JSON file contains all mobile number metadata (Country, prefix, and carrier)

mobile-numbers-metadata

countries-metadata

JSON file contains all countries metadata (Country name, cc, a3, and flag)

digital-forensics

Digital Forensics is the process of finding and analyzing electronic data

stored-cross-site-scripting

An adversary may inject malicious content into a vulnerable target

cybersecurity

Cybersecurity is the measures taken to protect networks, devices, and data against cyberattacks

directory-listing

A threat actor may list files on a misconfigured server

dom-based-cross-site-scripting

A threat actor may inject malicious content into HTTP requests. The content is not reflected in the HTTP response and executed in the victim's browser.

ports-metadata

JSON file contains all ports metadata

reflected-cross-site-scripting

A threat actor may inject malicious content into HTTP requests. The content will be reflected in the HTTP response and executed in the victim's browser

client-side-template-injection

A threat actor may trick a victim into executing native template syntax on a vulnerable target

risk-management

Risk management is the process of identifying, assessing, treating, and monitoring any negative events that affect a company's ability to operate (Preventing them or minimizing their harmful impact)

data-compliance

Data compliance is the process of following various regulations and standards to ensure that sensitive digital assets (data) are guarded against loss, theft, and misuse

open-redirect

A threat actor may send a malicious redirection request for a vulnerable target to a victim; the victim gets redirected to a malicious website that downloads an executable file

public-ip-metadata

JSON file contains all public ip ranges with description

minimal-server

Asyncio websocket http server [Needed for internal testing]

A threat actor may gain access to data and functionalities by bypassing the target authentication mechanism

authentication-bypass

credential-stuffing

A threat actor may guess the target credentials using a known username and password pairs gathered from previous brute-force attacks

horizontal-privilege-escalation

A threat actor may perform unauthorized functions belonging to another user with a similar privileges level

icterid-template

Icterid Webapp Template

A threat actor is any person, group, or entity that could harm to the cyber realm

threat-actors

session-hijacking

A threat actor may access the user's account using a stolen or leaked valid (existing) session identifier

xslt-injection

A threat actor may interfere with an application's processing of extensible stylesheet language transformations (XSLT) for extensible markup language (XML) to read or modify data on the target

default-credential

A threat actor may gain unauthorized access using the default username and password

private-ip-metadata

JSON file contains all private ip ranges with description

authorization-bypass

A threat actor may access the user's account using a stolen or leaked valid (existing) session identifier

proxy-firewall

HTTPS Proxy Firewall for testing

A threat actor may lunch brute force to the two-factor authentication (2FA) logic causing unauthorized access to the target

two-factor-authentication-brute-force

session-fixation

A threat actor may trick a user into using a known session identifier to log in. after logging in, the session identifier is used to gain access to the user's account

xxe-injection

A threat actor may interfere with an application's processing of extensible markup language (XML) data to view the content of a target's files

data-security

Safeguarding your personal information (How your info is protected)

cross-site-request-forgery

A threat actor may trick an authenticated or trusted victim into executing unauthorized actions on their behalf

os-command-injection

A threat actor may inject arbitrary operating system (OS) commands on target

asynico-websockets-redis-server

asynico websockets redis server (Needed for internal testing)

Some scripts for workflows (Moved from Macaw)

.github

Github Settings

global-scripts

Shell

xpath-injection

A threat actor may alter the XML path language (XPath) query to read data on the target

password-spraying

A threat actor may guess the target credentials using a single password with a large set of usernames against the target

data-classification

Data classification defines and categorizes data according to its type, sensitivity, and value

remote-file-inclusion

A threat actor may cause a vulnerable target to include/retrieve remote file

session-replay

A threat actor may re-use a stolen or leaked session identifier to access the user's account

security-controls

Countermeasures or safeguards for detecting, preventing, and mitigating cyber threats and attacks (Protect assets)

access-control

Access Control is using security techniques to protect a system against unauthorized access

sql-injection

A threat actor may alter structured query language (SQL) query to read, modify and write to the database or execute administrative commands for further chained attacks

social-engineering-methods

cryptography

malware-and-indicators-of-compromise

local-file-inclusion

A threat actor may cause a vulnerable target to include/retrieve local file

security-tools-and-technologies

data-states

Data states refer to structured and unstructured data divided into three categories (At Rest, In Use, and In Transit)

insecure-deserialization

A threat actor may tamper with a stream that gets deserialized on the target, causing the target to access data or perform non-intended actions

data-privacy-and-security

application-service-attacks

data-lifecycle-management

Data Lifecycle Management (DLM) is a policy-based model for managing data in an organization

tornado-websockets-redis-server

tornado websockets redis server (Needed for internal testing)