Champions Curriculum:
A training curriculum for teaching information security "champions" within small organisations and helping them conduct a basic assessment. (Work in progress)
InfoSec  OrgSec 
21 hours ago
Self hosted newsletter app
OpenSource  email  WebDev 
tachyons tldr
Cheater for looking up Tachyon CSS classes, which are a different kind of voodoo all together. Remember how people used to bang on about not putting styles in the pages? For flippen' 'eck it's back.
CSS  Design  WebDev 
4 days ago
Text Editor toolkit for web :: make a wysiwyg.
wysiwyg  WebDev  OpenSource 
7 days ago
Tool to scan for secret files on HTTP servers
python  security  Reconnaissance  Pen_Testing  Hacking 
7 days ago
A curated list of awesome packages, articles, and other cool resources from the Wagtail community.
wagtail  CMS  django 
11 days ago
Structured Text Tools
The following is a list of text-based file formats and command line tools for manipulating each.
cli  CommandLine  WebDev 
12 days ago
 An Open Source, Large Scale, Full Packet Capturing, Indexing, And Database System
traffic  packet_inspection  capture 
13 days ago
Who Am I Mail Bot is a service to mask your e-mails. It was inspired by Blur, where you can create an alias for your e-mail and use it to signup on applications. The problem with Blur is that all e-mails pass trough their infraestructure and I don't need/want anybody looking on my e-mails, so I made this project. WhoAmIMailBot is similar to Blur service but runs on your own infraestructure!

This is interesting, but I'm still not sure it justifies getting a Telegram account.
bots  email 
22 days ago
Easily Host Containers on a .onion URL.
Tor  onion_sites  docker  Hosting 
22 days ago
Hardentools is a utility that disables a number of risky Windows features.
security  hardening  end_point_security  windows  microsoft 
24 days ago
Tool For Automating Penetration Testing Tasks.
24 days ago
MintBox Mini 2
Small durable and powerful Mint desktop box. Want/need.
24 days ago
Zotero | Your personal research assistant
Zotero is the only software that automatically senses research on the web. Need an article from JSTOR or a preprint from arXiv.org? A news story from the New York Times or a book from a library? Zotero has you covered, everywhere.
research  OpenSource 
25 days ago
Rainmap Lite
Responsive Web Based Interface That Allows Users To Launch Nmap Scans From Their Mobiles/Tablets/Web Browsers
nmpap  Reconnaissance 
25 days ago
slack-meme: A Meme Bot for Slack.
Bookmarking for adding this to a Slack channel to annoy colleagues.
29 days ago
The gui for Docker
4 weeks ago
LibraryBox is an open source, portable digital file distribution tool based on inexpensive hardware that enables delivery of educational, healthcare, and other vital information to individuals off the grid.
hardware  meshnet  File_sharing 
5 weeks ago
Next time I fly anywhere, try this.
5 weeks ago
XSStrike is an advanced XSS detection and exploitation suite.
scan  exploit  Hacking  xss 
5 weeks ago
Firefox tunnel to bypass any firewall
To create a program like firefox tunnel, follow these steps to get started...
Hacking  firewall 
5 weeks ago
Program to detect when linux user opens terminal with root and inject intrusive commands in terminal with X11 lib
ssh  terminal  Hacking 
5 weeks ago
Memfixed Mitigation
DDoS mitigation tool for sending flush or shutdown commands to vulnerable Memcached servers obtained using Shodan API.
ddos  shodan 
5 weeks ago
The fast, reliable localhost tunneling solution
server  hosting  localhost  webdev 
5 weeks ago
Interactive shellcoding environment to easily craft shellcodes
shell  CommandLine 
6 weeks ago
Streisand sets up a new server running your choice of L2TP/IPsec, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, a Tor bridge, and WireGuard. It also generates custom instructions for all of these services. At the end of the run you are given an HTML file with instructions that can be shared with friends, family members, and fellow a…
security  VPN  circumvention  Tor  tor_bridges  Privacy 
7 weeks ago
PiKarma: 📡🍓🍍
Detects wireless network attacks performed by KARMA module (fake AP). Starts deauthentication attack (for fake access points)
network  security  wifi 
7 weeks ago
Mosh: the mobile shell
Remote terminal application that allows roaming, supports intermittent connectivity, and provides intelligent local echo and line editing of user keystrokes.

Mosh is a replacement for interactive SSH terminals. It's more robust and responsive, especially over Wi-Fi, cellular, and long-distance links.

Mosh is free software, available for GNU/Linux, BSD, macOS, Solaris, Android, Chrome, and iOS.
shell  ssh  CommandLine 
7 weeks ago
How to Archive Open Source Materials - bellingcat
This is a great how-to guide and resource of tools on archiving and publishing archives open source data, web pages, social network activity, videos, images and other media. Also probably good stuff here to help bypass censorship if your country is blocking your video or some such.
archive  How_To 
8 weeks ago
Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP. It can be used to bypass network restrictions in fully firewalled environments.
proxy  tunneling  tcp  http  anti_censorship 
8 weeks ago
nada - temporary email
You want to play with that weird website toy and it's just asking fro your email address to do it. This disposable email address service had decent 1-click ux and a really clean interface. Nice one.
email  Anonymity 
9 weeks ago
The New Guide to Running a Tor Relay
Here's the updated guide on setting up a Tor relay, which still isn't that incredibly readable but is a great improvement over what came previously.
Tor  How_To  SysAdmin 
9 weeks ago
A Real-Time Two-Factor Phishing Tool
phishing  2fa 
10 weeks ago
LastPass command line interface tool
security  password_manager  Cli 
10 weeks ago
AutoSploit: Automated Mass Exploiter
As the name might suggest AutoSploit attempts to automate the exploitation of remote hosts.
metasploit  automation  hacking  exploit  security 
10 weeks ago
dorker.io - Automated Search Engine hacking
Scan vulnerabilities using Google, Bing, Shodan...
Reconnaissance  dorking  search 
10 weeks ago
Understand your public-facing infrastructure
network  security  search  re 
10 weeks ago
Reconnaissance. Threat intelligence. Perimeter Monitoring. SpiderFoot automates OSINT to find out everything possible about your target.
Reconnaissance  OSINT  threat-research 
10 weeks ago
Kibana: Explore, Visualize, Discover Data | Elastic
Kibana lets you visualize your Elasticsearch data and navigate the Elastic Stack, so you can do anything from learning why you're getting paged at 2:00 a.m. to understanding the impact rain might have on your quarterly numbers.
visualization  data  OpenSource  Dark_Services 
11 weeks ago
GitHub - google/detangle
Detangle automatically separates your chrome browser into multiple browser profiles and can open sessions in each on startup.
browser  chrome 
11 weeks ago
Alfred - Productivity App for Mac OS X
Alfred is an award-winning app for Mac OS X which boosts your efficiency with hotkeys, keywords, text expansion and more. Search your Mac and the web, and be more productive with custom actions to control your Mac.
shortcuts  Workflow_tools 
11 weeks ago
Honey Buckets
Find out who is snooping through your (bogus) Amazon S3 buckets
aws  s3  Honey_Pot  Reconnaissance 
11 weeks ago
GalliumOS, 'a ightweight Linux distro for ChromeOS devices'
"A fast and lightweight Linux distro for ChromeOS devices."
Linux  OpenSource  chromebooks 
12 weeks ago
Thornsec core repo
Help systems and networks be more secure than default;

complete operational transparency;

facilitate cooperation amongst sysadmins;

minimal pre-requisites;

avenue for learning with others
OrgSec  SysAdmin 
january 2018
OpenCanary is a daemon that runs canary services, which trigger alerts when (ab)used. The alerts can be sent to a variety of sources, including syslog, emails and a companion daemon opencanary-correlator.
canary  honeypot  monitor  network 
december 2017
We are thrilled to share with you the new Filecoin Whitepaper. This new Whitepaper introduces two new Research breakthroughs in the Distributed Storage Networks (DSN) landscape: Proof-of-Replication (PoR) and Proof-of-Spacetime (PoSt).
blockchain  decentralised 
december 2017
a Redis keys analysis script
This repository contains all the scripts necessary to keep track of the keys that Internet-accessible Redis servers are using. This can reveal whether anybody's currently compromising Redis databases across the Internet.
redis  Pen_Testing  monitoring  python  shodan 
december 2017
Sublist3r subdomain enuneration
Fast subdomains enumeration tool for penetration testers
Pen_Testing  enumeration  python 
december 2017
Vulnreport pentesting management platform
An open source pentesting management and automation platform by Salesforce Product Security team.
Pen_Testing  reporting  OpenSource  Platforms 
december 2017
TL;DR: Mailsploit is a collection of bugs in email clients that allow effective sender spoofing and code injection attacks. The spoofing is not detected by Mail Transfer Agents (MTA) aka email servers, therefore circumventing spoofing protection mechanisms such as DMARC (DKIM/SPF) or spam filters.
malware  email 
december 2017
the Haven app
Haven (formerly known as “Phoneypot”) is an Android application that leverages on-device sensors to provide monitoring and protection of physical spaces.
Android  mobile_apps  security  alerts  OpenSource 
december 2017
vFeed threat intelligence database wrapper
vFeed The Correlated Vulnerability and Threat Intelligence Database Wrapper
alerts  security 
december 2017
Pi-hole: A black hole for Internet advertisements
Network-wide ad blocking via your own Linux hardware – curl -sSL https://install.pi-hole.net | bash
Raspberry_pi  ad_blocking  network 
december 2017
Dat Project
Dat is free software built for the public by Code for Science & Society, a nonprofit. Researchers, analysts, libraries, and universities are already using dat to archive and distribute scientific data. Developers are building applications on Dat for browsing peer-to-peer websites and offline editable maps. Anyone can use Dat to backup files or share those cute cat pictures with a friend. Install and get started today by using the desktop application, command line, or JavaScript library.
data  File_sharing 
november 2017
Twitter Archive Eraser
Search, Filter and Bulk Delete your Oldest Tweets, Favorites, Direct Messages (DMs) Automatically
twitter  anti_forensics  Privacy 
november 2017
The Endorser
An OSINT tool that allows you to draw out relationships between people on LinkedIn via endorsements/skills
OSINT  python  Social_Networks  linkedin 
november 2017
Exodus Privacy
Εxodus is a privacy auditing platform for Android applications.
android  privacy  mobile_apps  Research 
november 2017
GAM: command line management for Google G Suite
I'm not sure about this one, but it's interesting that for all sorts of things, there's a cli for it these days, often in Python. Sometimes this is pure geek stuff, and it's just easier to go to the interface. Other times, it's unlocking some interesting stuff. Being that I manage G Suite accounts in the dozens and ratchet up the security settings volume to 11, I'm wondering if this would meet my use case.
google  Cli  CommandLine  python 
november 2017
Uwazi by @HURIDOCS
Uwazi is a free, open-source solution for organising, analysing and publishing your documents.
Open_Data  OpenSource  analysis  Platforms 
november 2017
tilt: Terminal Ip Lookup Tool
An automatic ip lookup and reverse probing tool for passive reconnaissance
Reconnaissance  IP  python 
november 2017
Diff Checker cli for public diffing
Sometimes you want to cloud diff checking because it's kind of an easier tool, you're not trying to keep other people from seeing it, or don't really care, and you want to share it with people.
Cli  diff 
november 2017
This script will automatically guide you to install and configure your OpenVPN server with Shapeshifter Dispatcher (obfuscation) which will allow you to bypass the DPI blockage on OpenVPN. This setup will offer the users the freedom to choose between regular OpenVPN connection or obfuscated one, they actually can use both! OpenVPN is the VPN provider, Dispatcher is the command line proxy tool which utilize Shapeshifter which is a protocol shapeshifting technology that will obfuscate the transformed data between the user and the server.
november 2017
Netsafe's Re:scam bot
Have no idea how well this thing works, but going to send it some phishing emails when I see them.
email  phishing 
november 2017
Generate homographic unicode URLs for badness. Worth checking out but seems a pointless middle step.
november 2017
MISP dashboard
A dashboard for a real-time overview of threat intelligence from MISP instances
malware  threat-research 
november 2017
Onion Investigator
Onion Investigator: a Shodan like site for onion services
Tor  scraping  scanner  onion_sites  Reconnaissance 
november 2017
Esoteric sub-domain enumeration techniques
This repository contains all the talk materials, videos and scripts from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtual conference.
Reconnaissance  Domains  subdomains 
november 2017
Find phishing campaigns possibly using your domain or one like it.
phishing  monitoring 
november 2017
Catching malicious phishing domain names using certstream SSL certificates live stream. This is just a working PoC, feel free to contribute and tweak the code to fit your needs
phishing  SSL  monitoring 
november 2017
CertStream is an intelligence feed that gives you real-time updates from the Certificate Transparency Log network, allowing you to use it as a building block to make tools that react to new certificates being issued in real time. We do all the hard work of watching, aggregating, and parsing the transparency logs, and give you super simple libraries that enable you to do awesome things with minimal effort. 
SSL  monitoring 
november 2017
ORC,a Distributed Anonymous Cloud on Tor
The Onion Routed Cloud is a decentralised, anonymous, object storage platform owned and operated by allies in defense of human rights and opposition to censorship.
Tor  File_sharing  Cloud_services  Anonymity  Encryption 
november 2017
Kernel Privilege Escalation Enumeration And Exploitation Framework
python  privilege_escalation  Hacking  enumeration 
november 2017
This is an ansible role for tor relay operators. 
ansible  Tor  SysAdmin 
november 2017
A curated list of amazingly awesome open source sysadmin resources.
SysAdmin  Lists 
october 2017
Free Automated Malware Analysis Service - powered by VxStream Sandbox
This webpage is a free malware analysis service powered by Payload Security that detects and analyzes unknown threats using a unique Hybrid Analysis technology.
malware  security 
october 2017
Dropper Analysis
SEKOIA Dropper Analysis is a malware analysis application with a focus on droppers. Droppers are often the first stage in a malware infection and can take several forms, with their simple goal being to install and execute a second stage malware on the system.
malware  analysis 
october 2017
« earlier      
!document_management 2fa academic actvist_tech ad_blocking alerts analysis analytics android anonymity ansible anti_censorship anti_forensics archive article authentication automation aws backup bios bitcoin blockchain blogs bluetooth bots browser business_intelligence buylist canary capture cctv censorship chrome chrome_plugin chromebooks circumvention cli closed_source cloud_services cms coding collaboration commandline confederated content_creation copyright css cyber_warfare dark_services dashboards data data_analsis data_analysis data_journalism data_mining data_policy data_scraping data_visualisation data_wipe databases ddos decentralised decentralized design diff digital_radio digsec digsec_howto digsec_services digsec_tools django dns docker domains dorking doxxing drupal drupal_modules email encryption end_point_security enumeration exploit facebook file_sharing firewall firmware flat_file_websites foia fonts forensic foss framework frameworks frontend_dev gaming geolocation git goodorgs google google_dorks graphic_design gui hacking hardening hardware honey_pot honeypot hosting how how_to htaccess html http https icons ict ict_policy image_archive image_archives image_editing infosec interactive intranet ios iot ip ipfs iphone irc javascript journalism journalism_technology journalist_safety js law lazyweb_tools leaks letsencrypt linkedin linux lists localhost mac malware manifesto maps markdown meshnet messaging_apps meta_data metasploit microsoft mitm mobile mobile_apps mongodb monitor monitoring mozilla mysql nato network ngo nmpap notes nsa oauth2 objective-c onion_sites ooni open_data opensource operating_systems opsec optimization orgsec osint otr p2p packet_inspection password_manager passwords pdf pen_testing pgp phishing physical_security platforms policy privacy privilege_escalation products programming protocol prototyping proxy public_domain python raspberry_pi re reconnaissance redis reporting research retro rss ruby s3 scan scanner scraping search secure_contact security server service_providers shell shodan shortcuts signal slack social_networks software source_protection spreadsheets sql ssh ssl steganography subdomains surveillance sys sysadmin tcp telephony terminal testing text_analysis threat-research tinycode tls tor tor_bridges traffic training tryout tunneling twitter ubuntu ui usb ux verification via:popular video_editing vim visualization voip volatile_file_sharing vpn wagtail web_design web_servers web_standards webdev webdev_testing webdev_tools whistleblowing wifi windows wordpress wordpress_plugins workflow_tools writing_app wysiwyg xmpp xss

Copy this bookmark: