GalliumOS, 'a ightweight Linux distro for ChromeOS devices'
"A fast and lightweight Linux distro for ChromeOS devices."
Linux  OpenSource  chromebooks 
2 days ago
Thornsec core repo
Help systems and networks be more secure than default;

complete operational transparency;

facilitate cooperation amongst sysadmins;

minimal pre-requisites;

avenue for learning with others
OrgSec  SysAdmin 
18 days ago
OpenCanary is a daemon that runs canary services, which trigger alerts when (ab)used. The alerts can be sent to a variety of sources, including syslog, emails and a companion daemon opencanary-correlator.
canary  honeypot  monitor  network 
5 weeks ago
We are thrilled to share with you the new Filecoin Whitepaper. This new Whitepaper introduces two new Research breakthroughs in the Distributed Storage Networks (DSN) landscape: Proof-of-Replication (PoR) and Proof-of-Spacetime (PoSt).
blockchain  decentralised 
6 weeks ago
a Redis keys analysis script
This repository contains all the scripts necessary to keep track of the keys that Internet-accessible Redis servers are using. This can reveal whether anybody's currently compromising Redis databases across the Internet.
redis  Pen_Testing  monitoring  python  shodan 
6 weeks ago
Sublist3r subdomain enuneration
Fast subdomains enumeration tool for penetration testers
Pen_Testing  enumeration  python 
6 weeks ago
Vulnreport pentesting management platform
An open source pentesting management and automation platform by Salesforce Product Security team.
Pen_Testing  reporting  OpenSource  Platforms 
6 weeks ago
TL;DR: Mailsploit is a collection of bugs in email clients that allow effective sender spoofing and code injection attacks. The spoofing is not detected by Mail Transfer Agents (MTA) aka email servers, therefore circumventing spoofing protection mechanisms such as DMARC (DKIM/SPF) or spam filters.
malware  email 
6 weeks ago
the Haven app
Haven (formerly known as “Phoneypot”) is an Android application that leverages on-device sensors to provide monitoring and protection of physical spaces.
Android  mobile_apps  security  alerts  OpenSource 
6 weeks ago
vFeed threat intelligence database wrapper
vFeed The Correlated Vulnerability and Threat Intelligence Database Wrapper
alerts  security 
6 weeks ago
Pi-hole: A black hole for Internet advertisements
Network-wide ad blocking via your own Linux hardware – curl -sSL https://install.pi-hole.net | bash
Raspberry_pi  ad_blocking  network 
7 weeks ago
Dat Project
Dat is free software built for the public by Code for Science & Society, a nonprofit. Researchers, analysts, libraries, and universities are already using dat to archive and distribute scientific data. Developers are building applications on Dat for browsing peer-to-peer websites and offline editable maps. Anyone can use Dat to backup files or share those cute cat pictures with a friend. Install and get started today by using the desktop application, command line, or JavaScript library.
data  File_sharing 
7 weeks ago
Twitter Archive Eraser
Search, Filter and Bulk Delete your Oldest Tweets, Favorites, Direct Messages (DMs) Automatically
twitter  anti_forensics  Privacy 
8 weeks ago
The Endorser
An OSINT tool that allows you to draw out relationships between people on LinkedIn via endorsements/skills
OSINT  python  Social_Networks  linkedin 
8 weeks ago
Exodus Privacy
Εxodus is a privacy auditing platform for Android applications.
android  privacy  mobile_apps  Research 
8 weeks ago
GAM: command line management for Google G Suite
I'm not sure about this one, but it's interesting that for all sorts of things, there's a cli for it these days, often in Python. Sometimes this is pure geek stuff, and it's just easier to go to the interface. Other times, it's unlocking some interesting stuff. Being that I manage G Suite accounts in the dozens and ratchet up the security settings volume to 11, I'm wondering if this would meet my use case.
google  Cli  CommandLine  python 
8 weeks ago
Uwazi by @HURIDOCS
Uwazi is a free, open-source solution for organising, analysing and publishing your documents.
Open_Data  OpenSource  analysis  Platforms 
8 weeks ago
tilt: Terminal Ip Lookup Tool
An automatic ip lookup and reverse probing tool for passive reconnaissance
Reconnaissance  IP  python 
9 weeks ago
Diff Checker cli for public diffing
Sometimes you want to cloud diff checking because it's kind of an easier tool, you're not trying to keep other people from seeing it, or don't really care, and you want to share it with people.
Cli  diff 
9 weeks ago
This script will automatically guide you to install and configure your OpenVPN server with Shapeshifter Dispatcher (obfuscation) which will allow you to bypass the DPI blockage on OpenVPN. This setup will offer the users the freedom to choose between regular OpenVPN connection or obfuscated one, they actually can use both! OpenVPN is the VPN provider, Dispatcher is the command line proxy tool which utilize Shapeshifter which is a protocol shapeshifting technology that will obfuscate the transformed data between the user and the server.
9 weeks ago
Netsafe's Re:scam bot
Have no idea how well this thing works, but going to send it some phishing emails when I see them.
email  phishing 
10 weeks ago
Generate homographic unicode URLs for badness. Worth checking out but seems a pointless middle step.
10 weeks ago
MISP dashboard
A dashboard for a real-time overview of threat intelligence from MISP instances
malware  threat-research 
10 weeks ago
Onion Investigator
Onion Investigator: a Shodan like site for onion services
Tor  scraping  scanner  onion_sites  Reconnaissance 
10 weeks ago
Esoteric sub-domain enumeration techniques
This repository contains all the talk materials, videos and scripts from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtual conference.
Reconnaissance  Domains  subdomains 
10 weeks ago
Find phishing campaigns possibly using your domain or one like it.
phishing  monitoring 
10 weeks ago
Catching malicious phishing domain names using certstream SSL certificates live stream. This is just a working PoC, feel free to contribute and tweak the code to fit your needs
phishing  SSL  monitoring 
10 weeks ago
CertStream is an intelligence feed that gives you real-time updates from the Certificate Transparency Log network, allowing you to use it as a building block to make tools that react to new certificates being issued in real time. We do all the hard work of watching, aggregating, and parsing the transparency logs, and give you super simple libraries that enable you to do awesome things with minimal effort. 
SSL  monitoring 
10 weeks ago
ORC,a Distributed Anonymous Cloud on Tor
The Onion Routed Cloud is a decentralised, anonymous, object storage platform owned and operated by allies in defense of human rights and opposition to censorship.
Tor  File_sharing  Cloud_services  Anonymity  Encryption 
11 weeks ago
Kernel Privilege Escalation Enumeration And Exploitation Framework
python  privilege_escalation  Hacking  enumeration 
11 weeks ago
This is an ansible role for tor relay operators. 
ansible  Tor  SysAdmin 
11 weeks ago
A curated list of amazingly awesome open source sysadmin resources.
SysAdmin  Lists 
12 weeks ago
Free Automated Malware Analysis Service - powered by VxStream Sandbox
This webpage is a free malware analysis service powered by Payload Security that detects and analyzes unknown threats using a unique Hybrid Analysis technology.
malware  security 
12 weeks ago
Dropper Analysis
SEKOIA Dropper Analysis is a malware analysis application with a focus on droppers. Droppers are often the first stage in a malware infection and can take several forms, with their simple goal being to install and execute a second stage malware on the system.
malware  analysis 
12 weeks ago
Security Onion
Enterprise level network activity monitoring.
security  monitoring  network  Reconnaissance 
12 weeks ago
RaspberryPi NSM
Suitable for a home 'blackbox' deployment - it will record everything that happens on your network. Use it to detect threats and/or to provide network forensics to a malware lab. 
network  security  Reconnaissance  Raspberry_pi 
12 weeks ago
OSoMe: Social Media Observatory
The who, what, where, when, and how of social media data
Data_Analysis  Social_Networks  scraping 
12 weeks ago
Observatory by Mozilla
Observatory by Mozilla has helped over 80,000 websites by teaching developers, system administrators, and security professionals how configure their sites safely and securely.
security  webdev  scan  mozilla  testing 
12 weeks ago
Beaker: a peer-to-peer Web browser.
Beaker is a peer-to-peer browser with tools to create and host websites. Don't just browse the Web, build it.
browser  p2p  decentralized 
12 weeks ago
CKP - KeePass integration for Chrome
A plugin for read-only access to a Keepass archive stored locally, in Drive or elsewhere.
Passwords  password_manager  OpenSource  Chrome_plugin 
12 weeks ago
The Clipperz password manager
Open source online vault and password manager that knows nothing about you and your data
Passwords  password_manager  security  OpenSource 
12 weeks ago
Massive SQL Injection Vulnerability Scanner
Pen_Testing  Reconnaissance  sql  google_dorks 
12 weeks ago
ooni-sysadmin tools
system administration tools for the Open Observatory of Network Interference.
Tor  ooni  censorship 
october 2017
Because I enjoy steganography.
steganography  python 
october 2017
MobaXterm tabbed terminal
You can seemingly run everything from this thing.
terminal  CommandLine 
october 2017
Use computer vision to determine if an IDN can be interpreted as something it's not
phishing  python 
october 2017
Signal as a Newsroom Dropbox by @bartongellman
Signal Private Messenger has become a preferred channel of conversation between journalists and established confidential sources. A savvy newsroom can make it safer on both sides with precautions in its setup and use. This guide aims for a tolerable balance of security and usability.

Some good recommendations on using iPod or other non-network devices instead of a mobile for Signal, or a Wire alternative are in the Twitter feed on this one: https://twitter.com/bartongellman/status/898322472931479556
journalism_technology  secure_contact  source_protection  signal 
october 2017
Clean Chromebook Admin Controls
Administering Chromebooks: For teams traveling to complex and hostile environments (a work in progress)
chromebooks  google  OpSec  DigSec  SysAdmin 
october 2017
MITRE’s ATT&CK™ files
MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) is a curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s lifecycle and the platforms they are known to target. ATT&CK is useful for understanding security risk against known adversary behavior, for planning security improvements, and verifying defenses work as expected.
threat-research  security 
october 2017
Your favorite site doesn't provide news feeds?
This free online service converts any web page to an RSS feed on the fly.
october 2017
How to Use Tor Messenger for macOS (beta)
Mostly this is here to remind myself that Tor Messenger now works on Mac and that I shouldn't give up on XMPP yet... maybe.
Tor  DigSec_HowTo  DigSec_Tools  messaging_apps  OTR  Encryption  Mac  irc  xmpp 
october 2017
Quackbot is a Slack bot for journalists from Quartz and DocumentCloud
objective-c  journalism_technology  data_analsis  slack 
october 2017
DocumentCloud runs every document you upload through Thomson Reuters OpenCalais, giving you access to extensive information about the people, places and organizations mentioned in each.
journalism_technology  data_journalism  collaboration  !Document_Management 
october 2017
An Open Source Platform for Complex Network Analysis and Visualization.
visualization  data  opensource  research 
october 2017
USB Canary
A Linux tool that uses pyudev to monitor devices while your computer is locked. In the case it detects someone plugging in or unplugging devices it can be configured to send you an SMS or alert you via Slack of the potential security breach.

hardware  DigSec  security 
october 2017
Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web (PDF)
Abstract—Web developers routinely rely on third-party Java-Script libraries such as jQuery to enhance the functionality of their sites. However, if not properly maintained, such dependen-cies can create attack vectors allowing a site to be compromised.
Javascript  exploit  article  academic  pdf 
october 2017
FacebooData scraper for Facebook pages
Data scraper for Facebook Pages, and also code accompanying the blog post How to Scrape Data From Facebook Page Posts for Statistical Analysis
Data_Scraping  Social_Networks  Facebook 
october 2017
Super-Stealthy Droppers
In this paper we are going to talk about how to use memfd_create or fexecve to develop a super-stealthy dropper and ultimately, better understand how criminals develop and deploy malware.
malware  forensic  Pen_Testing  programming  How_To 
october 2017
IPFS is the Distributed Web
A peer-to-peer hypermedia protocol to make the web faster, safer, and more open.
ipfs  P2P  circumvention 
october 2017
How the Catalan government uses IPFS to sidestep Spain's legal block
Catalonia independence referendum organisers need to block Spanish government censorship and site attacks. Their solution involved IPFS, some crypto and some ingenuity. Here is the resulting website (as of Sep. 27): Referèndum 2017. Let’s see how it works!
article  How_To  IPFS 
october 2017
Gandi CLI
A command line interface to Gandi.net products using the public API. Use gandi to create and manage domains, certificates, hosting instances, servers, etc.

On Github at https://github.com/gandi/gandi.cli
Domains  Cli  CommandLine 
october 2017
The Data Ethics Canvas by the Open Data Institute
The Data Ethics Canvas is designed to help identify potential ethical issues associated with a data project or activity. It promotes understanding and debate around the foundation, intention and potential impact of any piece of work, and helps identify the steps needed to act ethically.
data_policy  NGO  OpSec  training 
october 2017
Sheet: A 218b spreadsheet app in HTML/JS
<script>(o=b=>{for(j in a)for(i in a)y=a[i]+j,b?document.write(
`<${i*j?'input':'p'} onfocus=value=[o[id]] onblur=o[id]=value;o() id=${y}>`
):eval(y+(".value"+o[y]).replace(/[A-Z]\d/g," +$&.value"))})(a="_ABCD")</script>
spreadsheets  js  HTML  data_visualisation  OpenSource  TinyCode 
september 2017
CIRCLean USB stick sanitizer
   Malware regularly uses USB sticks to infect victims, and the abuse of USB sticks is a common vector of infection.  CIRCLean is an independent hardware solution to clean documents from untrusted (obtained) USB keys / USB sticks. The device automatically converts untrusted documents into a readable but disarmed format and stores these clean files on a trusted (user owned) USB key/stick. The code runs on a Raspberry Pi (a small hardware device), which also means it is not required to plug the original USB key into a computer. CIRCLean can be seen as a kind of air gap between the untrusted USB key and your operational computer.

    CIRCLean does not require any technical prerequisites of any kind and can be used by anyone. CIRCLean is free software which can be audited and analyzed by third-parties. We also invite all organizations to actively reuse CIRCLean in their own products or contribute to the project.
infosec  security  Raspberry_pi  forensic  OpenSource  USB 
september 2017
A Node.js package for BLE (Bluetooth Low Energy) security assessment using Man-in-the-Middle and other attacks.
Here's a blog post about it: https://tirateunping.wordpress.com/2016/11/01/gattacker-ble-bluetooth-low-energy-man-in-the-middle/
js  bluetooth  Pen_Testing  mitm  IoT 
september 2017
Bucket Finder
DigiNinja made a Ruby script to automate finding insecure data in AWS S3 buckets.
Cloud_services  Hacking  Ruby  s3  aws 
september 2017
Use Alidade to create a plan for finding technology tools that suit your social change project. Built on in-depth research in Kenya and South Africa. Designed for activists and social change organisations everywhere. Complete this interactive guide and get a planning document to share with colleagues, technical developers or donors.
NGO  Open_Data  ICT 
september 2017
Follow the Bitcoin With Python, BlockExplorer and Webhose.io
Method of discovering real relationships with Bitcoin addresses across the web, providing the secret Bitcoin address owner made an OpSec mistake.
python  bitcoin  OSINT  Reconnaissance 
september 2017
Security Incident Information Management handbook by @RedRUK
Aimed at improving NGO security incident information management. Produced in partnership with Insecurity Insight and EISF, the SIIM handbook is a free downloadable resource sharing best practice, guidelines, tools and recommendations to enhance organisational security incident information management.
NGO  OrgSec 
september 2017
LuLu, an open source firewall for Mac
LuLu is the free open-source macOS firewall that aims to block unknown outgoing connections, unless explicitly approved by the user.
firewall  OpenSource  Mac  monitoring  DigSec_Tools 
september 2017
idb: iOS Application Security Assessment Tool
idb is a tool to simplify some common tasks for iOS app security assessments and research. It is open-source under the MIT license, hosted on Github, and developed by Daniel Mayer.
iOS  Pen_Testing  OpenSource 
september 2017
Fucking Search Engines Scraper
Fses is a Python library to scrape urls from search queries. Good for power Google dorking in the command line.
python  search  scraping  Pen_Testing  Reconnaissance  OpenSource  doxxing 
september 2017
A tool built in python to monitor any public webpages for updates and get alerts. http://thp.io/2008/urlwatch/
python  monitoring  OpenSource 
september 2017
Lightweight Business Intelligence tool for reporting mongodb, postgresql, Mysql, & MS sql data

To see how it works go to www.widestage.com
business_intelligence  mongoDB  reporting  OpenSource 
september 2017
« earlier      
!document_management academic actvist_tech ad_blocking alerts analysis analytics android anonymity ansible anti_forensics archive article authentication aws backup bios bitcoin blockchain blogs bluetooth browser business_intelligence canary cctv censorship chrome_plugin chromebooks circumvention cli closed_source cloud_services cms coding collaboration commandline confederated content_creation copyright css cyber_warfare dashboards data data_analsis data_analysis data_journalism data_mining data_policy data_scraping data_visualisation data_wipe databases decentralised decentralized design diff digital_radio digsec digsec_howto digsec_services digsec_tools dns domains doxxing drupal drupal_modules email encryption enumeration exploit facebook file_sharing firewall firmware flat_file_websites foia fonts forensic foss framework frameworks frontend_dev gaming git goodorgs google google_dorks graphic_design gui hacking hardware honey_pot honeypot hosting how how_to htaccess html https icons ict ict_policy image_archive image_archives image_editing infosec interactive intranet ios iot ip ipfs iphone irc javascript journalism journalism_technology journalist_safety js law lazyweb_tools leaks letsencrypt linkedin linux lists mac malware manifesto maps markdown messaging_apps meta_data mitm mobile mobile_apps mongodb monitor monitoring mozilla mysql nato network ngo notes nsa oauth2 objective-c onion_sites ooni open_data opensource operating_systems opsec optimization orgsec osint otr p2p password_manager passwords pdf pen_testing pgp phishing physical_security platforms policy privacy privilege_escalation products programming protocol prototyping public_domain python raspberry_pi reconnaissance redis reporting research retro rss ruby s3 scan scanner scraping search secure_contact security service_providers shodan signal slack social_networks software source_protection spreadsheets sql ssh ssl steganography subdomains surveillance sys sysadmin telephony terminal testing text_analysis threat-research tinycode tls tor training twitter ubuntu ui usb ux verification via:popular video_editing vim visualization voip volatile_file_sharing vpn web_design web_servers web_standards webdev webdev_testing webdev_tools whistleblowing wordpress wordpress_plugins workflow_tools writing_app xmpp

Copy this bookmark: