Diff Checker cli for public diffing
Sometimes you want to cloud diff checking because it's kind of an easier tool, you're not trying to keep other people from seeing it, or don't really care, and you want to share it with people.
Cli  diff 
10 hours ago
This script will automatically guide you to install and configure your OpenVPN server with Shapeshifter Dispatcher (obfuscation) which will allow you to bypass the DPI blockage on OpenVPN. This setup will offer the users the freedom to choose between regular OpenVPN connection or obfuscated one, they actually can use both! OpenVPN is the VPN provider, Dispatcher is the command line proxy tool which utilize Shapeshifter which is a protocol shapeshifting technology that will obfuscate the transformed data between the user and the server.
Netsafe's Re:scam bot
Have no idea how well this thing works, but going to send it some phishing emails when I see them.
email  phishing 
4 days ago
Generate homographic unicode URLs for badness. Worth checking out but seems a pointless middle step.
4 days ago
MISP dashboard
A dashboard for a real-time overview of threat intelligence from MISP instances
malware  threat-research 
6 days ago
Onion Investigator
Onion Investigator: a Shodan like site for onion services
Tor  scraping  scanner  onion_sites  Reconnaissance 
6 days ago
Esoteric sub-domain enumeration techniques
This repository contains all the talk materials, videos and scripts from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtual conference.
Reconnaissance  Domains  subdomains 
6 days ago
Find phishing campaigns possibly using your domain or one like it.
phishing  monitoring 
10 days ago
Catching malicious phishing domain names using certstream SSL certificates live stream. This is just a working PoC, feel free to contribute and tweak the code to fit your needs
phishing  SSL  monitoring 
10 days ago
CertStream is an intelligence feed that gives you real-time updates from the Certificate Transparency Log network, allowing you to use it as a building block to make tools that react to new certificates being issued in real time. We do all the hard work of watching, aggregating, and parsing the transparency logs, and give you super simple libraries that enable you to do awesome things with minimal effort. 
SSL  monitoring 
10 days ago
ORC,a Distributed Anonymous Cloud on Tor
The Onion Routed Cloud is a decentralised, anonymous, object storage platform owned and operated by allies in defense of human rights and opposition to censorship.
Tor  File_sharing  Cloud_services  Anonymity  Encryption 
11 days ago
Kernel Privilege Escalation Enumeration And Exploitation Framework
python  privilege_escalation  Hacking  enumeration 
13 days ago
This is an ansible role for tor relay operators. 
ansible  Tor  SysAdmin 
16 days ago
A curated list of amazingly awesome open source sysadmin resources.
SysAdmin  Lists 
18 days ago
Free Automated Malware Analysis Service - powered by VxStream Sandbox
This webpage is a free malware analysis service powered by Payload Security that detects and analyzes unknown threats using a unique Hybrid Analysis technology.
malware  security 
18 days ago
Dropper Analysis
SEKOIA Dropper Analysis is a malware analysis application with a focus on droppers. Droppers are often the first stage in a malware infection and can take several forms, with their simple goal being to install and execute a second stage malware on the system.
malware  analysis 
18 days ago
Security Onion
Enterprise level network activity monitoring.
security  monitoring  network  Reconnaissance 
19 days ago
RaspberryPi NSM
Suitable for a home 'blackbox' deployment - it will record everything that happens on your network. Use it to detect threats and/or to provide network forensics to a malware lab. 
network  security  Reconnaissance  Raspberry_pi 
19 days ago
OSoMe: Social Media Observatory
The who, what, where, when, and how of social media data
Data_Analysis  Social_Networks  scraping 
20 days ago
Observatory by Mozilla
Observatory by Mozilla has helped over 80,000 websites by teaching developers, system administrators, and security professionals how configure their sites safely and securely.
security  webdev  scan  mozilla  testing 
20 days ago
Beaker: a peer-to-peer Web browser.
Beaker is a peer-to-peer browser with tools to create and host websites. Don't just browse the Web, build it.
browser  p2p  decentralized 
20 days ago
CKP - KeePass integration for Chrome
A plugin for read-only access to a Keepass archive stored locally, in Drive or elsewhere.
Passwords  password_manager  OpenSource  Chrome_plugin 
21 days ago
The Clipperz password manager
Open source online vault and password manager that knows nothing about you and your data
Passwords  password_manager  security  OpenSource 
21 days ago
Massive SQL Injection Vulnerability Scanner
Pen_Testing  Reconnaissance  sql  google_dorks 
22 days ago
ooni-sysadmin tools
system administration tools for the Open Observatory of Network Interference.
Tor  ooni  censorship 
25 days ago
Because I enjoy steganography.
steganography  python 
29 days ago
MobaXterm tabbed terminal
You can seemingly run everything from this thing.
terminal  CommandLine 
4 weeks ago
Use computer vision to determine if an IDN can be interpreted as something it's not
phishing  python 
4 weeks ago
Signal as a Newsroom Dropbox by @bartongellman
Signal Private Messenger has become a preferred channel of conversation between journalists and established confidential sources. A savvy newsroom can make it safer on both sides with precautions in its setup and use. This guide aims for a tolerable balance of security and usability.

Some good recommendations on using iPod or other non-network devices instead of a mobile for Signal, or a Wire alternative are in the Twitter feed on this one: https://twitter.com/bartongellman/status/898322472931479556
journalism_technology  secure_contact  source_protection  signal 
4 weeks ago
Clean Chromebook Admin Controls
Administering Chromebooks: For teams traveling to complex and hostile environments (a work in progress)
chromebooks  google  OpSec  DigSec  SysAdmin 
5 weeks ago
MITRE’s ATT&CK™ files
MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) is a curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s lifecycle and the platforms they are known to target. ATT&CK is useful for understanding security risk against known adversary behavior, for planning security improvements, and verifying defenses work as expected.
threat-research  security 
5 weeks ago
Your favorite site doesn't provide news feeds?
This free online service converts any web page to an RSS feed on the fly.
5 weeks ago
How to Use Tor Messenger for macOS (beta)
Mostly this is here to remind myself that Tor Messenger now works on Mac and that I shouldn't give up on XMPP yet... maybe.
Tor  DigSec_HowTo  DigSec_Tools  messaging_apps  OTR  Encryption  Mac  irc  xmpp 
5 weeks ago
Quackbot is a Slack bot for journalists from Quartz and DocumentCloud
objective-c  journalism_technology  data_analsis  slack 
5 weeks ago
DocumentCloud runs every document you upload through Thomson Reuters OpenCalais, giving you access to extensive information about the people, places and organizations mentioned in each.
journalism_technology  data_journalism  collaboration  !Document_Management 
5 weeks ago
Pelican 3.5.0 — Pelican 3.5.0 documentation
Pelican is a static site generator, written in Python.
flat_file_websites  python  OpenSource 
5 weeks ago
An Open Source Platform for Complex Network Analysis and Visualization.
visualization  data  opensource  research 
5 weeks ago
USB Canary
A Linux tool that uses pyudev to monitor devices while your computer is locked. In the case it detects someone plugging in or unplugging devices it can be configured to send you an SMS or alert you via Slack of the potential security breach.

hardware  DigSec  security 
6 weeks ago
Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web (PDF)
Abstract—Web developers routinely rely on third-party Java-Script libraries such as jQuery to enhance the functionality of their sites. However, if not properly maintained, such dependen-cies can create attack vectors allowing a site to be compromised.
Javascript  exploit  article  academic  pdf 
6 weeks ago
FacebooData scraper for Facebook pages
Data scraper for Facebook Pages, and also code accompanying the blog post How to Scrape Data From Facebook Page Posts for Statistical Analysis
Data_Scraping  Social_Networks  Facebook 
6 weeks ago
Super-Stealthy Droppers
In this paper we are going to talk about how to use memfd_create or fexecve to develop a super-stealthy dropper and ultimately, better understand how criminals develop and deploy malware.
malware  forensic  Pen_Testing  programming  How_To 
6 weeks ago
IPFS is the Distributed Web
A peer-to-peer hypermedia protocol to make the web faster, safer, and more open.
ipfs  P2P  circumvention 
6 weeks ago
How the Catalan government uses IPFS to sidestep Spain's legal block
Catalonia independence referendum organisers need to block Spanish government censorship and site attacks. Their solution involved IPFS, some crypto and some ingenuity. Here is the resulting website (as of Sep. 27): Referèndum 2017. Let’s see how it works!
article  How_To  IPFS 
6 weeks ago
Gandi CLI
A command line interface to Gandi.net products using the public API. Use gandi to create and manage domains, certificates, hosting instances, servers, etc.

On Github at https://github.com/gandi/gandi.cli
Domains  Cli  CommandLine 
6 weeks ago
The Data Ethics Canvas by the Open Data Institute
The Data Ethics Canvas is designed to help identify potential ethical issues associated with a data project or activity. It promotes understanding and debate around the foundation, intention and potential impact of any piece of work, and helps identify the steps needed to act ethically.
data_policy  NGO  OpSec  training 
6 weeks ago
Sheet: A 218b spreadsheet app in HTML/JS
<script>(o=b=>{for(j in a)for(i in a)y=a[i]+j,b?document.write(
`<${i*j?'input':'p'} onfocus=value=[o[id]] onblur=o[id]=value;o() id=${y}>`
):eval(y+(".value"+o[y]).replace(/[A-Z]\d/g," +$&.value"))})(a="_ABCD")</script>
spreadsheets  js  HTML  data_visualisation  OpenSource  TinyCode 
7 weeks ago
CIRCLean USB stick sanitizer
   Malware regularly uses USB sticks to infect victims, and the abuse of USB sticks is a common vector of infection.  CIRCLean is an independent hardware solution to clean documents from untrusted (obtained) USB keys / USB sticks. The device automatically converts untrusted documents into a readable but disarmed format and stores these clean files on a trusted (user owned) USB key/stick. The code runs on a Raspberry Pi (a small hardware device), which also means it is not required to plug the original USB key into a computer. CIRCLean can be seen as a kind of air gap between the untrusted USB key and your operational computer.

    CIRCLean does not require any technical prerequisites of any kind and can be used by anyone. CIRCLean is free software which can be audited and analyzed by third-parties. We also invite all organizations to actively reuse CIRCLean in their own products or contribute to the project.
infosec  security  Raspberry_pi  forensic  OpenSource  USB 
7 weeks ago
A Node.js package for BLE (Bluetooth Low Energy) security assessment using Man-in-the-Middle and other attacks.
Here's a blog post about it: https://tirateunping.wordpress.com/2016/11/01/gattacker-ble-bluetooth-low-energy-man-in-the-middle/
js  bluetooth  Pen_Testing  mitm  IoT 
7 weeks ago
Bucket Finder
DigiNinja made a Ruby script to automate finding insecure data in AWS S3 buckets.
Cloud_services  Hacking  Ruby  s3  aws 
7 weeks ago
Use Alidade to create a plan for finding technology tools that suit your social change project. Built on in-depth research in Kenya and South Africa. Designed for activists and social change organisations everywhere. Complete this interactive guide and get a planning document to share with colleagues, technical developers or donors.
NGO  Open_Data  ICT 
8 weeks ago
Follow the Bitcoin With Python, BlockExplorer and Webhose.io
Method of discovering real relationships with Bitcoin addresses across the web, providing the secret Bitcoin address owner made an OpSec mistake.
python  bitcoin  OSINT  Reconnaissance 
8 weeks ago
Security Incident Information Management handbook by @RedRUK
Aimed at improving NGO security incident information management. Produced in partnership with Insecurity Insight and EISF, the SIIM handbook is a free downloadable resource sharing best practice, guidelines, tools and recommendations to enhance organisational security incident information management.
NGO  OrgSec 
9 weeks ago
LuLu, an open source firewall for Mac
LuLu is the free open-source macOS firewall that aims to block unknown outgoing connections, unless explicitly approved by the user.
firewall  OpenSource  Mac  monitoring  DigSec_Tools 
9 weeks ago
idb: iOS Application Security Assessment Tool
idb is a tool to simplify some common tasks for iOS app security assessments and research. It is open-source under the MIT license, hosted on Github, and developed by Daniel Mayer.
iOS  Pen_Testing  OpenSource 
9 weeks ago
Fucking Search Engines Scraper
Fses is a Python library to scrape urls from search queries. Good for power Google dorking in the command line.
python  search  scraping  Pen_Testing  Reconnaissance  OpenSource  doxxing 
9 weeks ago
A tool built in python to monitor any public webpages for updates and get alerts. http://thp.io/2008/urlwatch/
python  monitoring  OpenSource 
10 weeks ago
Lightweight Business Intelligence tool for reporting mongodb, postgresql, Mysql, & MS sql data

To see how it works go to www.widestage.com
business_intelligence  mongoDB  reporting  OpenSource 
10 weeks ago
Python Taint ☣
 A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications
python  Pen_Testing  Hacking  OpenSource 
10 weeks ago
Analyze the security of any domain by finding all the information possible. Made in python.

Domain analyzer is a security analysis tool which automatically discovers and reports information about the given domain. Its main purpose is to analyze domains in an unattended way.
python  OSINT  Hacking  Reconnaissance  OpenSource 
10 weeks ago
An ssh-agent for every domain: SSHecret » CyberPunk
sshecret is a tool that creates an ssh-agent for each identity file found in your ssh_config(5) and executes ssh commands for a particular host using an environment that has access to only the key for that one host.
ssh  SysAdmin  OpenSource 
10 weeks ago
WhatRuns — Discover What runs a Website.
Extension that helps you identify technologies used on any website at the click of a button.
Chrome_plugin  WebDev  OSINT  Reconnaissance 
11 weeks ago
Buscador OSINT VM
Buscador is a Linux Virtual Machine that is pre-configured for online investigators. It was developed by David Westcott and Michael Bazzell, and distributions are maintained on this page.
OSINT  Reconnaissance  OpenSource  Operating_Systems  doxxing 
11 weeks ago
Free Cyber Security Tools from Rapid7, makers of Metasploit
Security doesn't come easy, and it shouldn't be your wallet that decides over whether you can protect your data. That's why Rapid7 makes community editions of its security software available to download for free. In addition, we have some great free security tools you can use on your smart phone or in your browser.
Hacking  Pen_Testing 
11 weeks ago
Paterva (Maltego)
Sells Maltego platofm for InfoSec teams and Pen Testing information gathering and reports
Pen_Testing  InfoSec  Hacking  Reconnaissance 
11 weeks ago
Quickly share and receive files with your own self-hosted service so your contact doesn't need to use an app. This problem is by-in-large solved and more securely by other tools, but if you want to host something that shows you traffic and logs actions, then this is it. HTTPS it as that's the only security I can see that applies here.
Platforms  Collaboration  File_sharing  OpenSource 
11 weeks ago
Paletton - The Color Scheme Designer
Get a colour scheme that looks good together sorted out quick.
LazyWeb_Tools  Design  CSS 
11 weeks ago
A suite of private ephemeral collaboration tools for teams & enterprises. Some people swear by it.
messaging_apps  Encryption  DigSec_Tools  DigSec_Services  closed_source 
11 weeks ago
Password hashes dump tools
Someone put together this Google Spreadsheet on password hash cracking tools.
Hacking  Pen_Testing  Passwords 
11 weeks ago
The GNU Privacy Guard
GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP). GnuPG allows to encrypt and sign your data and communication, features a versatile key management system as well as access modules for all kinds of public key directories.
Encryption  pgp  OpenSource 
11 weeks ago
Hints and Tips for Whistleblowers
Technical Hints and Tips for protecting the anonymity of sources for Whistleblowers, Investigative Journalists, Campaign Activists and Political Bloggers etc.
Whistleblowing  How_To  Lists  OpSec  DigSec_HowTo 
11 weeks ago
Have I been pwned?
Check if you have an account that has been compromised in a data breach. Endlessly useful and works on organisational-wide emails as well.
email  Pen_Testing  OSINT  DigSec_Services 
11 weeks ago
The Hobbit Name Generator
This is my preferred site for creating new names for things. That's a clue, you know.
Anonymity  LazyWeb_Tools 
11 weeks ago
Generate a Random Name - Fake Name Generator
Come up with a persona for that account you don't want to dump your actual information into without over thinking it.
Anonymity  LazyWeb_Tools 
11 weeks ago
« earlier      
!document_management academic actvist_tech analysis analytics android anonymity ansible archive article authentication aws backup bios bitcoin blockchain blogs bluetooth browser business_intelligence cctv censorship chrome_plugin chromebooks circumvention cli closed_source cloud_services cms coding collaboration commandline confederated content_creation copyright css cyber_warfare dashboards data data_analsis data_analysis data_journalism data_mining data_policy data_scraping data_visualisation data_wipe databases decentralised decentralized design diff digital_radio digsec digsec_howto digsec_services digsec_tools dns domains doxxing drupal drupal_modules email encryption enumeration exploit facebook file_sharing firewall firmware flat_file_websites foia fonts forensic foss framework frameworks frontend_dev gaming git goodorgs google google_dorks graphic_design gui hacking hardware honey_pot hosting how how_to htaccess html https icons ict ict_policy image_archive image_archives image_editing infosec interactive intranet ios iot ipfs iphone irc javascript journalism journalism_technology journalist_safety js law lazyweb_tools leaks letsencrypt linux lists mac malware manifesto maps markdown messaging_apps meta_data mitm mobile mobile_apps mongodb monitoring mozilla mysql nato network ngo notes nsa oauth2 objective-c onion_sites ooni open_data opensource operating_systems opsec optimization orgsec osint otr p2p password_manager passwords pdf pen_testing pgp phishing physical_security platforms policy privacy privilege_escalation products programming protocol prototyping public_domain python raspberry_pi reconnaissance reporting research retro rss ruby s3 scan scanner scraping search secure_contact security service_providers signal slack social_networks software source_protection spreadsheets sql ssh ssl steganography subdomains surveillance sys sysadmin telephony terminal testing text_analysis threat-research tinycode tls tor training twitter ubuntu ui usb ux verification via:popular video_editing vim visualization voip volatile_file_sharing vpn web_design web_servers web_standards webdev webdev_testing webdev_tools whistleblowing wordpress wordpress_plugins workflow_tools writing_app xmpp

Copy this bookmark: