VOOKI - Web Application Vulnerability Scanner
Vooki is a free web application vulnerability scanner. Vooki is a user-friendly tool that you can easily scan any web application and find the vulnerabilities. Vooki includes Web Application Scanner, Rest API Scanner, and reporting section.
Pen_Testing  scanner 
8 hours ago
Awesone web security
🐶 Curated list of Web Security materials and resources.
2 days ago
Multiple Ways to Get root through Writable File
In Linux everything is a file, including directories and devices that have permissions to allow or restricted three operations i.e. read/write/execute
hacking  Linux 
8 days ago
Developer Tools | Hugo
All the tools for deving Hugo websites.
hugo  flat_file_websites  WebDev_Tools 
8 days ago
WTF - A Terminal Dashboard
WTF is a personal information dashboard for your terminal, developed for those who spend most of their day in the command line.
terminal  todo  productivity 
16 days ago
Fsociety Hacking Tools Pack - A Penetration Testing Framework - KitPloit - PenTest Tools for your Security Arsenal ☣
Other shows' merchandise usually runs along the action figure or Happy Neal spectrum. With Mr. Robot, it's the working stuff from the show, like if Terminator actually led to fit repos of killer robots.
17 days ago
Crafting the InfoSec Playbook - O'Reilly Media
Security Monitoring and Incident Response Master Plan
buylist  security  book 
20 days ago
Shell Scripting and Security
Basic ways you can use shell scripts to monitor password strength and secret accounts
shell  CommandLine  security 
21 days ago
Awesome Hacking Tools
A curated list of awesome Hacking Tools. If you want to contribute to this list send me a pull request
23 days ago
Sunder is a user-friendly graphical interface for Shamir's Secret Sharing.

Also see https://freedom.press/news/meet-sunder-new-way-share-secrets/
tryout  Encryption 
24 days ago
GTFOBins is a curated list of Unix binaries that can be exploited by an attacker to bypass local security restrictions
pentesting  hacking  unix  shell 
25 days ago
WebTorrent Desktop
Streaming torrent app for Mac, Windows, and Linux
torrent  streaming 
26 days ago
find all rhe things on otger computers.
 If you want to do an inventory of all installed software in your active directory domain, then keep on reading my post.
How_To  Reconnaissance  network  scanner 
27 days ago
Malware Analysis is for the (Cuckoo) Birds - TrustedSec
The Cuckoo sandbox is an open source malware analysis system that can perform used against many different types of malware, ranging from Office documents to executables. 
malware  OpenSource 
27 days ago
jarun/googler: Google from the terminal
Search the web with Google from the command line instead of the browser... because stuff.
google  python  Cli  search 
27 days ago
saltpack - a modern crypto messaging format
Need to encode, transmit, or store encrypted or signed data? saltpack is a streamlined, modern solution, designed with simplicity in mind. It is easy to implement & integrate. We've made few crypto decisions and instead leave almost all of the heavy lifting to the NaCl library
4 weeks ago
This Tool Queries The Emails That Registered The Domain And Verifies If They Were Leaked In Some Data Leak - KitPloit - PenTest Tools for your Security Arsenal ☣
email  whois  Domains  Open_Data  Reconnaissance 
4 weeks ago
VFRAME is a computer vision toolkit designed for human rights researchers and investigative journalists
machine_learning  AI  Open_Data  verification 
4 weeks ago
SugarCube is a framework to fetch, transform and publish data. Data processes are described using plugins, which are chained in sequence to transform any sort of data. It is used to support data based investigations.
scraping  OpenSource  Open_Data  verification 
4 weeks ago
One to Zero
How to build a static website using a zero configuration toolkit
WebDev  static-hosting 
4 weeks ago
Juice Shop i- ntentionally insecure webapp for security trainings
OWASP Juice Shop is an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws. - http://owasp-juice.shop
training  security  WebDev  QWASP  infosec  education  javascript 
4 weeks ago
Harpoon: an OSINT / Threat Intelligence tool · Tek's blog

Harpoon is a tool to automate threat intelligence and open source intelligence tasks. It is written in Python 3 and organised in plugins so the idea is to have one plugin per platform or task. The code is on Github, feel free to open issues and propose Pull Requests.
4 weeks ago
PAVELOW helps you with your exploiting and vulnerability searching adventures on KALI Linux by using a few different pre-installed tools among several others that PAVELOW will installed & setup for you(they all can be found right here on Github too).
Hacking  exploit  Pen_Testing 
5 weeks ago
NetBlocks Framework
Open technology for transparent internet governance using javascript, python and other tracking, documenting tools.
transparency  monitoring  censorship  Framework 
5 weeks ago
Exploitation Framework for Embedded Devices
routers  Hacking  IoT 
6 weeks ago
FOIA 101: Tips and Tricks to Make You a Transparency Master
This is a nice guide on how to use a very complex Cli for recon.
transparency  Research 
6 weeks ago
Can I use... Support tables for HTML5, CSS3, etc
Let's you know how useable your front end work is going to be on different browsers and devices.
browser  WebDev 
6 weeks ago
Motherboard Made a Tool That Archives Websites on Demand - Motherboard
mass_archive, a basic Python script, will push a webpage or URL to multiple archive services at once, hopefully making online journalism or research a bit more efficient.
7 weeks ago
Penetration Testing checklist on Process Street
This Process Street penetration testing checklist is engineered to give a documentation process for staff carrying out penetration testing on either their own networks and services or those of a client.
7 weeks ago
An information gathering tool to colect git commit emails in version control host services.
Git  Reconnaissance  phishing 
7 weeks ago
How to Easily Generate Hundreds of Phishing Domains « Null Byte :: WonderHowTo
onvincing domain name is critical to the success of any phishing attack. With a single Python script, it's possible to find hundreds of available phishing domains and even identify phishing websites deployed by other hackers for purposes such as stealing user credentials.
How_To  phishing  Hacking  python  Domains 
8 weeks ago
ESP8266 deauther
Scan for WiFi devices, block selected connections, create dozens of networks and confuse WiFi scanners!
network  wifi  security 
8 weeks ago
SMBrute is a program that can be used to bruteforce username and passwords of servers that are using SMB (Samba).
Hacking  server  samba  smb  bruteforce 
8 weeks ago
Champions Curriculum:
A training curriculum for teaching information security "champions" within small organisations and helping them conduct a basic assessment. (Work in progress)
InfoSec  OrgSec 
8 weeks ago
Self hosted newsletter app
OpenSource  email  WebDev 
8 weeks ago
tachyons tldr
Cheater for looking up Tachyon CSS classes, which are a different kind of voodoo all together. Remember how people used to bang on about not putting styles in the pages? For flippen' 'eck it's back.
CSS  Design  WebDev 
9 weeks ago
Text Editor toolkit for web :: make a wysiwyg.
wysiwyg  WebDev  OpenSource 
9 weeks ago
Tool to scan for secret files on HTTP servers
python  security  Reconnaissance  Pen_Testing  Hacking 
9 weeks ago
A curated list of awesome packages, articles, and other cool resources from the Wagtail community.
wagtail  CMS  django 
10 weeks ago
Structured Text Tools
The following is a list of text-based file formats and command line tools for manipulating each.
cli  CommandLine  WebDev 
10 weeks ago
 An Open Source, Large Scale, Full Packet Capturing, Indexing, And Database System
traffic  packet_inspection  capture 
10 weeks ago
Who Am I Mail Bot is a service to mask your e-mails. It was inspired by Blur, where you can create an alias for your e-mail and use it to signup on applications. The problem with Blur is that all e-mails pass trough their infraestructure and I don't need/want anybody looking on my e-mails, so I made this project. WhoAmIMailBot is similar to Blur service but runs on your own infraestructure!

This is interesting, but I'm still not sure it justifies getting a Telegram account.
bots  email 
11 weeks ago
Easily Host Containers on a .onion URL.
Tor  onion_sites  docker  Hosting 
11 weeks ago
Hardentools is a utility that disables a number of risky Windows features.
security  hardening  end_point_security  windows  microsoft 
12 weeks ago
Tool For Automating Penetration Testing Tasks.
12 weeks ago
MintBox Mini 2
Small durable and powerful Mint desktop box. Want/need.
12 weeks ago
Zotero | Your personal research assistant
Zotero is the only software that automatically senses research on the web. Need an article from JSTOR or a preprint from arXiv.org? A news story from the New York Times or a book from a library? Zotero has you covered, everywhere.
research  OpenSource 
12 weeks ago
Rainmap Lite
Responsive Web Based Interface That Allows Users To Launch Nmap Scans From Their Mobiles/Tablets/Web Browsers
nmpap  Reconnaissance 
12 weeks ago
slack-meme: A Meme Bot for Slack.
Bookmarking for adding this to a Slack channel to annoy colleagues.
march 2018
The gui for Docker
march 2018
LibraryBox is an open source, portable digital file distribution tool based on inexpensive hardware that enables delivery of educational, healthcare, and other vital information to individuals off the grid.
hardware  meshnet  File_sharing 
march 2018
Next time I fly anywhere, try this.
march 2018
XSStrike is an advanced XSS detection and exploitation suite.
scan  exploit  Hacking  xss 
march 2018
Firefox tunnel to bypass any firewall
To create a program like firefox tunnel, follow these steps to get started...
Hacking  firewall 
march 2018
Program to detect when linux user opens terminal with root and inject intrusive commands in terminal with X11 lib
ssh  terminal  Hacking 
march 2018
Memfixed Mitigation
DDoS mitigation tool for sending flush or shutdown commands to vulnerable Memcached servers obtained using Shodan API.
ddos  shodan 
march 2018
The fast, reliable localhost tunneling solution
server  hosting  localhost  webdev 
march 2018
Interactive shellcoding environment to easily craft shellcodes
shell  CommandLine 
march 2018
Streisand sets up a new server running your choice of L2TP/IPsec, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, a Tor bridge, and WireGuard. It also generates custom instructions for all of these services. At the end of the run you are given an HTML file with instructions that can be shared with friends, family members, and fellow a…
security  VPN  circumvention  Tor  tor_bridges  Privacy 
february 2018
PiKarma: 📡🍓🍍
Detects wireless network attacks performed by KARMA module (fake AP). Starts deauthentication attack (for fake access points)
network  security  wifi 
february 2018
Mosh: the mobile shell
Remote terminal application that allows roaming, supports intermittent connectivity, and provides intelligent local echo and line editing of user keystrokes.

Mosh is a replacement for interactive SSH terminals. It's more robust and responsive, especially over Wi-Fi, cellular, and long-distance links.

Mosh is free software, available for GNU/Linux, BSD, macOS, Solaris, Android, Chrome, and iOS.
shell  ssh  CommandLine 
february 2018
How to Archive Open Source Materials - bellingcat
This is a great how-to guide and resource of tools on archiving and publishing archives open source data, web pages, social network activity, videos, images and other media. Also probably good stuff here to help bypass censorship if your country is blocking your video or some such.
archive  How_To 
february 2018
Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP. It can be used to bypass network restrictions in fully firewalled environments.
proxy  tunneling  tcp  http  anti_censorship 
february 2018
nada - temporary email
You want to play with that weird website toy and it's just asking fro your email address to do it. This disposable email address service had decent 1-click ux and a really clean interface. Nice one.
email  Anonymity 
february 2018
The New Guide to Running a Tor Relay
Here's the updated guide on setting up a Tor relay, which still isn't that incredibly readable but is a great improvement over what came previously.
Tor  How_To  SysAdmin 
february 2018
A Real-Time Two-Factor Phishing Tool
phishing  2fa 
february 2018
LastPass command line interface tool
security  password_manager  Cli 
february 2018
AutoSploit: Automated Mass Exploiter
As the name might suggest AutoSploit attempts to automate the exploitation of remote hosts.
metasploit  automation  hacking  exploit  security 
february 2018
dorker.io - Automated Search Engine hacking
Scan vulnerabilities using Google, Bing, Shodan...
Reconnaissance  dorking  search 
february 2018
Understand your public-facing infrastructure
network  security  search  re 
february 2018
Reconnaissance. Threat intelligence. Perimeter Monitoring. SpiderFoot automates OSINT to find out everything possible about your target.
Reconnaissance  OSINT  threat-research 
february 2018
Kibana: Explore, Visualize, Discover Data | Elastic
Kibana lets you visualize your Elasticsearch data and navigate the Elastic Stack, so you can do anything from learning why you're getting paged at 2:00 a.m. to understanding the impact rain might have on your quarterly numbers.
visualization  data  OpenSource  Dark_Services 
february 2018
GitHub - google/detangle
Detangle automatically separates your chrome browser into multiple browser profiles and can open sessions in each on startup.
browser  chrome 
february 2018
Alfred - Productivity App for Mac OS X
Alfred is an award-winning app for Mac OS X which boosts your efficiency with hotkeys, keywords, text expansion and more. Search your Mac and the web, and be more productive with custom actions to control your Mac.
shortcuts  Workflow_tools 
january 2018
Honey Buckets
Find out who is snooping through your (bogus) Amazon S3 buckets
aws  s3  Honey_Pot  Reconnaissance 
january 2018
GalliumOS, 'a ightweight Linux distro for ChromeOS devices'
"A fast and lightweight Linux distro for ChromeOS devices."
Linux  OpenSource  chromebooks 
january 2018
« earlier      
!document_management 2fa academic actvist_tech ad_blocking ai alerts analysis analytics android anonymity ansible anti_censorship anti_forensics archive article authentication automation aws backup bios bitcoin blockchain blogs bluetooth book bots browser bruteforce business_intelligence buylist canary capture cctv censorship chrome chrome_plugin chromebooks circumvention cli closed_source cloud_services cms coding collaboration commandline confederated content_creation copyright css cyber_warfare dark_services dashboards data data_analsis data_analysis data_journalism data_mining data_policy data_scraping data_visualisation data_wipe databases ddos decentralised decentralized design diff digital_radio digsec digsec_howto digsec_services digsec_tools django dns docker domains dorking doxxing drupal drupal_modules education email encryption end_point_security enumeration exploit facebook file_sharing firewall firmware flat_file_websites foia fonts forensic foss framework frameworks frontend_dev gaming gatsby geolocation git goodorgs google google_dorks graphic_design gui hacking hardening hardware honey_pot honeypot hosting how how_to htaccess html http https hugo icons ict ict_policy image_archive image_archives image_editing infosec interactive intranet ios iot ip ipfs iphone irc javascript journalism journalism_technology journalist_safety js law lazyweb_tools leaks letsencrypt linkedin linux lists localhost mac machine_learning malware manifesto maps markdown meshnet messaging_apps meta_data metasploit microsoft mitm mobile mobile_apps mongodb monitor monitoring mozilla mysql nato network ngo nmpap node_js notes nsa oauth2 objective-c onion_sites ooni open_data opensource operating_systems opsec optimization orgsec osint otr p2p packet_inspection password_manager passwords pdf pen_testing pentesting pgp phishing physical_security platforms policy privacy privilege_escalation productivity products programming protocol prototyping proxy public_domain python qwasp raspberry_pi re reconnaissance redis reporting research retro routers rss ruby s3 samba scan scanner scraping search secure_contact security server service_providers shell shodan shortcuts signal slack smb social_networks software source_protection spreadsheets sql ssh ssl static-hosting steganography strapi streaming subdomains surveillance sys sysadmin tcp telephony terminal testing text_analysis threat-research tinycode tls todo tor tor_bridges torrent traffic training transparency tryout tunneling twitter ubuntu ui unix usb ux verification via:popular video video_editing vim visualization voip volatile_file_sharing vpn wagtail web_design web_servers web_standards webdev webdev_testing webdev_tools whistleblowing whois wifi windows wordpress wordpress_plugins workflow_tools writing_app wysiwyg xmpp xss

Copy this bookmark: