HackGit - Overview

​​The Panthera(P.)uncia of #Cybersecurity Subdomain & Exploit Hunter powered by AI https://github.com/ARPSyndicate/puncia #infosec #pentesting

​​Delefriend A proof-of-concept #redteam tool to automatically find and abuse existing GCP service accounts with domain-wide delegation (DWD) on Google Workspace by smartly fuzzing all of the existing JWT combinations that are relevant to the initial GCP identity. A compromised GCP service account key with DWD enabled can be used to perform API calls on all of the identities in the target Workspace domain. https://github.com/axon-git/DeleFriend Details: https://bit.ly/3uLy3nx #cybersecurity #infosec #pentesting

​​Slip A CLI tool to create malicious archive files containing path traversal payloads. It supports zip, tar, 7z, jar, war, apk and ipa archives. https://github.com/0xless/slip #malware #cybersecurity #infosec

​​Cheat Sheet — Attack Active Directory This cheat sheet contains common enumeration and attack methods for Windows #ActiveDirectory with the use of #powershell. https://github.com/drak3hft7/Cheat-Sheet---Active-Directory #cybersecurity #pentesting #redteam

​​CVE Half-Day Watcher A security tool designed to highlight the risk of early exposure of Common Vulnerabilities and Exposures (CVEs) in the public domain. It leverages the National Vulnerability Database (NVD) API to identify recently published CVEs with GitHub references before an official patch is released. https://github.com/Aqua-Nautilus/CVE-Half-Day-Watcher #cybersecurity #pentesting #bugbounty

​​nrich A command-line tool to quickly analyze all IPs in a file and see which ones have open ports/ vulnerabilities. Can also be fed data from stdin to be used in a data pipeline. https://gitlab.com/shodan-public/nrich #pentesting #redteam #bugbounty

​​Breach Report Collection A collection of companies that disclose adversary TTPs after they have been breached https://github.com/BushidoUK/Breach-Report-Collection #cybersecurity #infosec #pentesting

​​RMML The Remote Management and Monitoring (tool) List. A decision was made to also include remote network access tools such as ngrok and tailscale. It is a list of #RMM tools with associated metadata that aims to be useful for IT and Security teams. https://github.com/LivingInSyn/RMML #cybersecurity #infosec

​​invictus Little vulnerable app as a practice app for #OSED. This app is compiled with -Wl,--nxcompat,--dynamicbase (ASLR, DEP) and stripped so you can throw it into #IDA and practice #Reverse Engineering. You can identify one possibility to leak addresses. Also it has one stack overflow vulnerability in it. https://github.com/patrickhener/invictus #cybersecurity #infosec

​​Anonymous Email Forwarding This is the source code for self-hosting addy.io. https://github.com/anonaddy/anonaddy #cybersecurity #infosec #privacy