blog archive     the meetup     about     contact me

interesting github

This is a list of interesting infosec-related projects that I have stumbled across on Github. WARNING: I have not vetted all of this code, and some of these repositories may contain malicious binaries. If you don’t know what you are doing, stop before you detonate malware on your network.

Not technically on github, but a good OSINT project: https://bitbucket.org/LaNMaSteR53/recon-ng

A terminal-based cheat sheet: https://github.com/chubin/cheat.sh

Pastebin scraper, useful for OSINT: https://github.com/needmorecowbell/sniff-paste

Recursively scan filesystem searching for interesting strings. Useful in post-exploitation: https://github.com/needmorecowbell/Hamburglar

Automated reverse TCP tunneling: https://github.com/needmorecowbell/jumper

Generate passphrase list for cracking: https://github.com/dafthack/PassphraseGen

Spray passwords against domain users: https://github.com/dafthack/DomainPasswordSpray

Post-exploitation recon on Windows host: https://github.com/dafthack/HostRecon

Repo of malicious binaries for RE research: https://github.com/REal0day/MaliciousPark

Exploit AD defaults: https://github.com/Kevin-Robertson/Powermad

Post-exploitation framework: https://github.com/EmpireProject/Empire

MacOS post-exploitation toolset: https://github.com/its-a-feature/Apfell

Fingerprint client rendering capabilities: https://github.com/PortSwigger/hackability

Discover potentially damaging commits on Github: https://github.com/srcclr/commit-watcher

Windows privilege escalation: https://github.com/0xbadjuju/Tokenvator

Load balance multiple TOR instances: https://github.com/trimstray/multitor

Awesome awesome (a list of awesome lists): https://github.com/sindresorhus/awesome

In-memory PS WebDav Server: https://github.com/p3nt4/Invoke-TmpDavFS

Not a repo per se, but an interesting blog hosted on Github: https://x-c3ll.github.io/

Generate local, trusted cert: https://github.com/FiloSottile/mkcert

A bunch of interesting gists: https://gist.github.com/PaulSec

Too many interesting repos to list individually: https://github.com/PaulSec

Generate command injection payload: https://github.com/PortSwigger/command-injection-attacker

Check *nix kernel hardness: https://github.com/a13xp0p0v/kconfig-hardened-check

Malware zoo builder: https://github.com/phage-nz/ph0neutria

Visualize Windows logon events: https://github.com/JPCERTCC/LogonTracer

Small, dockerized CTFs: https://github.com/gabemarshall/microctfs

Find and analyze keyfiles on a filesystem: https://github.com/CERTCC/keyfinder

Debug http traffic: https://github.com/trimstray/htrace.sh

Audit and dump system configuration info: https://github.com/trimstray/otseca

Another list of resources: https://github.com/trimstray/awesome-ninja-admins