ik-security Goto Github PK

pacbot

PacBot (Policy as Code Bot)

pay-aws-compliance

payloadsallthethings-fork

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

peass-ng-fork

PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

pentesting-playground

Code for installing various security minded tools onto Vagrant powered virtual machines

pmapper

A tool for quickly evaluating IAM permissions in AWS.

prowler

AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool. It follows guidelines of the CIS Amazon Web Services Foundations Benchmark and DOZENS of additional checks including GDPR and HIPAA (+90). Official CIS for AWS guide: https://d0.awsstatic.com/whitepapers/compliance/AWS_CIS_Foundations_Benchmark.pdf

python-for-hackers

Python for Hackers - Youtube Tutorials - Priyank Gada

raindance

Project intended to make Attack Maps part of software development by reducing the time it takes to complete them.

redteam-tactics-and-techniques

Red Teaming Tactics and Techniques

repo-supervisor

Scan your code for security misconfiguration, search for passwords and secrets. :mag:

scout2

Security auditing tool for AWS environments

scoutsuite

Multi-Cloud Security Auditing Tool

seclists-fork

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

secure-development-and-deployment

NCSC Guidance for secure development and deployment

security-automation-with-ansible-2

Ansible Playbooks for Security Automation with Ansible2 book

sfnode-nov-2018

Talk slides and notes

skyark

SkyArk helps to discover, assess and secure the most privileged entities in Azure and AWS

snoopy

Log every executed command to syslog (a.k.a. Snoopy Logger).

spicedb

Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications

spoilerwall

Spoilerwall introduces a brand new concept in the field of network hardening. Avoid being scanned by spoiling movies on all your ports!

st2

StackStorm (aka "IFTTT for Ops") is event-driven automation for auto-remediation, security responses, troubleshooting, deployments, and more. Includes rules engine, workflow, 160 integration packs with 6000+ actions (see https://exchange.stackstorm.org) and ChatOps. Installer at https://docs.stackstorm.com/install/index.html. Questions? https://forum.stackstorm.com/.

streisand

Streisand sets up a new server running your choice of WireGuard, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, or a Tor bridge. It also generates custom instructions for all of these services. At the end of the run you are given an HTML file with instructions that can be shared with friends, family members, and fellow activists.

strongswan

strongSwan - IPsec for Linux

thc-hydra-fork

hydra

trivy

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

trivy-policies

vault-production-readiness-checklist

This checklist will prepare you launch production-ready vault clusters into any major Cloud provider or on Premise

vaulted

Multi purpose cryptography tool for encryption/decryption using AES256 GCM

whatweb-fork

Next generation web scanner