Hack with Github在Medium上發布了他們10月份中最受矚目的5大工具和目錄。而所發布的工具以及目錄如下：
List of Awesome Red Team / Red Teaming Resources
This list is for anyone wishing to learn about Red Teaming but do not have a starting point.
Anyway, this is a living resources and will update regularly with latest Adversarial Tactics and Techniques.
You can help by sending Pull Requests to add more information.
A list of Web Security materials and resources for learning the cutting edge penetrating technique.
A curated list of awesome YARA rules, tools, and resources.
A collection of hacking and penetration testing resouces to make you better!
Phishers are still using Internationalized Domain Names to trick users. This project uses computer vision to automatically check if IDNs have a deceptive reading.
The tool exploits the common vulnerabilities that caused private keys leakage.
WiFi HID Injector for Fun & Profit
CERTitude is a Python-based tool which aims at assessing the compromised perimeter during incident response assignments. It allows analysts to perform large scale scans of Windows-based information systems by searching for behavioural patterns described in IOC (Indicator Of Compromise) files.
- Ability to scan hosts in a way that prevents the target workstation from knowing what the investigator is searching for
- Ability to retrieve some pieces of data from the hosts
- Multiple scanner instances (for IOCs and/or hash scans) can be run at the same time for parallel scanning
- Built with security considerations in mind (protected database, secure communications with hosts using IPSec)
This repository contains a set of tools and proof of concepts related to PCI-E bus and DMA attacks.
jSQL Injection is a Java application for automatic SQL database injection.
r2 is a rewrite from scratch of radare in order to provide a set of libraries and tools to work with binary files.
Radare project started as a forensics tool, a scriptable commandline hexadecimal editor able to open disk files, but later support for analyzing binaries, disassembling code, debugging programs, attaching to remote gdb servers, ..
This script tests if APs are affected by CVE-2017-13082 (KRACK attack)
During reconnaissance (recon) it is often helpful to get a quick overview of all the relative endpoints in a file. These days web applications have frontend pipelines that make it harder for humans to understand minified code. This tool contains a nifty regular expression to find and extract the relative URLs in such files. This can help surface new targets for security researchers to look at. It can also be used to periodically compare the results of the same file, to see which new endpoints have been deployed. History has shown that this is a goldmine for bug bounty hunters.