A number of Github repos of code meant to be used to harden servers in various ways prior to deployment.
Osmedeus allow you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target. Webapp, uses Flask. Has a REST API.
A wireless auditing tool implemented as a shell script that uses other tools to do the job.
The goal of this document is to help operational teams with the configuration of TLS on servers. All Mozilla sites and deployment should follow the recommendations below. The Operations Security (OpSec) team maintains this document as a reference guide to navigate the TLS landscape. It contains information on TLS protocols, known issues and vulnerabilities, configuration examples and testing tools. Changes are reviewed and merged by the OpSec team, and broadcasted to the various Operational teams.
A curated list of awesome serverless security resources such as (e)books, articles, whitepapers, blogs and research papers.
System tampering detector for USB, Bluetooth, AC, Battery, Disk Tray, and Ethernet. Ostensibly shuts the whole thing down but can be configured to do other stuff. I don't know how reliable it is, haven't audited the code yet. Written in Python3.
GTFOBins is a curated list of Unix binaries that can be exploited by an attacker to bypass local security restrictions.
The project collects legitimate functions of Unix binaries that can be abused to break out restricted shells, escalate or maintain elevated privileges, transfer files, spawn bind and reverse shells, and facilitate the other post-exploitation tasks.
A collection of awesome lists, manuals, blogs, hacks, one-liners, cli/web tools and more. Especially for System and Network Administrators, DevOps, Pentesters or Security Researchers.
A tool for automating cracking methodologies through Hashcat from the TrustedSec team. Optimizes dictionaries, acts as an interactive shell for hashcrack.
GreyNoise is a system that collects and analyzes data on Internet-wide scanners. GreyNoise collects data on benign scanners such as Shodan.io, as well as malicious actors like SSH and telnet worms.
The data is collected by a network of sensors deployed around the Internet in various datacenters, cloud providers, and regions.
A tool that has as its dependencies practically every useful and still-supported Golang linter and static analyzer out there. Plug it into your toolchain and it'll do the work of two dozen other tools (which it is, really) in less time.
Can also be used locally, through your IDE or editor.
Static security analyzer for Golang code. Checks against the Golang AST. Tries to verify some best practices (no hardcoded credentials, listening on 0.0.0.0 by default, things like that. Has all of the usual CLI options you'd hope it has.
Like nmap for mapping wifi networks you're not connected to. Maps and tracks wifi networks and devices through raw 802.11 monitoring. Map wireless networks and all clients on each network. Traffic analysis, infer device types. Send packets in response to certain conditions (such as sending 1 gig of traffic or reaching a certain traffic throughput). Deauth attacks. Saves data as YAML for analysis or sending to other software.
Written in Python 3. Installable through Pypi.
Plug in an Android device. Send it AT commands. Pwnage.
A collection of open source and commercial tools that aid in red team operations.
Designed to reduce the burden of blocking when many accounts are attacking you, or when a few accounts are attacking many people in your community. It uses the Twitter API. If you choose to share your list of blocks, your friends can subscribe to your list so that when you block an account, they block that account automatically. When blocklists are updated, the changes are propagated without your having to do anything.
Requires that you grant access to your Twitter account to the service.
If there are accounts that you blocked before you started using Block Together, and then you subscribe to a blocklist which happens to include that account, and then you stop using that blocklist, the accounts will stay blocked. It doesn't un-do any blocks you put in yourself.
Blocklists top out at 250k accounts.
World's fastest and most advanced password recovery utility
A curated list of resources for learning about vehicle security and car hacking.