AI Summary: GitHub Search is a collection of tools designed to perform advanced searches on GitHub repositories using bash, Python, and PHP. It primarily facilitates users in conducting tailored searches across GitHub by leveraging personal access tokens for authentication, enhancing the search capability and efficiency. Notable features include support for multiple scripting languages and a straightforward setup process through environment variable configuration or a tokens file.

README

github-search

A collection of tools to perform searches on GitHub.

AI Summary: The github-subdomains tool is designed to search GitHub for subdomains related to a specified domain and parse the search results efficiently. Key features include the ability to use multiple GitHub tokens to manage rate limits, an option for extended searches, and customizable output formats for the collected subdomains. This tool is particularly useful for security researchers and analysts looking to identify exposed subdomains for threat assessment or reconnaissance purposes.

AI Summary: Gitjacker is a tool designed to retrieve git repositories and their contents from web servers where the .git directory has been unintentionally exposed. It effectively extracts repository data even when directory listings are disabled, making it suitable for educational purposes and penetration testing. Notable features include ease of installation via a simple script and the ability to operate in scenarios where access to traditional repository resources is restricted.

AI Summary: Gitleaks is a tool designed for the detection of sensitive information, such as passwords, API keys, and tokens, within Git repositories and other files. Its primary use case is to identify and prevent the accidental exposure of secrets in code, and it offers notable features such as integration with GitHub Actions and pre-commit hooks for continuous monitoring. Additionally, Gitleaks utilizes a robust detection engine based on regular expressions to analyze codebases efficiently.

AI Summary: The Global Threat & Event Intelligence Map is a real-time situational awareness platform designed for visualizing security events, geopolitical developments, and threat indicators on an interactive map. Key features include a customizable event mapping system, a filterable event feed, and detailed intelligence dossiers on various actors, along with visualization layers for military bases. This tool serves as an OSINT command center, aggregating and synthesizing global conflict data for enhanced situational analysis.

AI Summary: Gmail-Hack is a Python-based tool designed for unauthorized access to Gmail accounts, primarily focused on users operating in Termux or Linux environments. It features a straightforward installation process and is intended for educational purposes, with caveats regarding its ethical use. Notably, the tool claims to facilitate hacking actions with minimal setup time, emphasizing its ease of use for individuals familiar with command-line interfaces.

README

Gmail-Hack

Easy gmail hacking in python

Я не несу ответственности за ваши действия. Скачивая программное обеспечение из этого репозитория, вы соглашаетесь с лицензией.

AI Summary: The go-shellcode tool enables users to execute shellcode directly from memory as a standalone process, aiming to circumvent antivirus detection. Its primary use case involves running custom shellcode for penetration testing or exploitation purposes, leveraging features like shellcode size handling via batch scripts and a recommendation for binary obfuscation using the garble tool. The tool requires manual architecture specification and supports 64-bit shellcode execution while providing instructions for building and compressing the resulting binary.

AI Summary: The go-whatsapp package offers a Go interface for interacting with the WhatsApp Web API, enabling developers to integrate WhatsApp functionalities in their applications. Its primary use case is to facilitate the sending and receiving of messages, management of user sessions, and handling various types of media messages through a websocket connection. Notable features include session restoration, customizable message handlers for different message types, and the ability to send contact information in the vCard format; however, the package is not actively maintained and may soon become obsolete due to WhatsApp’s evolving architecture.

AI Summary: libgoblin is a versatile Rust library for binary parsing, loading, and analysis, supporting multiple formats including ELF, Mach-O, and PE across both 32-bit and 64-bit architectures. Its notable features include zero-copy parsing, cross-platform capabilities, endian-awareness, and extensive configurability, allowing users to adapt it to various binary analysis tasks while maintaining a lightweight and efficient footprint. The library is designed for use cases ranging from compiler development to binary analysis tools, making it a comprehensive solution for developers working with binary data.

AI Summary: Goby is a network security assessment tool designed for efficient vulnerability scanning and comprehensive attack surface analysis of target enterprises. It features over 100,000 rule recognition engines and 200 protocol recognition engines, facilitating identification of various network and software vulnerabilities, along with access to preset account information for more than 1,000 devices. Additionally, Goby supports cross-platform functionality on Windows, MacOS, and Linux, and employs a user-friendly interface built with Electron and Vue.

AI Summary: GobyVuls is a collection of exploitation scripts specifically designed for vulnerabilities identified by the Goby scanning tool. The primary use case is to facilitate the exploitation of detected vulnerabilities, allowing users to perform actions such as command execution or establishing reverse shells. Notable features include a user-friendly interface for scanning and verification, as well as a collaborative framework for contributing new vulnerabilities and enhancing existing exploitation methods.

README

GobyVuls

Vulnerabilities of Goby supported with exploitation.

AI Summary: gogo is a versatile network scanning tool designed for both active and passive fingerprinting, featuring customizable port configurations and the extraction of key information such as titles and certificates through regex patterns. It supports the integration of Nuclei proof of concepts (POCs) and offers a heuristic scanning mode for improved performance with minimal resource usage, making it highly efficient for vulnerability detection. The tool is entirely written in Go, ensuring compatibility with minimal dependencies across various operating systems, including legacy versions like Windows 2003.

AI Summary: The golang-tls repository provides tools for generating TLS certificates and creating simple HTTPS/TLS servers and clients using Go. It supports both RSA and ECDSA key generation and facilitates the creation of self-signed certificates. Notable features include configurations for achieving optimal security scores with SSL Labs and the implementation of basic server-client communication over secure connections.

README

Generate private key (.key)

# Key considerations for algorithm "RSA" ≥ 2048-bit
openssl genrsa -out server.key 2048

# Key considerations for algorithm "ECDSA" (X25519 || ≥ secp384r1)
# https://safecurves.cr.yp.to/
# List ECDSA the supported curves (openssl ecparam -list_curves)
openssl ecparam -genkey -name secp384r1 -out server.key

Generation of self-signed(x509) public key (PEM-encodings .pem|.crt) based on the private (.key)

openssl req -new -x509 -sha256 -key server.key -out server.crt -days 3650

Simple Golang HTTPS/TLS Server

package main

import (
    // "fmt"
    // "io"
    "net/http"
    "log"
)

func HelloServer(w http.ResponseWriter, req *http.Request) {
    w.Header().Set("Content-Type", "text/plain")
    w.Write([]byte("This is an example server.\n"))
    // fmt.Fprintf(w, "This is an example server.\n")
    // io.WriteString(w, "This is an example server.\n")
}

func main() {
    http.HandleFunc("/hello", HelloServer)
    err := http.ListenAndServeTLS(":443", "server.crt", "server.key", nil)
    if err != nil {
        log.Fatal("ListenAndServe: ", err)
    }
}

Hint: visit, please do not forget to use https begins, otherwise chrome will download a file as follows:

AI Summary: GonnaCry is a Linux-based ransomware designed to encrypt user files using a robust AES-256-CBC encryption scheme, featuring per-file random AES keys and initialization vectors. Its primary use case is to serve as an educational tool for understanding malware, cryptography, and operating systems, with capabilities such as communicating with a server for key management, altering system wallpapers, and terminating database services. Notable features include a built-in decryptor and the use of RSA-2048 for secure key encryption, making it a comprehensive demonstration of ransomware mechanics.

AI Summary: GooHak is an automated tool designed for launching Google hacking queries against specified target domains to uncover vulnerabilities and facilitate enumeration. Its primary use case is to streamline the process of gathering information through tailored search queries, leveraging Google’s search capabilities. Notable features include straightforward command-line usage and dependencies tailored for Linux environments.

README

GooHak

ABOUT:

Automatically launch google hacking queries against a target domain to find vulnerabilities and enumerate a target.

AI Summary: GoScan is an interactive network scanner client designed to automate and provide abstraction over nmap, facilitating host discovery, port scanning, and service enumeration. It is particularly suitable for use in CTFs, OSCP exams, or professional engagements, capable of maintaining scan state in an SQLite database, allowing for asynchronous results upload even in unstable network conditions. Notable features include service enumeration integration with additional tools such as EyeWitness and Hydra, real-time auto-completion, and support for importing data at various stages of the scanning process.

AI Summary: GoSearch is an OSINT tool designed to automate the process of searching for online profiles associated with specific usernames, utilizing concurrency for efficiency. It integrates searches across multiple extensive databases, including 900,000 leaked credentials from HudsonRock and over 18 billion from BreachDirectory, enhancing its capability to detect compromised accounts. Notable features include the ability to filter results for accuracy with the --no-false-positives flag and the option to crack found password hashes using Weakpass, significantly boosting the tool’s effectiveness in cybersecurity investigations.

AI Summary: gosec is a security analysis tool designed to inspect Go source code for potential security vulnerabilities by scanning the Abstract Syntax Tree (AST) and Static Single Assignment (SSA) representation. It utilizes pattern-based rules, SSA-based analyzers, and taint analysis to identify common issues like SQL injection and XSS. Notable features include customizable rule selection, various output formats, and integration as a GitHub Action for continuous security monitoring.

README

gosec - Go Security Checker

Inspects source code for security problems by scanning the Go AST and SSA code representation.

AI Summary: GoTestWAF is a versatile tool designed for simulating API and web application attacks, supporting a multitude of protocols like REST, GraphQL, and gRPC, among others. It evaluates the effectiveness of security solutions such as Web Application Firewalls and API gateways by generating malicious HTTP requests with encoded payloads, allowing for comprehensive security testing and reporting of vulnerabilities. Notable features include customizable payloads, diverse encoding options, and the ability to specify request placeholders for precise attack simulations.

AI Summary: GpgFrontend is a modern encryption tool that leverages GnuPG to facilitate easy and secure encryption and signing of texts and files across multiple platforms, including Windows, macOS, and Linux. Key features include a portable solution that can be run from a USB drive, flexible management of key databases, and a strong focus on user privacy through various safety measures. The tool also supports extensive module development, allowing for customizable user experiences and features.

AI Summary: GPT4Free (g4f) is a robust tool designed to streamline interactions with various accessible Large Language Models (LLMs) and media-generation models by providing a unified interface across multiple providers. It features local GUI support, OpenAI-compatible REST APIs, and clients in both Python and JavaScript, enhancing flexibility and ease of use for developers. Notably, it is community-driven, allowing customization and contribution to improve the platform further.

README

GPT4Free (g4f)

AI Summary: Grapefruit is an open-source mobile security testing suite designed for runtime mobile application instrumentation, supporting both iOS and Android platforms through a web-based interface powered by Frida. It allows users to inspect, hook, and modify mobile apps with features including method hooking, cryptographic API interception, filesystem and SQLite database inspection, memory scanning, and real-time log monitoring. Additionally, it provides support for various frameworks like Flutter and React Native, as well as advanced analysis and decompilation capabilities for a comprehensive security assessment.

AI Summary: Greenmask is an open-source utility designed for logical database dumping, anonymization, and synthetic data generation, primarily targeting PostgreSQL with ongoing support for MySQL. It enables users to create smaller, referentially intact development databases while offering features such as deterministic transformations, dynamic parameters, and storage support for S3-compatible systems, ensuring flexibility and data integrity. Ideal for sanitizing sensitive data, backing up and restoring databases, and streamlining local development processes, Greenmask operates statelessly and produces outputs compatible with standard database tools.

AI Summary: GTFOBins is a curated repository that catalogs Unix-like executables capable of circumventing local security restrictions in improperly configured systems. Its primary use case is to aid security professionals and penetration testers in identifying and exploiting misconfigurations. Notable features include a comprehensive database of binaries and detailed usage instructions for different scenarios.

README

GTFOBins

GTFOBins is a curated list of Unix-like executables that can be used to bypass local security restrictions in misconfigured systems.

AI Summary: Guardian is an AI-powered penetration testing automation platform designed for enterprise environments, integrating multiple AI providers with extensive security tools to perform intelligent and adaptive security assessments. It features a multi-agent architecture for strategic decision-making, 19 integrated security tools for thorough testing, and enhanced evidence capture for complete traceability of findings. Users must ensure authorized access before conducting tests, adhering to legal and ethical guidelines.

README

🔐 Guardian

AI-Powered Penetration Testing Automation Platform