AI Summary: OSINT Brazuca Regex is a repository designed to compile an extensive set of regular expressions tailored for open-source intelligence (OSINT) purposes, specifically focusing on data pertinent to Brazil. It encompasses regex patterns for various categories such as personal identification documents, cryptocurrency wallets, and banking information, all provided in a convenient JSON format for easy integration into tools and scripts. Notable features include coverage of Brazilian documents like CPF and CNPJ, as well as generic regex applicable across different contexts.

AI Summary: The OSINT Cheat Sheet is a comprehensive resource that aggregates various open-source intelligence (OSINT) tools, datasets, and tips for effective information gathering. It serves as an educational guide, emphasizing safe usage practices and the importance of risk management when utilizing both free and paid tools. Notably, it includes advice on using virtual environments, enhancing privacy measures, and strategies for engaging with OSINT resources responsibly.

README

OSINT CHEAT SHEET - List OSINT Tools

AI Summary: The OSINT Framework is a comprehensive resource designed to assist users in gathering information from free online sources for open-source intelligence (OSINT) applications. Its primary use case is to facilitate the discovery of various tools and resources that aid in information security and beyond, while notable features include a structured categorization of tools, some requiring local installation, and links to Google Dorking resources. The framework encourages community contributions for expanding its database of OSINT resources.

AI Summary: The OSINT tools repository provides a comprehensive collection of 308 scripts and tools designed for Open Source Intelligence (OSINT) investigations. Users can select tools based on various input data types across numerous categories, including account identifiers, file types, and network analysis. Notable features include easy navigation through categorized tools and the ability to access the latest version of each tool by modifying the repository commit reference.

README

OSINT tools

Various OSINT tools and scripts, total 308 repos.

AI Summary: OSINT-Tools is a curated collection of open-source intelligence (OSINT) tools aimed at facilitating the gathering and analysis of publicly available information. It includes a variety of tools for data extraction, reconnaissance, metadata analysis, and geolocation, with notable options like Maltego for link analysis, Recon-ng for web-based reconnaissance, and SpiderFoot for footprinting. The repository encourages contributions through pull requests, providing a collaborative platform for enhancing OSINT resources.

README

OSINT-Tools

:eyes: Some of my favorite OSINT tools.

AI Summary: Osintgram is a Python-based OSINT tool designed for reconnaissance on Instagram, enabling users to collect and analyze public data from Instagram accounts by username. Key features include retrieving followers, followed accounts, post information, comments, captions, and downloading media such as photos and stories. The tool operates through an interactive shell, providing a comprehensive suite of commands for in-depth investigation while emphasizing the importance of ethical usage.

README

Osintgram 🔎📸

AI Summary: Osiris is a cross-platform game hacking tool designed for Counter-Strike 2, featuring a graphical user interface based on the game’s Panorama UI. Its primary use case is to enhance gameplay through various functions such as customizable visual indicators for bomb planting and inaccuracy visualizations without relying on traditional C++ runtime libraries or external dependencies. Notable features include customizable color schemes for game elements, enhanced player information rendering, and support for both Windows and Linux compilation.

AI Summary: Osmedeus is a security-focused orchestration engine designed for automating complex workflows through declarative YAML definitions, enhancing the audibility and management of security tasks. It features distributed execution, a rich library of over 80 utility functions, and supports cloud infrastructure provisioning for robust penetration testing and scanning. Key functionalities include event-driven scheduling, agentic LLM integration for tool orchestration, and a REST API for seamless integration and visualization through a web interface.

AI Summary: Ossa is an open-source security architecture tool designed to assist small to medium-sized enterprises in implementing security measures through accessible tools and resources. Its primary use case is to guide users in the installation and practical application of various security tools to address common vulnerabilities and improve overall security posture. Notable features include a focus on application security fundamentals, intrusion detection, and detailed documentation on tool usage, aimed at enhancing security for organizations lacking dedicated security personnel.

AI Summary: OSV-Scanner is a tool designed to identify vulnerabilities in project dependencies by leveraging the OSV database through a user-friendly CLI interface. It supports a diverse range of programming languages, package managers, and includes features such as vulnerability detection in container images and guided remediation recommendations based on various criteria. The tool’s extensibility and comprehensive data sourcing improve the accuracy and effectiveness of vulnerability notifications for developers.

README

AI Summary: The OSV.dev tool provides a platform for scanning software dependencies against a comprehensive database of known vulnerabilities. It features a Go-based scanner capable of analyzing various types of lockfiles, Docker containers, SBOMs, and git repositories, while enabling users to access a web UI and APIs for data integration and management. Notably, it includes tools for vulnerability data publishing, bisection, impact analysis, and leverages Google Cloud Platform for deployment and scalability.

AI Summary: The OWASP Web Application Security Testing Checklist tool provides a comprehensive framework for evaluating the security posture of web applications through a series of structured assessments. Designed for security professionals, it covers multiple areas including information gathering, authentication, session management, and secure transmission, ensuring that all critical aspects of web application security are systematically addressed. Notable features include a user-friendly format available in both PDF and Docx, as well as a Trello board for effective task management and tracking.

AI Summary: p0wny@shell is a minimalistic, single-file PHP shell designed for executing commands on servers during penetration testing of PHP applications. Its primary use case involves remote command execution, featuring capabilities such as command history navigation, file name auto-completion, file upload and download, and remote file system navigation. Notably, it poses security risks if misused, and users are cautioned against deploying it on servers without adequate understanding.

README

p0wny@shell:~# – Single-file PHP Shell

AI Summary: PANDA is an open-source platform designed for architecture-neutral dynamic analysis, utilizing the QEMU whole system emulator to provide deep insights into code execution and data handling across various CPU architectures. It features capabilities for recording and replaying executions, allowing for compact and shareable replay logs, and supports a plugin architecture for enhanced code reusability in dynamic taint analysis and other complex analyses. The tool is developed in collaboration with academic institutions and is available as a Docker container as well as a Python interface for flexible integration into analysis workflows.

AI Summary: Panopticon is a cross-platform disassembler designed for reverse engineering, capable of disassembling multiple instruction sets including AMD64, x86, AVR, and MOS 6502, as well as opening ELF files. Notable features include a Qt-based GUI for visualizing and annotating control flow graphs, though it has been deprecated with a migration to GitLab and restructuring into multiple crates. Users are encouraged to transition to the new version, Verso, for continued development and support.

AI Summary: Paper Mario is an ongoing decompilation project aimed at recreating the original Paper Mario video game for multiple regions including US, JP, PAL, and iQue. The tool generates corresponding ROMs, providing a clear progress tracking system for each version. Notable features include a dedicated setup guide, active community support via Discord, and a public website for monitoring development progress.

README

Paper Mario

This is a work-in-progress decompilation of Paper Mario.

AI Summary: Paradoxia is a Remote Access Tool (RAT) designed for covert control of target systems, featuring a user-friendly console that allows users to easily build and deploy client applications. Notable capabilities include multithreading for multiple session management, full file access, keylogging, microphone recording, and remote execution commands, alongside stealth operation and persistent installation. This tool is intended for malicious use, as indicated by its detection as malware by security software.

AI Summary: ParamSpider is a tool designed for fetching and filtering URLs from Wayback Machine archives, specifically targeting domains for bug hunting, fuzzing, and further probing. Its notable features include the ability to ignore less relevant URLs, support for multiple domains, proxy configuration, and the option to introduce placeholders for parameter values, enhancing the efficiency of security assessments.

README

paramspider

Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing

📖 About • 🏗️ Installation • ⛏️ Usage • 🚀 Examples • 🤝 Contributing •

AI Summary: Passhunt is a tool designed to search for default credentials across network devices and web applications from a database of 523 vendors and 2084 default passwords. It facilitates quick access to these credentials through a simple command-line interface, allowing users to select vendors and retrieve associated default passwords efficiently. Notable features include the comprehensive vendor database and the ease of installation and usage with Python.

README

Passhunt

Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.

AI Summary: The passphrase-wordlist project provides an extensive list of over 20 million phrases paired with two hashcat rule files tailored for GPU-based password cracking. Its primary use case is to enhance the effectiveness of hashcat’s cracking capabilities by generating numerous permutations of passphrases to exploit vulnerabilities in systems that utilize weak or common passwords. Notable features include a robust wordlist sourced from various databases and dynamic updates, along with customizable rule files that manipulate passphrase formatting for improved cracking success.

AI Summary: Password Pusher is an open-source web application designed for securely sharing sensitive information such as passwords, notes, files, and URLs via self-destructing links. Its notable features include encrypted storage, customizable expiry controls, comprehensive audit logging, and the ability to self-host or utilize a hosted service, making it suitable for individual users and teams. The tool supports multiple languages and offers integrations through a JSON API and command-line interface, enhancing its versatility in secure information sharing.

AI Summary: Patching is a plugin for IDA Pro designed for interactive binary patching, aimed at enhancing the efficiency of malware analysis and software reverse engineering. It supports x86/x64 and Arm/Arm64 architectures, allowing users to edit assembly instructions in real-time, with visual feedback on the impact of their changes. Notable features include a context menu for quick patch actions, an intuitive assembly editing dialog, and the ability to NOP instructions or force conditional jumps swiftly.

AI Summary: pbtk is a Protobuf toolkit designed to aid in the reverse engineering of applications utilizing the Protobuf serialization format. It features a unified GUI that enables users to extract Protobuf data structures from various implementations, including Android and web applications, and provides capabilities for editing, replaying, and fuzzing Protobuf messages sent to network endpoints. Notable features include comprehensive support for multiple Java runtimes and binary formats, along with a user-friendly interface that streamlines the manipulation of Protobuf messages.

AI Summary: PDBRipper is a utility designed for extracting information from PDB (Program Database) files, primarily used in software development and reverse engineering. Notable features include a graphical user interface and console mode for flexibility, as well as support for building on Windows using Visual Studio and Qt. The tool facilitates in-depth analysis and manipulation of debugging information contained within PDB files.

README

PDBRipper

PDBRipper is an utility for extract an information from PDB-files.

AI Summary: PDFRip is a multithreaded PDF password cracking tool written in Rust, featuring advanced capabilities such as wordlist attacks, custom query builders, and structured password brute-forcing techniques. Notable features include prepared verifier hot paths for efficient password attempts, exact progress tracking, checkpointing for session resumption, and output in JSON format for automation. It supports various brute-force methods, including bounded masks, date, and number generators, making it a versatile utility for recovering PDF passwords.