AI Summary: Coercer is a Python tool designed for assessing and exploiting Remote Procedure Calls (RPCs) on Windows servers, facilitating the coercion of authentication onto arbitrary machines. Key features include the ability to list and connect to SMB pipes, invoke vulnerable RPC functions with random UNC path generation, and customizable export formats such as SQLite, JSON, and XSLX for scan and fuzz modes. It supports both authenticated and unauthenticated scans, making it valuable for security assessments and penetration testing.

AI Summary: The Collection Document repository is a curated compilation of quality safety articles aimed at enhancing knowledge in various cybersecurity domains. Its primary use case includes providing resources on topics such as penetration testing, threat detection, cloud security, and personal security, among others. Notable features of the collection include links to deep dives into specialized security areas, ongoing updates, and insights into modern security solutions like AI safety and zero trust architecture.

AI Summary: Commix is an open-source penetration testing tool designed for automating the detection and exploitation of command injection vulnerabilities in web applications. It supports multiple Python versions and includes extensive documentation with usage examples, facilitating ease of deployment and operation for security professionals. Notable features include comprehensive exploitation capabilities and a user-friendly interface for navigating various commands and options.

README

Commix (short for [comm]and [i]njection e[x]ploiter) is an open source penetration testing tool, written by Anastasios Stasinopoulos (@ancst), that automates the detection and exploitation of command injection vulnerabilities.

AI Summary: Phase Console is an open-source platform designed for engineering teams to efficiently manage and secure application secrets throughout the development lifecycle. Its notable features include a comprehensive dashboard for secret management, role-based access control, seamless integration with various CI/CD platforms and Kubernetes, as well as SDK support for multiple programming languages, enabling secure secret injection and synchronization across environments.

README

Repos

Docs | CLI | Node SDK | Python SDK
Golang SDK | Helm Chart | Kubernetes Operator | Terraform Provider

AI Summary: ContainerSSH is an SSH server designed to dynamically launch containers in Kubernetes and Docker, primarily aimed at facilitating lab environments, debugging production systems, and running honeypots. Notable features include ephemeral container management with automatic cleanup, secure and logged access for developers, and comprehensive auditing capabilities that allow for monitoring and analysis of SSH attack patterns. This tool enhances security workflows by leveraging containerization to isolate user activities and preserve system integrity.

AI Summary: ComplianceAsCode/content is a framework designed to facilitate the creation and maintenance of security policy content for various platforms, including Linux distributions and applications like Firefox. It generates SCAP content, Ansible playbooks, and Bash scripts from easily editable YAML rule files, allowing organizations to automate compliance checks and remediations. Notable features include a powerful build system that reduces redundancy, multi-format outputs tailored to different organizational needs, and comprehensive documentation resources for users.

AI Summary: The “conti-pentester-guide-leak” repository serves as an archive for leaked pentesting materials associated with the Conti ransomware group, providing insights into their methodologies and tools. It includes guides on a variety of techniques such as data exfiltration, network exploitation, and the usage of tools like Metasploit and Cobalt Strike. This material is aimed at enhancing pentesting skills for security professionals and aiding defenders in detecting and mitigating similar attacks, while emphasizing its usage for educational purposes only.

AI Summary: Copa is a CLI tool designed to directly patch container images for vulnerabilities without requiring a full rebuild, thereby enhancing DevSecOps workflows. Leveraging vulnerability scan results from tools like Trivy, Copa reduces the operational downtime associated with patching, minimizes storage needs by creating only additional patch layers, and allows any user to perform patches, irrespective of image ownership. Its extensible architecture supports multiple package managers and vulnerability report formats, making it adaptable to various container ecosystems.

AI Summary: Copilot API Proxy is a reverse-engineered tool that enables access to the GitHub Copilot API through an OpenAI and Anthropic-compatible interface, allowing integration with various platforms that support these APIs. Key features include a user-friendly web dashboard for monitoring API usage, flexible authentication options, rate limit management, and the capability to integrate with Claude Code for enhanced coding assistance. This proxy is not officially supported by GitHub and should be used responsibly to prevent account restrictions.

AI Summary: Corsy is a lightweight CORS misconfiguration scanner designed to identify vulnerabilities in web applications’ Cross-Origin Resource Sharing implementations. It features a versatile command-line interface that supports scanning URLs directly or from files, utilizes customizable HTTP headers, and provides options for threading, request delays, and exporting results to JSON. Notably, it implements a comprehensive suite of tests to uncover various CORS-related bypass opportunities.

README

Corsy

CORS Misconfiguration Scanner

AI Summary: Covenant is a .NET command and control framework designed for red teaming, facilitating offensive .NET tradecraft and collaborative operations through a web-based interface. It supports cross-platform functionality across Linux, MacOS, and Windows, and features multi-user collaboration, dynamic C# compilation, inline code execution, and secure communication via an encrypted key exchange. Notably, Covenant offers API-driven extensibility and a user-friendly dashboard that allows red teamers to execute and manage operations effectively.

AI Summary: Cpp2IL is a tool designed to reverse Unity’s IL2CPP build process, converting Unity games’ compiled binary formats back into their original managed DLLs. Its primary use case is for developers and reverse engineers working with Unity-based applications, providing functionalities such as output format customization and a planned plugin system for extended compatibility. Noteworthy features include a major rewrite for enhanced flexibility, reliance on LibCpp2IL for metadata processing, and the upcoming integration of an intermediate representation (ISIL) for improved analysis of various instruction sets.

AI Summary: Cr3dOv3r is a Python-based tool designed for detecting credential reuse vulnerabilities by querying public data leaks and verifying whether compromised credentials can access popular websites. Its notable features include integration with the Have I Been Pwned API for leak search and functionality to test the validity of leaked passwords against various online platforms while detecting CAPTCHA prompts. This tool is particularly useful for penetration testing and security assessments.

AI Summary: Cracker-Tool is a multifunctional hacking and penetration testing toolbox designed for Termux users, featuring a variety of capabilities including IP tools, subdomain scanning, DDoS attacks, SQL injections, and more. Notable functionalities include Cloudflare bypass for DDoS, identity generators, and a variety of administrative tools, making it a comprehensive resource for security testing. The tool is implemented in Python and Bash, emphasizing ease of installation and set up within the Termux environment.

AI Summary: crawlergo is a robust web vulnerability scanner that utilizes a headless Chrome browser to collect URLs and interact with web pages, capable of intelligent form submission and JavaScript event triggering. Its key features include automatic URL de-duplication, support for different browser environments, request proxying, and the ability to push results to passive vulnerability scanners, making it an essential tool for comprehensive web application security assessments.

README

crawlergo

AI Summary: CRLFuzz is a specialized tool for detecting CRLF injection vulnerabilities in web applications, developed in Go for high performance. It offers flexible scanning options, including targeting individual URLs or multiple URLs from a list, and provides various command line flags to customize request methods, output results to files, and adjust concurrency levels. Notable features include support for custom headers, proxy usage, and integration capabilities with other security tools through standard input.

AI Summary: CrossLinked is a LinkedIn enumeration tool that leverages search engine scraping to extract valid employee names from targeted organizations, enabling enumeration without the need for API keys or direct LinkedIn access. It supports customizable naming conventions for output formatting and offers features like proxy rotation and the ability to parse data into both text and CSV files. This tool is particularly useful for security researchers and penetration testers looking to gather information about potential targets.

AI Summary: Crucix is an open-source intelligence tool that aggregates real-time data from 27 diverse sources—including satellite fire detection, flight tracking, and economic indicators—into a single, self-hosted dashboard updated every 15 minutes. Its primary use case is to provide researchers, journalists, and analysts with accessible, cross-correlated insights without relying on cloud services or subscriptions. Notable features include integration with LLMs for two-way interaction, customizable alerts via Telegram and Discord, and a user-friendly interface that simplifies monitoring complex global events.

AI Summary: The crypto-attacks repository provides Python implementations of various cryptographic attacks and utilities, primarily focusing on attacking RSA using methods such as the Boneh-Durfee attack. Notable features include the ability to customize parameters for specific attacks, integration with SageMath for advanced mathematical computations, and a structured approach for unit testing and utilizing the attack scripts.

README

Introduction

Python implementations of cryptographic attacks and utilities.

Requirements

• SageMath with Python 3.9
• PyCryptodome

You can check your SageMath Python version using the following command:

AI Summary: Cloud Security Suite (cs-suite) is a command-line tool designed for conducting security audits on various cloud environments, including AWS, GCP, Azure, and DigitalOcean. Its primary use case revolves around gathering data for Lynis audits, allowing users to specify environments, IP addresses, and user credentials while generating audit logs in JSON format for integration with SIEM tools. Notable features include the ability to handle user authentication, option to wipe previous audit reports, and flexible configurations for different cloud platforms.

AI Summary: CS7038-Malware-Analysis is a repository designed for educational purposes in the field of malware analysis, specifically for the University of Cincinnati’s course. It serves as a comprehensive resource for students, providing access to course materials and related multimedia content, including instructional videos on malware analysis techniques and methodologies.

README

CS7038-Malware-Analysis

Course Repository for University of Cincinnati Malware Analysis Class (CS[567]038)

Public URL: https://class.malware.re/

YouTube Videos: https://www.youtube.com/channel/UC0qfXmyAbSsmnisGQn1fAJA

AI Summary: The Crypto-Cat/CTF repository serves as a comprehensive resource for Capture The Flag (CTF) challenges, offering write-ups, scripts, and files aligned with video walkthroughs. Its primary use case is to aid users in learning and solving various CTF challenges through curated links to additional resources, including pentesting and reverse engineering tools. Notable features include an extensive directory of CTF platforms, resources for blue team activities, and a collection of cybersecurity educational content.

AI Summary: The CTF-notes repository provides a comprehensive collection of resources and structured notes aimed at aiding individuals in preparing for Capture The Flag (CTF) competitions and penetration testing exams, such as the OSCP. It includes detailed checklists, exploitation techniques for various platforms, vulnerability payloads, and methodologies for offensive security. Noteworthy features include organized sections for post-exploitation tactics, memory forensics, and specific vulnerabilities, alongside a dedicated cheat sheet repository for quick reference during assessments.

AI Summary: The ctf-skills repository provides an extensive collection of agent skills designed to facilitate the solving of Capture The Flag (CTF) challenges across various domains, including web exploitation, binary pwn, reverse engineering, and more. Notable features include support for multiple installation methods, a comprehensive tool installer script, and detailed skill documentation for on-demand use, allowing users to efficiently integrate the necessary tools as challenges arise. It is compatible with any tool adhering to the Agent Skills specification, enhancing its versatility in competitive cybersecurity contexts.

AI Summary: CTFCrackTools X is a next-generation, node-based toolkit designed for CTF (Capture The Flag) competitions, offering an extensive set of over 43 built-in algorithms for encoding, cryptography, and hashing. Key features include a visual workflow that allows users to construct custom encoding and decoding processes intuitively, and native support across Windows, macOS, and Linux platforms without the need for additional runtime installations. The tool emphasizes performance and extensibility, streamlining the process of handling various CTF challenges.