Power-PWN: A Comprehensive Guide to Offensive and Defensive Security for Microsoft 365
Power-PWN is a sophisticated offensive security toolset designed to test and identify vulnerabilities in Microsoft 365 environments. It supports red...
Tools
A Guide to JavaScript Obfuscation with “javascript-obfuscator”
When it comes to securing web applications, JavaScript often stands out as one of the more vulnerable components. It runs...
SafeLine – Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
SafeLine is a self-hosted WAF(Web Application Firewall) to protect your web apps from attacks and exploits. A web application firewall...
Secator – The Pentester’S Swiss Knife
secator is a task and workflow runner used for security assessments. It supports dozens of well-known security tools and it...
PolyDrop – A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
BYOSI - Bring-Your-Own-Script-Interpreter - Leveraging the abuse of trusted applications, one is able to deliver a compatible script interpreter for...
File-Unpumper – Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
file-unpumper is a powerful command-line utility designed to clean and analyze Portable Executable (PE) files. It provides a range of...
Damn-Vulnerable-Drone – An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
The Damn Vulnerable Drone is an intentionally vulnerable drone hacking simulator based on the popular ArduPilot/MAVLink architecture, providing a realistic...
Mass-Assigner – Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
Mass Assigner is a powerful tool designed to identify and exploit mass assignment vulnerabilities in web applications. It achieves this...
Mass-Assigner – Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
Mass Assigner is a powerful tool designed to identify and exploit mass assignment vulnerabilities in web applications. It achieves this...
BYOSI – Evade EDR’s The Simple Way, By Not Touching Any Of The API’s They Hook
Evade EDR's the simple way, by not touching any of the API's they hook. Theory I've noticed that most EDRs...
BYOSI – Evade EDR’s The Simple Way, By Not Touching Any Of The API’s They Hook
Evade EDR's the simple way, by not touching any of the API's they hook. Theory I've noticed that most EDRs...
Imperius – Make An Linux Kernel Rootkit Visible Again
A make an LKM rootkit visible again. This tool is part of research on LKM rootkits that will be launched....
ModTracer – ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
ModTracer Finds Hidden Linux Kernel Rootkits and then make visible again.Another way to make an LKM visible is using the imperius trick: https://github.com/MatheuZSecurity/ImperiusDownload ModTracer...
DockerSpy – DockerSpy Searches For Images On Docker Hub And Extracts Sensitive Information Such As Authentication Secrets, Private Keys, And More
DockerSpy searches for images on Docker Hub and extracts sensitive information such as authentication secrets, private keys, and more. What...
Ashok – A OSINT Recon Tool, A.K.A Swiss Army Knife
Reconnaissance is the first phase of penetration testing which means gathering information before any real attacks are planned So Ashok...
CloudBrute – Awesome Cloud Enumerator
A tool to find a company (target) infrastructure, files, and apps on the top cloud providers (Amazon, Google, Microsoft, DigitalOcean,...
Hfinger – Fingerprinting HTTP Requests
Tool for Fingerprinting HTTP requests of malware. Based on Tshark and written in Python3. Working prototype stage :-) Its main...
VulnNodeApp – A Vulnerable Node.Js Application
A vulnerable application made using node.js, express server and ejs template engine. This application is meant for educational purposes only....
XMGoat – Composed of XM Cyber terraform templates that help you learn about common Azure security issues
XM Goat is composed of XM Cyber terraform templates that help you learn about common Azure security issues. Each template...
Extrude – Analyse Binaries For Missing Security Features, Information Disclosure And More…
Analyse binaries for missing security features, information disclosure and more. Extrude is in the early stages of development, and currently...
BokuLoader – A Proof-Of-Concept Cobalt Strike Reflective Loader Which Aims To Recreate, Integrate, And Enhance Cobalt Strike’s Evasion Features!
A proof-of-concept User-Defined Reflective Loader (UDRL) which aims to recreate, integrate, and enhance Cobalt Strike's evasion features! Contributors: Contributor Twitter...
Volana – Shell Command Obfuscation To Avoid Detection Systems
Shell command obfuscation to avoid SIEM/detection system During pentest, an important aspect is to be stealth. For this reason you...
CyberChef – The Cyber Swiss Army Knife – A Web App For Encryption, Encoding, Compression And Data Analysis
CyberChef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. These...
NativeDump – Dump Lsass Using Only Native APIs By Hand-Crafting Minidump Files (Without MinidumpWriteDump!)
NativeDump allows to dump the lsass process using only NTAPIs generating a Minidump file with only the streams needed to...
