debugHunter – Discover Hidden Debugging Parameters And Uncover Web Application Secrets
Discover hidden debugging parameters and uncover web application secrets with debugHunter. This Chrome extension scans websites for debugging parameters and...
Tools
QuadraInspect – Android Framework That Integrates AndroPass, APKUtil, And MobFS, Providing A Powerful Tool For Analyzing The Security Of Android Applications
The security of mobile devices has become a critical concern due to the increasing amount of sensitive data being stored...
Certwatcher – Tool For Capture And Tracking Certificate Transparency Logs, Using YAML Templates Based DSL
CertWatcher is a tool for capturing and tracking certificate transparency logs, using YAML templates. The tool helps detect and analyze...
Reportly – An AzureAD User Activity Report Tool
Reportly is an AzureAD user activity report tool. About the tool This is a tool that will help blue teams...
SilentMoonwalk – PoC Implementation Of A Fully Dynamic Call Stack Spoofer
PoC Implementation of a fully dynamic call stack spoofer TL;DR SilentMoonwalk is a PoC implementation of a fully dynamic call...
WindowSpy – A Cobalt Strike Beacon Object File Meant For Targetted User Surveillance
WindowSpy is a Cobalt Strike Beacon Object File meant for targetted user surveillance. The goal of this project was to...
Seekr – A Multi-Purpose OSINT Toolkit With A Neat Web-Interface
A multi-purpose toolkit for gathering and managing OSINT-Data with a neat web-interface. Introduction Seekr is a multi-purpose toolkit for gathering...
Grepmarx – A Source Code Static Analysis Platform For AppSec Enthusiasts
Grepmarx is a web application providing a single platform to quickly understand, analyze and identify vulnerabilities in possibly large and...
Shoggoth – Asmjit Based Polymorphic Encryptor
Shoggoth is an open-source project based on C++ and asmjit library used to encrypt given shellcode, PE, and COFF files...
RedditC2 – Abusing Reddit API To Host The C2 Traffic, Since Most Of The Blue-Team Members Use Reddit, It Might Be A Great Way To Make The Traffic Look Legit
Abusing Reddit API to host the C2 traffic, since most of the blue-team members use Reddit, it might be a...
QRExfiltrate – Tool That Allows You To Convert Any Binary File Into A QRcode Movie. The Data Can Then Be Reassembled Visually Allowing Exfiltration Of Data In Air Gapped Systems
This tool is a command line utility that allows you to convert any binary file into a QRcode GIF. The...
Noseyparker – A Command-Line Program That Finds Secrets And Sensitive Information In Textual Data And Git History
Nosey Parker is a command-line tool that finds secrets and sensitive information in textual data. It is useful both for...
Apk.Sh – Makes Reverse Engineering Android Apps Easier, Automating Some Repetitive Tasks Like Pulling, Decoding, Rebuilding And Patching An APK
apk.sh is a Bash script that makes reverse engineering Android apps easier, automating some repetitive tasks like pulling, decoding, rebuilding...
ThunderCloud – Cloud Exploit Framework
Cloud Exploit Framework Usage python3 tc.py -h _______ _ _ _____ _ _ |__ __| | | | / ____|...
Waf-Bypass – Check Your WAF Before An Attacker Does
WAF bypass Tool is an open source tool to analyze the security of any WAF for False Positives and False...
MSI Dump – A Tool That Analyzes Malicious MSI Installation Packages, Extracts Files, Streams, Binary Data And Incorporates YARA Scanner
MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner....
Decider – A Web Application That Assists Network Defenders, Analysts, And Researcher In The Process Of Mapping Adversary Behaviors To The MITRE ATT&CK Framework
What is it? The Short A web application that assists network defenders, analysts, and researchers in the process of mapping...
CMLoot – Find Interesting Files Stored On (System Center) Configuration Manager (SCCM/CM) SMB Shares
CMLoot was created to easily find interesting files stored on System Center Configuration Manager (SCCM/CM) SMB shares. The shares are...
Fingerprintx – Standalone Utility For Service Discovery On Open Ports!
fingerprintx is a utility similar to httpx that also supports fingerprinting services like as RDP, SSH, MySQL, PostgreSQL, Kafka, etc....
PortexAnalyzerGUI – Graphical Interface For PortEx, A Portable Executable And Malware Analysis Library
Graphical interface for PortEx, a Portable Executable and Malware Analysis Library Download Releases page Features Header information from: MSDOS Header,...
Invoke-PSObfuscation – An In-Depth Approach To Obfuscating The Individual Components Of A PowerShell Payload Whether You’Re On Windows Or Kali Linux
Traditional obfuscation techniques tend to add layers to encapsulate standing code, such as base64 or compression. These payloads do continue...
NimPlant – A Light-Weight First-Stage C2 Implant Written In Nim
By Cas van Cooten (@chvancooten), with special thanks to some awesome folks: Fabian Mosch (@S3cur3Th1sSh1t) for sharing dynamic invocation implementation...
Ator – Authentication Token Obtain and Replace Extender
The plugin is created to help automated scanning using Burp in the following scenarios: Access/Refresh token Token replacement in XML,JSON...
FindUncommonShares – A Python Equivalent Of PowerView’s Invoke-ShareFinder.ps1 Allowing To Quickly Find Uncommon Shares In Vast Windows Domains
The script FindUncommonShares.py is a Python equivalent of PowerView's Invoke-ShareFinder.ps1 allowing to quickly find uncommon shares in vast Windows...
