Yaralyzer – Visually Inspect And Force Decode YARA And Regex Matches Found In Both Binary And Text Data, With Colors
Visually inspect all of the regex matches (and their sexier, more cloak and dagger cousins, the YARA matches) found in...
Tools
GUAC – Aggregates Software Security Metadata Into A High Fidelity Graph Database
Note: GUAC is under active development - if you are interested in contributing, please look at contributor guide and the...
DC-Sonar – Analyzing AD Domains For Security Risks Related To User Accounts
DC Sonar Community Repositories The project consists of repositories: dc-sonar-frontend dc-sonar-user-layer dc-sonar-workers-layer ntlm-scrutinizer Disclaimer It's only for education purposes. Avoid...
Get-AppLockerEventlog – Script For Fetching Applocker Event Log By Parsing The Win-Event Log
This script will parse all the channels of events from the win-event log to extract all the log relatives to...
SQLiDetector – Helps You To Detect SQL Injection “Error Based” By Sending Multiple Requests With 14 Payloads And Checking For 152 Regex Patterns For Different Databases
Simple python script supported with BurpBouty profile that helps you to detect SQL injection "Error based" by sending multiple requests...
Popeye – A Kubernetes Cluster Resource Sanitizer
Popeye - A Kubernetes Cluster Sanitizer Popeye is a utility that scans live Kubernetes cluster and reports potential issues with...
Tai-e – An Easy-To-Learn/Use Static Analysis Framework For Java
Tai-e What is Tai-e? Tai-e (Chinese: 太阿; pronunciation: ) is a new static analysis framework for Java (please see our...
Ghauri – An Advanced Cross-Platform Tool That Automates The Process Of Detecting And Exploiting SQL Injection Security Flaws
An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws Requirements Python 3 Python...
DragonCastle – A PoC That Combines AutodialDLL Lateral Movement Technique And SSP To Scrape NTLM Hashes From LSASS Process
A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process. Description Upload a...
Kscan – Simple Asset Mapping Tool
0 Disclaimer (The author did not participate in the XX action, don't trace it) This tool is only for legally...
APTRS – Automated Penetration Testing Reporting System
APTRS (Automated Penetration Testing Reporting System) is an automated reporting tool in Python and Django. The tool allows Penetration testers...
LATMA – Lateral Movement Analyzer Tool
Lateral movement analyzer (LATMA) collects authentication logs from the domain and searches for potential lateral movement attacks and suspicious activity....
AVIator – Antivirus Evasion Project
AviAtor Ported to NETCore 5 with an updated UI AV|Ator About://name AV: AntiVirus Ator: Is a swordsman, alchemist, scientist, magician,...
Fuzzable – Framework For Automating Fuzzable Target Discovery With Static Analysis
Framework for Automating Fuzzable Target Discovery with Static Analysis. Introduction Vulnerability researchers conducting security assessments on software will often harness...
Bkcrack – Crack Legacy Zip Encryption With Biham And Kocher’s Known Plaintext Attack
Crack legacy zip encryption with Biham and Kocher's known plaintext attack. Overview A ZIP archive may contain many entries whose...
KRIe – Linux Kernel Runtime Integrity With eBPF
KRIe is a research project that aims to detect Linux Kernel exploits with eBPF. KRIe is far from being a...
PowerHuntShares – Audit Script Designed In Inventory, Analyze, And Report Excessive Privileges Configured On Active Directory Domains
PowerHuntShares is design to automatically inventory, analyze, and report excessive privilege assigned to SMB shares on Active Directory domain joined...
YATAS – A Simple Tool To Audit Your AWS Infrastructure For Misconfiguration Or Potential Security Issues With Plugins Integration
Yet Another Testing & Auditing Solution The goal of YATAS is to help you create a secure AWS environment without...
TerraLdr – A Payload Loader Designed With Advanced Evasion Features
TerraLdr: A Payload Loader Designed With Advanced Evasion Features Details: no crt functions imported syscall unhooking using KnownDllUnhook api hashing...
AceLdr – Cobalt Strike UDRL For Memory Scanner Evasion
A position-independent reflective loader for Cobalt Strike. Zero results from Hunt-Sleeping-Beacons, BeaconHunter, BeaconEye, Patriot, Moneta, PE-sieve, or MalMemDetect. Features Easy...
REST-Attacker – Designed As A Proof-Of-Concept For The Feasibility Of Testing Generic Real-World REST Implementations
REST-Attacker is an automated penetration testing framework for APIs following the REST architecture style. The tool's focus is on streamlining...
Villain – Windows And Linux Backdoor Generator And Multi-Session Handler That Allows Users To Connect With Sibling Servers And Share Their Backdoor Sessions
Villain is a Windows & Linux backdoor generator and multi-session handler that allows users to connect with sibling servers (other...
ExchangeFinder – Find Microsoft Exchange Instance For A Given Domain And Identify The Exact Version
ExchangeFinder is a simple and open-source tool that tries to find Micrsoft Exchange instance for a given domain based on...
DotDumper – An Automatic Unpacker And Logger For DotNet Framework Targeting Files
An automatic unpacker and logger for DotNet Framework targeting files! This tool has been unveiled at Black Hat USA 2022....
