Dumpscan – Tool To Extract And Dump Secrets From Kernel And Windows Minidump Formats
Dumpscan is a command-line tool designed to extract and dump secrets from kernel and Windows Minidump formats. Kernel-dump parsing is...
Tools
Trufflehog – Find Credentials All Over The Place
TruffleHog Find leaked credentials. Join The Slack Have questions? Feedback? Jump in slack and hang out with us docker run...
Bypass-Url-Parser – Tool That Tests Many URL Bypasses To Reach A 40X Protected Page
Tool that tests MANY url bypasses to reach a 40X protected page. If you wonder why this code is nothing...
WebView2-Cookie-Stealer – Attacking With WebView2 Applications
Please read this blog post to get more information. Source Code This code is a modified version of Microsoft's WebView2...
Tofu – Windows Offline Filesystem Hacking Tool For Linux
A modular tool for hacking offline Windows filesystems and bypassing login screens. Can do hashdumps, OSK-Backdoors, user enumeration and more....
Secretflow – A Unified Framework For Privacy-Preserving Data Analysis And Machine Learning
SecretFlow is a unified framework for privacy-preserving data intelligence and machine learning. To achieve this goal, it provides: An abstract...
Pamspy – Credentials Dumper For Linux Using eBPF
pamspy leverage eBPF technologies to achieve an equivalent work of 3snake. It will track a particular userland function inside the...
Haxx – Untethered + Unsandboxed Code Execution Haxx As Root On iOS 14 – iOS 14.8.1
Untethered + Unsandboxed code execution haxx as root on iOS 14 - iOS 14.8.1. Based on CoreTrustDemo, also please note...
CrackQL – GraphQL Password Brute-Force And Fuzzing Utility
CrackQL is a GraphQL password brute-force and fuzzing utility. CrackQL is a versatile GraphQL penetration testing tool that exploits poor...
Cspparse – A Tool To Evaluate Content Security Policies
cspparse is a tool to evaluate Content Security Policies. It uses Google's API to retrieve the CSP Headers and returns...
Aiodnsbrute – DNS Asynchronous Brute Force Utility
A Python 3.5+ tool that uses asyncio to brute force domain names asynchronously. Speed It's fast. Benchmarks on small VPS...
DeepTraffic – Deep Learning Models For Network Traffic Classification
For more information please read our papers. Wei Wang's Google Scholar Homepage Wei Wang, Xuewen Zeng, Xiaozhou Ye, Yiqiang Sheng...
Microsoft-365-Extractor-Suite – A Set Of PowerShell Scripts That Allow For Complete And Reliable Acquisition Of The Microsoft 365 Unified Audit Log
This suite of scripts contains two different scripts that can be used to acquire the Microsoft 365 Unified Audit Log...
Dlinject – Inject A Shared Library (I.E. Arbitrary Code) Into A Live Linux Process, Without Ptrace
Usage .___.__ .__ __ __ __| _/| | |__| ____ |__| ____ _____/ |_ ______ ___.__. / __ | |...
awsEnum – Enumerate AWS Cloud Resources Based On Provided Credential
Enumrate AWS services! with no nosies awsEnum is a python script enumrate AWS services through the provided credential. ▄▄▄▄▄▄ ▄...
SharpWSUS – CSharp tool for lateral movement through WSUS
SharpWSUS is a CSharp tool for lateral movement through WSUS. There is a corresponding blog (https://labs.nettitude.com/blog/introducing-sharpwsus/) which has more detailed...
Gallia – Extendable Pentesting Framework
Gallia is an extendable pentesting framework with the focus on the automotive domain. The scope of gallia is conducting penetration...
Jwtear – Modular Command-Line Tool To Parse, Create And Manipulate JWT Tokens For Hackers
A modular command-line tool to parse, create and manipulate JSON Web Token(JWT) tokens for security testing purposes. Features Complete modularity....
Nimc2 – A C2 Fully Written In Nim
nimc2 is a very lightweight C2 written fully in nim (implant & server). If you want to give it a...
secureCodeBox (SCB) – Continuous Secure Delivery Out Of The Box
secureCodeBox is a kubernetes based, modularized toolchain for continuous security scans of your software project. Its goal is to orchestrate...
EmoCheck – Emotet Detection Tool For Windows OS
Emotet detection tool for Windows OS. How to use Download EmoCheck from the Releases page. Run EmoCheck on the host....
Sealighter – Easy ETW Tracing for Security Research
I created this project to help non-developers dive into researching Event Tracing for Windows (ETW) and Windows PreProcessor Tracing (WPP)....
Scout – Lightweight URL Fuzzer And Spider: Discover A Web Server’S Undisclosed Files, Directories And VHOSTs
Scout is a URL fuzzer and spider for discovering undisclosed VHOSTS, files and directories on a web server. A full...
DFSCoerce – PoC For MS-DFSNM Coerce Authentication Using NetrDfsRemoveStdRoot Method
PoC for MS-DFSNM coerce authentication using NetrDfsRemoveStdRoot method (and probably more but am lazy and its just PoC :P )....
