Snaffler – A Tool For Pentesters To Help Find Delicious Candy
Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly, but it's flexible) in a bunch...
Tools
Macrome – Excel Macro Document Reader/Writer For Red Teamers And Analysts
An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be...
FakeLogonScreen – Fake Windows Logon Screen To Steal Passwords
FakeLogonScreen is a utility to fake the Windows logon screen in order to obtain the user's password. The password entered...
Kali Linux 2022.1 – Penetration Testing and Ethical Hacking Linux Distribution
Time for another Kali Linux release! – Kali Linux 2022.1. This release has various impressive updates.The summary of the changelog...
Shellcodetester – An Application To Test Windows And Linux Shellcodes
This tools test generated ShellCodes. ShellCode Tester Linux Instalation git clone https://github.com/helviojunior/shellcodetester.gitcd shellcodetester/Linuxmake Usage Without break-point: shellcodetester With break-point (INT3)....
Flare-Qdb – Command-line And Python Debugger For Instrumenting And Modifying Native Software Behavior On Windows And Linux
flare-qdb is a command-line and scriptable Python-based tool for evaluating and manipulating native program state. It uses Vivisect to set...
Droopescan – A Plugin-Based Scanner That Aids Security Researchers In Identifying Issues With Several CMSs, Mainly Drupal And Silverstripe
A plugin-based scanner that aids security researchers in identifying issues with several CMS. Usage of droopescan for attacking targets without...
Autotimeliner – Automagically Extract Forensic Timeline From Volatile Memory Dump
Automagically extract forensic timeline from volatile memory dumps. Requirements Python 3 Volatility mactime (from SleuthKit) (Developed and tested on Debian...
Exrop – Automatic ROP Chain Generation
Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints Requirements :...
Get-RBCD-Threaded – Tool To Discover Resource-Based Constrained Delegation Attack Paths In Active Directory Environments
Tool to discover Resource-Based Constrained Delegation attack paths in Active Directory Environments Based almost entirely on wonderful blog posts "Wagging...
truffleHog – Searches Through Git Repositories For High Entropy Strings And Secrets, Digging Deep Into Commit History
Searches through git repositories for secrets, digging deep into commit history and branches. This is effective at finding secrets accidentally...
Cloudsploit – Cloud Security Posture Management (CSPM)
Quick Start Generic $ git clone https://github.com/aquasecurity/cloudsploit.git$ cd cloudsploit$ npm install$ ./index.js -h Docker $ git clone https://github.com/aquasecurity/cloudsploit.git$ cd cloudsploit$...
Dive – A Tool For Exploring Each Layer In A Docker Image
A tool for exploring a docker image, layer contents, and discovering ways to shrink the size of your Docker/OCI image....
TerraGoat – Vulnerable Terraform Infrastructure
TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration...
Php-Malware-Finder – Detect Potentially Malicious PHP Files
PHP-malware-finder does its very best to detect obfuscated/dodgy code as well as files using PHP functions often used in malwares/webshells....
LDAP-Password-Hunter – Password Hunter In The LDAP Infamous Database
It happens that due to legacy services requirements or just bad security practices password are world-readable in the LDAP database...
AWS-Loot – Pull Secrets From An AWS Environment
Searches an AWS environment looking for secrets, by enumerating environment variables and source code. This tool allows quick enumeration over...
Wslu – A Collection Of Utilities For Windows 10 Linux Subsystems
This is a collection of utilities for Windows 10 Linux Subsystem, such as retrieving Windows 10 environment variables or creating...
EDRHunt – Scan Installed EDRs And AVs On Windows
EDRHunt scans Windows services, drivers, processes, registry for installed EDRs (Endpoint Detection And Response). Read more about EDRHunt here. Install...
SocialPwned – An OSINT Tool That Allows To Get The Emails, From A Target, Published In Social Networks Such As Instagram, Linkedin And Twitter To Find Possible Credentials Leaks In PwnDB Or Dehashed And Obtain Google Account Information Via GHunt
SocialPwned is an OSINT tool that allows to get the emails, from a target, published in social networks like Instagram,...
Instaloctrack – An Instagram OSINT Tool To Collect All The Geotagged Locations Available On An Instagram Profile In Order To Plot Them On A Map, And Dump Them In A JSON
A tool to scrape geotagged locations on Instagram profiles. Output in JSON & interactive map.TL;DR : ascineema, video of the project requirements...
Invoke-EDRChecker – Checks Running Processes, Process Metadata, Dlls Loaded Into Your Current Process And The Each DLLs Metadata, Common Install Directories, Installed Services, The Registry And Running Drivers For The Presence Of Known Defensive Products Such As AV’s, EDR’s And Logging Tools
The script will check running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common...
Espionage – A Network Packet And Traffic Interceptor For Linux. Spoof ARP And Wiretap A Network
Writeup A simple medium writeup can be found here: Click Here For The Official Medium Article Discord Server https://discord.gg/jtZeWek Ethical...
IDACode – An Integration For IDA And VS Code Which Connects Both To Easily Execute And Debug IDAPython Scripts
IDACode makes it easy to execute and debug Python scripts in your IDA environment without leaving Visual Studio Code. The...
