Second-Order – Subdomain Takeover Scanner
Scans web applications for second-order subdomain takeover by crawling the app, and collecting URLs (and other data) that match certain...
Tools
Mandiant-Azure-AD-Investigator – PowerShell module for detecting artifacts that may be indicators of UNC2452 and other threat actor activity
This repository contains a PowerShell module for detecting artifacts that may be indicators of UNC2452 and other threat actor activity....
Pwndora – Massive IPv4 Scanner, Find And Analyze Internet-Connected Devices In Minutes, Create Your Own IoT Search Engine At Home
Pwndora is a massive and fast IPv4 address range scanner, integrated with multi-threading. Using sockets, it analyzes which ports are...
T-Reqs-HTTP-Fuzzer – A Grammar-Based HTTP Fuzzer
T-Reqs (Two Requests) is a grammar-based HTTP Fuzzer written as a part of the paper titled "T-Reqs: HTTP Request Smuggling...
Wireshark-Forensics-Plugin – A cross-platform Wireshark plugin that correlates network traffic data with threat intelligence, asset categorization & vulnerability data
Wireshark is the most widely used network traffic analyzer. It is an important tool for both live traffic analysis &...
Dep-Scan – Fully Open-Source Security Audit For Project Dependencies Based On Known Vulnerabilities And Advisories. Supports Both Local Repos And Container Images. Integrates With Various CI Environments Such As Azure Pipelines, CircleCI, Google CloudBuild
dep-scan is a fully open-source security audit tool for project dependencies based on known vulnerabilities, advisories and license limitations. Both...
Http-Desync-Guardian – Analyze HTTP Requests To Minimize Risks Of HTTP Desync Attacks (Precursor For HTTP Request Smuggling/Splitting)
Overview HTTP/1.1 went through a long evolution since 1991 to 2014: HTTP/0.9 – 1991 HTTP/1.0 – 1996 HTTP/1.1 RFC 2068...
Pip-Audit – Audits Python Environments And Dependency Trees For Known Vulnerabilities
pip-audit is a tool for scanning Python environments for packages with known vulnerabilities. It uses the Python Packaging Advisory Database...
goCabrito – Super Organized And Flexible Script For Sending Phishing Campaigns
Super organized and flexible script for sending phishing campaigns. Features Sends to a single email Sends to lists of emails...
Driftwood – Private Key Usage Verification
Driftwood is a tool that can enable you to lookup whether a private key is used for things like TLS...
reFlutter – Flutter Reverse Engineering Framework
This framework helps with Flutter apps reverse engineering using the patched version of the Flutter library which is already compiled...
Inject-Assembly – Inject .NET Assemblies Into An Existing Process
This tool is an alternative to traditional fork and run execution for Cobalt Strike. The loader can be injected into...
Registry-Spy – Cross-platform Registry Browser For Raw Windows Registry Files
Registry Spy is a free, open-source cross-platform Windows Registry viewer. It is a fast, modern, and versatile explorer for raw...
TokenUniverse – An Advanced Tool For Working With Access Tokens And Windows Security Policy
Token Universe is an advanced tool that provides a wide range of possibilities to research Windows security mechanisms. It has...
Iptable_Evil – An Evil Bit Backdoor For Iptables
When connecting to the backdoored VM from a VM that does not set the evil bit, the SSH connection will...
Narthex – Modular Personalized Dictionary Generator
Narthex (Greek: Νάρθηξ, νάρθηκας) is a modular & minimal dictionary generator for Unix and Unix-like operating system written in C...
Espoofer – An Email Spoofing Testing Tool That Aims To Bypass SPF/DKIM/DMARC And Forge DKIM Signatures
espoofer is an open-source testing tool to bypass SPF, DKIM, and DMARC authentication in email systems. It helps mail server...
Raven – Advanced Cyber Threat Map (Simplified, Customizable, Responsive)
Raven - Advanced Features Uses D3.js (Not Anime.js) Active threat map (Live and replay) IP, country, city, and port info...
AlphaGolang – IDApython Scripts For Analyzing Golang Binaries
AlphaGolang is a collection of IDAPython scripts to help malware reverse engineers master Go binaries. The idea is to break...
Scemu – X86 32bits Emulator, For Securely Emulating Shellcodes
x86 32bits emulator, for securely emulating shellcodes. Features rust safety, good for malware. All dependencies are in rust. zero...
Wifi-Framework – Wi-Fi Framework For Creating Proof-Of-Concepts, Automated Experiments, Test Suites, Fuzzers, And More…
We present a framework to more easily perform Wi-Fi experiments. It can be used to create fuzzers, implement new attacks,...
RAUDI – A Repo To Automatically Generate And Keep Updated A Series Of Docker Images Through GitHub Actions
RAUDI (Regularly and Automatically Updated Docker Images) automatically generates and keep updated a series of Docker Images through GitHub Actions...
SpoofThatMail – Bash Script To Check If A Domain Or List Of Domains Can Be Spoofed Based In DMARC Records
Bash script to check if a domain or list of domains can be spoofed based in DMARC records File with...
WannaRace – WebApp Intentionally Made Vulnerable To Race Condition For Practicing Race Condition
WebApp intentionally made Four vouchers worth 400 units available for recharge Task is to buy Mega box (which is worth 401...
