Tools

AES256_Passwd_Store – Secure Open-Source Password Manager

September 23, 2021

This script securely encrypts or decrypts passwords on disk within a custom database file. It also features functionality to retrieve...

DirSearch – A Go Implementation Of Dirsearch

September 23, 2021

This software is a Go implementation of the original dirsearch tool written by Mauro Soria. DirSearch is the very first...

PyHook – An Offensive API Hooking Tool Written In Python Designed To Catch Various Credentials Within The API Call

September 22, 2021

PyHook is the python implementation of my SharpHook project, It uses various API hooks in order to give us the...

Weakpass – Rule-Based Online Generator To Create A Wordlist Based On A Set Of Words

September 22, 2021

The tool generates a wordlist based on a set of words entered by the user.For example, during penetration testing, you...

MailRipV2 – Improved SMTP Checker / SMTP Cracker With Proxy-Support, Inbox Test And Many More Features

September 22, 2021

Your SMTP checker / SMTP cracker for mailpass combolists including features like: proxy-support (SOCKS4 / SOCKS5) with automatic proxy-scraper and...

Tools

CrowdSec – An Open-Source Massively Multiplayer Firewall Able To Analyze Visitor Behavior And Provide An Adapted Response To All Kinds Of Attacks

September 21, 2021

CrowdSec is a free, modern & collaborative behavior detection engine, coupled with a global IP reputation network. It stacks on...

PS2EXE – Module To Compile Powershell Scripts To Executables

September 21, 2021

Overworking of the great script of Ingo Karstein with GUI support. The GUI output and input is activated with one...

InlineExecute-Assembly – A PoC Beacon Object File (BOF) That Allows Security Professionals To Perform In Process .NET Assembly Execution

September 20, 2021

InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly...

QLOG – Windows Security Logging

September 20, 2021

QLOG provides enriched Event Logging for security related events on Windows based systems. It is under heavy development and currently...

BatchQL – GraphQL Security Auditing Script With A Focus On Performing Batch GraphQL Queries And Mutations

September 19, 2021

BatchQL is a GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations. This script is...

Concealed Position – Bring Your Own Print Driver Privilege Escalation Tool

September 19, 2021

Concealed Position is a local privilege escalation attack against Windows using the concept of "Bring Your Own Vulnerability". Specifically, Concealed...

Ntlm_Theft – A Tool For Generating Multiple Types Of NTLMv2 Hash Theft Files

September 18, 2021

A tool for generating multiple types of NTLMv2 hash theft files. ntlm_theft is an Open Source Python3 Tool that generates...

On-The-Fly – Tool Which Gives Capabilities To Perform Pentesting Tests In Several Domains (IoT, ICS & IT)

September 18, 2021

▒█████ ███▄ █ ▄▄▄█████▓ ██░ ██ ▓█████ █████ ██▓ ▓██ ██▓▒██▒ ██▒ ██ ▀█ █ ▓ ██▒ ▓▒▒▓██░ ██ ▓█...

DNSTake – A Fast Tool To Check Missing Hosted DNS Zones That Can Lead To Subdomain Takeover

September 17, 2021

A fast tool to check missing hosted DNS zones that can lead to subdomain takeover. What is a DNS takeover?DNS...

CVE-2021-40444 PoC – Malicious docx generator to exploit CVE-2021-40444 (Microsoft Office Word Remote Code Execution)

September 17, 2021

Malicious docx generator to exploit CVE-2021-40444 (Microsoft Office Word Remote Code Execution)Creation of this Script is based on some reverse...

Plution – Prototype Pollution Scanner Using Headless Chrome

September 17, 2021

Plution is a convenient way to scan at scale for pages that are vulnerable to client side prototype pollution via...

Kali Linux 2021.3 – Penetration Testing and Ethical Hacking Linux Distribution

September 17, 2021

Time for another Kali Linux release! – Kali Linux 2021.1. This release has various impressive updates.A summary of the changes...

Tools

Vailyn – A Phased, Evasive Path Traversal + LFI Scanning & Exploitation Tool In Python

September 16, 2021

Vailyn's Crawler analyzing a damn vulnerable web application. LFI Wrappers are not enabled. GUI Demonstration (v2.2.1-5) Possible IssuesFound some false...

Rootend – A *Nix Enumerator And Auto Privilege Escalation Tool

September 16, 2021

rootend is a python *nix Enumerator & Auto Privilege Escalation tool. For a full list of our tools, please visit...

BoobSnail – Allows Generating Excel 4.0 XLM Macro

September 15, 2021

BoobSnail allows generating XLM (Excel 4.0) macro. Its purpose is to support the RedTeam and BlueTeam in XLM macro generation....

targetedKerberoast – Kerberoast With ACL Abuse Capabilities

September 15, 2021

targetedKerberoast is a Python script that can, like many others (e.g. GetUserSPNs.py), print "kerberoast" hashes for user accounts that have...

Tools

Peirates – Kubernetes Penetration Testing Tool

September 14, 2021

What is Peirates?Peirates, a Kubernetes penetration tool, enables an attacker to escalate privilege and pivot through a Kubernetes cluster. It...

Tools

Gokart – A Static Analysis Tool For Securing Go Code

September 14, 2021

GoKart is a static analysis tool for Go that finds vulnerabilities using the SSA (single static assignment) form of Go...

Tools

Autoharness – A Tool That Automatically Creates Fuzzing Harnesses Based On A Library

September 13, 2021

AutoHarness is a tool that automatically generates fuzzing harnesses for you. This idea stems from a concurrent problem in fuzzing...

Tools

AES256_Passwd_Store – Secure Open-Source Password Manager

DirSearch – A Go Implementation Of Dirsearch

PyHook – An Offensive API Hooking Tool Written In Python Designed To Catch Various Credentials Within The API Call

Weakpass – Rule-Based Online Generator To Create A Wordlist Based On A Set Of Words

MailRipV2 – Improved SMTP Checker / SMTP Cracker With Proxy-Support, Inbox Test And Many More Features

CrowdSec – An Open-Source Massively Multiplayer Firewall Able To Analyze Visitor Behavior And Provide An Adapted Response To All Kinds Of Attacks

PS2EXE – Module To Compile Powershell Scripts To Executables

InlineExecute-Assembly – A PoC Beacon Object File (BOF) That Allows Security Professionals To Perform In Process .NET Assembly Execution

QLOG – Windows Security Logging

BatchQL – GraphQL Security Auditing Script With A Focus On Performing Batch GraphQL Queries And Mutations

Concealed Position – Bring Your Own Print Driver Privilege Escalation Tool

Ntlm_Theft – A Tool For Generating Multiple Types Of NTLMv2 Hash Theft Files

On-The-Fly – Tool Which Gives Capabilities To Perform Pentesting Tests In Several Domains (IoT, ICS & IT)

DNSTake – A Fast Tool To Check Missing Hosted DNS Zones That Can Lead To Subdomain Takeover

CVE-2021-40444 PoC – Malicious docx generator to exploit CVE-2021-40444 (Microsoft Office Word Remote Code Execution)

Plution – Prototype Pollution Scanner Using Headless Chrome

Kali Linux 2021.3 – Penetration Testing and Ethical Hacking Linux Distribution

Vailyn – A Phased, Evasive Path Traversal + LFI Scanning & Exploitation Tool In Python

Rootend – A *Nix Enumerator And Auto Privilege Escalation Tool

BoobSnail – Allows Generating Excel 4.0 XLM Macro

targetedKerberoast – Kerberoast With ACL Abuse Capabilities

Peirates – Kubernetes Penetration Testing Tool

Gokart – A Static Analysis Tool For Securing Go Code

Autoharness – A Tool That Automatically Creates Fuzzing Harnesses Based On A Library

HackerOne Bug Bounty Disclosure: unsubscribe-anyone-from-all-emails-abfe

HackerOne Bug Bounty Disclosure: information-exposure-due-to-enabled-debug-mode-thpless

HackerOne Bug Bounty Disclosure: reflected-html-injection-via-contact-faq-search-parameter-on-the-white-evil

HackerOne Bug Bounty Disclosure: reflected-html-injection-via-contact-faq-search-parameter-on-the-white-evil

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

You may have missed