Commander – A Command And Control (C2) Server
Commander is a command and control framework (C2) written in Python, Flask and SQLite. It comes with two agents written in...
Tools
SecuSphere – Efficient DevSecOps
SecuSphere is a comprehensive DevSecOps platform designed to streamline and enhance your organization's security posture throughout the software development life...
ILSpy – .NET Decompiler With Support For PDB Generation, ReadyToRun, Metadata (and More) – Cross-Platform!
ILSpy is the open-source .NET assembly browser and decompiler. Decompiler Frontends Aside from the WPF UI ILSpy (downloadable via Releases,...
Gcp_Scanner – A Comprehensive Scanner For Google Cloud
This is a GCP resource scanner that can help determine what level of access certain credentials possess on GCP. The...
JSpector – A Simple Burp Suite Extension To Crawl JavaScript (JS) Files In Passive Mode And Display The Results Directly On The Issues
JSpector is a Burp Suite extension that passively crawls JavaScript files and automatically creates issues with URLs, endpoints and dangerous...
HBSQLI – Automated Tool For Testing Header Based Blind SQL Injection
HBSQLI is an automated command-line tool for performing Header Based Blind SQL injection attacks on web applications. It automates the...
Pyxamstore – Python Utility For Parsing Xamarin AssemblyStore Blob Files
This is an alpha release of an assemblies.blob AssemblyStore parser written in Python. The tool is capable of unpack and...
RecycledInjector – Native Syscalls Shellcode Injector
(Currently) Fully Undetected same-process native/.NET assembly shellcode injector based on RecycledGate by thefLink, which is also based on HellsGate +...
Spoofy – Program That Checks If A List Of Domains Can Be Spoofed Based On SPF And DMARC Records
Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records....
Sirius – First Truly Open-Source General Purpose Vulnerability Scanner
Sirius is the first truly open-source general purpose vulnerability scanner. Today, the information security community remains the best and most...
DakshSCRA – Source Code Review Assist
Daksh SCRA (Source Code Review Assist) tool is built to enhance the efficiency of the source code review process, providing...
Chromecookiestealer – Steal/Inject Chrome Cookies Over The DevTools Protocol
Attaches to Chrome using its Remote DevTools protocol and steals/injects/clears/deletes cookies. Heavily inspired by WhiteChocolateMacademiaNut. Cookies are dumped as JSON...
S4UTomato – Escalate Service Account To LocalSystem Via Kerberos
Escalate Service Account To LocalSystem via Kerberos. Traditional Potatoes Friends familiar with the "Potato" series of privilege escalation should know...
Caracal – Static Analyzer For Starknet Smart Contracts
Caracal is a static analyzer tool over the SIERRA representation for Starknet smart contracts. Features Detectors to detect vulnerable Cairo...
Dissect – Digital Forensics, Incident Response Framework And Toolset That Allows You To Quickly Access And Analyse Forensic Artefacts From Various Disk And File Formats
Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic...
ModuleShifting – Stealthier Variation Of Module Stomping And Module Overloading Injection Techniques That Reduces Memory IoCs
ModuleShifting is stealthier variation of Module Stomping and Module overloading injection technique. It is actually implemented in Python ctypes so...
Nodesub – Command-Line Tool For Finding Subdomains In Bug Bounty Programs
Nodesub is a command-line tool for finding subdomains in bug bounty programs. It supports various subdomain enumeration techniques and provides...
Apepe – Enumerate Information From An App Based On The APK File
Apepe is a Python tool developed to help pentesters and red teamers to easily get information from the target app....
Mellon – OSDP Attack Tool
OSDP attack tool (and the Elvish word for friend) Attack #1: Encryption is Optional OSDP supports, but doesn't strictly require,...
Electron_Shell – Developing A More Covert Remote Access Trojan (RAT) Tool By Leveraging Electron’s Features For Command Injection And Combining It With Remote Control Methods
Electron_shell Developing a more covert Remote Access Trojan (RAT) tool by leveraging Electron's features for command injection and combining it...
Skyhook – A Round-Trip Obfuscated HTTP File Transfer Setup Built To Bypass IDS Detections
Skyhook is a REST-driven utility used to smuggle files into and out of networks defended by IDS implementations. It comes...
Pinkerton – An JavaScript File Crawler And Secret Finder Developed In Python
️️ Pinkerton is a Python tool created to crawl JavaScript files and search for secrets Installing / Getting started A...
WMIExec – Set Of Python Scripts Which Perform Different Ways Of Command Execution Via WMI Protocol
Set of python scripts which perform different ways of command execution via WMI protocol. Blog Post https://whiteknightlabs.com/2023/06/26/navigating-stealthy-wmi-lateral-movement/ Usage wmiexec_scheduledjob.py Is...
KnockKnock – Enumerate Valid Users Within Microsoft Teams And OneDrive With Clean Output
Designed to validate potential usernames by querying OneDrive and/or Microsoft Teams, which are passive methods. Additionally, it can output/create a...
