hacking

a62db729bc903786ddeeeda5100809ac5b7f91cb78a27ce9da76663aa39afce8

Wafaray – Enhance Your Malware Detection With WAF + YARA (WAFARAY)

May 18, 2023

WAFARAY is a LAB deployment based on Debian 11.3.0 (stable) x64 made and cooked between two main ingredients WAF +...

ea716aeefb1718386d331f9bde208451eb017b91dcbc3c01f72a8aa9ef5e2d4d

RustChain – Hide Memory Artifacts Using ROP And Hardware Breakpoints

May 17, 2023

This tool is a simple PoC of how to hide memory artifacts using a ROP chain in combination with hardware...

Cbrutekrag – Penetration Tests On SSH Servers Using Brute Force Or Dictionary Attacks. Written In C

May 17, 2023

Penetration tests on SSH servers using dictionary attacks. Written in C. brute krag means "brute force" in afrikáans Disclaimer This...

c3612886b816dca2c168a9f2329c54f7a47a529baf396f6cf2abd53afbfc16c0

ShadowSpray – A Tool To Spray Shadow Credentials Across An Entire Domain In Hopes Of Abusing Long Forgotten GenericWrite/GenericAll DACLs Over Other Objects In The Domain

May 15, 2023

A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other...

77a3997bb1933435e5c9afb60ee71c08b43af21a3c33db8992c8b2f1fad9d9cd

PassMute – PassMute – A Multi Featured Password Transmutation/Mutator Tool

May 14, 2023

This is a command-line tool written in Python that applies one or more transmutation rules to a given password or...

5675e89b6b42252ce4f40e9d4e10de127cd512f32a67d2fcce6da415369b73f8

Lfi-Space – LFI Scan Tool

May 13, 2023

Written by TMRSWRR Version 1.0.0 All in one tools for LFI VULN FINDER -LFI DORK FINDER Instagram: TMRSWRR Screenshots How...

43fa134e977eff69e696dc12c3cd9c5bf5aac6bf7c3f55237c4df68b2262cc8c

TLDHunt – Domain Availability Checker

May 12, 2023

TLDHunt is a command-line tool designed to help users find available domain names for their online projects or businesses. By...

d414631e9b2264d53ed503250b682b7efa99083aae233bde798b6007c4c0f288

Indicator-Intelligence – Finds Related Domains And IPv4 Addresses To Do Threat Intelligence After Indicator-Intelligence Collects Static Files

May 11, 2023

Finds related domains and IPv4 addresses to do threat intelligence after Indicator-Intelligence collects static files. Done Related domains, IPs collect...

Tools

SpiderSuite – Advance Web Spider/Crawler For Cyber Security Professionals

May 10, 2023

An advance cross-platform and multi-feature GUI web spider/crawler for cyber security proffesionals. Spider Suite can be used for attack surface...

d9f8ddf2e3bd645fd3c127498376a69f4eaa9bb3673256f26a9bc341b0093085

Domain-Protect – OWASP Domain Protect – Prevent Subdomain Takeover

May 9, 2023

OWASP Global AppSec Dublin - talk and demo Features scan Amazon Route53 across an AWS Organization for domain records vulnerable...

46b5cbcca1c64adf5905d98ffff6ac83ba8d871d0a266d26d3cf4e1d5ab22498

Nimbo-C2 – Yet Another (Simple And Lightweight) C2 Framework

May 8, 2023

About Nimbo-C2 is yet another (simple and lightweight) C2 framework. Nimbo-C2 agent supports x64 Windows & Linux. It's written in...

4a6eeb9f1cad9981865e6b6314b9e5af3c4bc4e92ef44bad062de40e6836ad55

NTLMRecon – A Tool For Performing Light Brute-Forcing Of HTTP Servers To Identify Commonly Accessible NTLM Authentication Endpoints

May 7, 2023

NTLMRecon is a Golang version of the original NTLMRecon utility written by Sachin Kamath (AKA pwnfoo). NTLMRecon can be leveraged...

df22d2c1f30b0a2bd8d968e70f71c450be7a6b22fe1f79e896d085279fc28cb2

Fuzztruction – Prototype Of A Fuzzer That Does Not Directly Mutate Inputs (As Most Fuzzers Do) But Instead Uses A So-Called Generator Application To Produce An Input For Our Fuzzing Target

May 6, 2023

Fuzztruction is an academic prototype of a fuzzer that does not directly mutate inputs (as most fuzzers do) but instead...

347c35b71773da6dbcba464d3330c8b634f76a96445a1d0db51b4ae4f3353389

Spartacus – DLL Hijacking Discovery Tool

May 5, 2023

Why "Spartacus"? If you have seen the film Spartacus from 1960, you will remember the scene where the Romans are...

ce2ebdce576a32884f8eb74915d12355fefcd05571593f224cd21ecf42b96df9

Teler-Waf – A Go HTTP Middleware That Provides Teler IDS Functionality To Protect Against Web-Based Attacks And Improve The Security Of Go-based Web Applications

May 4, 2023

teler-waf is a comprehensive security solution for Go-based web applications. It acts as an HTTP middleware, providing an easy-to-use interface...

ab9f534f4bf840091ba0f69124789647e80798ef6f2d86e50a4dfe99e179a077

Metlo – An Open-Source API Security Platform

May 3, 2023

Secure Your API. Metlo is an open-source API security platform With Metlo you can: Create an Inventory of all your...

ab196e0b9e3cdbd13e6a7f67f92e4e1385ab7a4655dc548419be62c761c89d0e

hardCIDR – Linux Bash Script To Discover The Netblocks, Or Ranges, Owned By The Target Organization

May 2, 2023

A Linux Bash script to discover the netblocks, or ranges, (in CIDR notation) owned by the target organization during the...

Sh4D0Wup – Signing-key Abuse And Update Exploitation Framework

May 2, 2023

Signing-key abuse and update exploitation framework. % docker run -it --rm ghcr.io/kpcyrd/sh4d0wup:edge -hUsage: sh4d0wup <COMMAND>Commands: bait Start a malicious update...

REcollapse Is A Helper Tool For Black-Box Regex Fuzzing To Bypass Validations And Discover Normalizations In Web Applications

May 2, 2023

REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications. It can...

Bearer – Code Security Scanning Tool (SAST) That Discover, Filter And Prioritize Security Risks And Vulnerabilities Leading To Sensitive Data Exposures (PII, PHI, PD)

April 29, 2023

Discover, filter, and prioritize security risks and vulnerabilities impacting your code. Bearer is a static application security testing (SAST) tool...

9a6d23b1b8322752c865399b654d25a3e5d256b0b5bb17a22f85ae58df38d60d

FirebaseExploiter – Vulnerability Discovery Tool That Discovers Firebase Database Which Are Open And Can Be Exploitable

April 29, 2023

FirebaseExploiter is a vulnerability discovery tool that discovers Firebase Database which are open and can be exploitable. Primarily built for...

89c74ec95b804da40db37c7e5e68b5e9fbc2131f064d0189805f348007216452

PhoneSploit-Pro – An All-In-One Hacking Tool To Remotely Exploit Android Devices Using ADB And Metasploit-Framework To Get A Meterpreter Session

April 27, 2023

An all-in-one hacking tool written in Python to remotely exploit Android devices using ADB (Android Debug Bridge) and Metasploit-Framework. Complete...

8917a5ac90d3155577460b44bcabbf620cc34af1863ec8d0945deb5b52115601

PortEx – Java Library To Analyse Portable Executable Files With A Special Focus On Malware Analysis And PE Malformation Robustness

April 26, 2023

PortEx is a Java library for static malware analysis of Portable Executable files. Its focus is on PE malformation robustness,...

53dc7b8db04c01bd2b2eb8b967c8b1ab5fb2df974d61e0467e5dd6010fa5268b

auditpolCIS – CIS Benchmark Testing Of Windows SIEM Configuration

April 25, 2023

CIS Benchmark testing of Windows SIEM configuration This is an application for testing the configuration of Windows Audit Policy settings...

hacking

Wafaray – Enhance Your Malware Detection With WAF + YARA (WAFARAY)

RustChain – Hide Memory Artifacts Using ROP And Hardware Breakpoints

Cbrutekrag – Penetration Tests On SSH Servers Using Brute Force Or Dictionary Attacks. Written In C

ShadowSpray – A Tool To Spray Shadow Credentials Across An Entire Domain In Hopes Of Abusing Long Forgotten GenericWrite/GenericAll DACLs Over Other Objects In The Domain

PassMute – PassMute – A Multi Featured Password Transmutation/Mutator Tool

Lfi-Space – LFI Scan Tool

TLDHunt – Domain Availability Checker

Indicator-Intelligence – Finds Related Domains And IPv4 Addresses To Do Threat Intelligence After Indicator-Intelligence Collects Static Files

SpiderSuite – Advance Web Spider/Crawler For Cyber Security Professionals

Domain-Protect – OWASP Domain Protect – Prevent Subdomain Takeover

Nimbo-C2 – Yet Another (Simple And Lightweight) C2 Framework

NTLMRecon – A Tool For Performing Light Brute-Forcing Of HTTP Servers To Identify Commonly Accessible NTLM Authentication Endpoints

Fuzztruction – Prototype Of A Fuzzer That Does Not Directly Mutate Inputs (As Most Fuzzers Do) But Instead Uses A So-Called Generator Application To Produce An Input For Our Fuzzing Target

Spartacus – DLL Hijacking Discovery Tool

Teler-Waf – A Go HTTP Middleware That Provides Teler IDS Functionality To Protect Against Web-Based Attacks And Improve The Security Of Go-based Web Applications

Metlo – An Open-Source API Security Platform

hardCIDR – Linux Bash Script To Discover The Netblocks, Or Ranges, Owned By The Target Organization

Sh4D0Wup – Signing-key Abuse And Update Exploitation Framework

REcollapse Is A Helper Tool For Black-Box Regex Fuzzing To Bypass Validations And Discover Normalizations In Web Applications

Bearer – Code Security Scanning Tool (SAST) That Discover, Filter And Prioritize Security Risks And Vulnerabilities Leading To Sensitive Data Exposures (PII, PHI, PD)

FirebaseExploiter – Vulnerability Discovery Tool That Discovers Firebase Database Which Are Open And Can Be Exploitable

PhoneSploit-Pro – An All-In-One Hacking Tool To Remotely Exploit Android Devices Using ADB And Metasploit-Framework To Get A Meterpreter Session

PortEx – Java Library To Analyse Portable Executable Files With A Special Focus On Malware Analysis And PE Malformation Robustness

auditpolCIS – CIS Benchmark Testing Of Windows SIEM Configuration

CVE Alert: CVE-2025-31594

CVE Alert: CVE-2025-31628

CVE Alert: CVE-2025-31612

CVE Alert: CVE-2025-31619

CVE Alert: CVE-2025-31580

You may have missed