CloudBrute – Awesome Cloud Enumerator
A tool to find a company (target) infrastructure, files, and apps on the top cloud providers (Amazon, Google, Microsoft, DigitalOcean,...
hacking
Hfinger – Fingerprinting HTTP Requests
Tool for Fingerprinting HTTP requests of malware. Based on Tshark and written in Python3. Working prototype stage :-) Its main...
VulnNodeApp – A Vulnerable Node.Js Application
A vulnerable application made using node.js, express server and ejs template engine. This application is meant for educational purposes only....
XMGoat – Composed of XM Cyber terraform templates that help you learn about common Azure security issues
XM Goat is composed of XM Cyber terraform templates that help you learn about common Azure security issues. Each template...
Extrude – Analyse Binaries For Missing Security Features, Information Disclosure And More…
Analyse binaries for missing security features, information disclosure and more. Extrude is in the early stages of development, and currently...
BokuLoader – A Proof-Of-Concept Cobalt Strike Reflective Loader Which Aims To Recreate, Integrate, And Enhance Cobalt Strike’s Evasion Features!
A proof-of-concept User-Defined Reflective Loader (UDRL) which aims to recreate, integrate, and enhance Cobalt Strike's evasion features! Contributors: Contributor Twitter...
Volana – Shell Command Obfuscation To Avoid Detection Systems
Shell command obfuscation to avoid SIEM/detection system During pentest, an important aspect is to be stealth. For this reason you...
CyberChef – The Cyber Swiss Army Knife – A Web App For Encryption, Encoding, Compression And Data Analysis
CyberChef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. These...
NativeDump – Dump Lsass Using Only Native APIs By Hand-Crafting Minidump Files (Without MinidumpWriteDump!)
NativeDump allows to dump the lsass process using only NTAPIs generating a Minidump file with only the streams needed to...
Sttr – Cross-Platform, Cli App To Perform Various Operations On String
sttr is command line software that allows you to quickly run various transformation operations on the string. // With input...
PIP-INTEL – OSINT and Cyber Intelligence Tool
Pip-Intel is a powerful tool designed for OSINT (Open Source Intelligence) and cyber intelligence gathering activities. It consolidates various open-source...
Thief Raccoon – Login Phishing Tool
Thief Raccoon is a tool designed for educational purposes to demonstrate how phishing attacks can be conducted on various operating...
X-Recon – A Utility For Detecting Webpage Inputs And Conducting XSS Scans
A utility for identifying web page inputs and conducting XSS scanning. Features: Subdomain Discovery: Retrieves relevant subdomains for the target...
LDAPWordlistHarvester – A Tool To Generate A Wordlist From The Information Present In LDAP, In Order To Crack Passwords Of Domain Accounts
A tool to generate a wordlist from the information present in LDAP, in order to crack non-random passwords of domain...
Headerpwn – A Fuzzer For Finding Anomalies And Analyzing How Servers Respond To Different HTTP Headers
Install To install headerpwn, run the following command: go install github.com/devanshbatham/[email protected] Usage headerpwn allows you to test various headers on...
SherlockChain – A Streamlined AI Analysis Framework For Solidity, Vyper And Plutus Contracts
SherlockChain is a powerful smart contract analysis framework that combines the capabilities of the renowned Slither tool with advanced AI-powered...
Pyrit – The Famous WPA Precomputed Cracker
Pyrit allows you to create massive databases of pre-computed WPA/WPA2-PSK authentication phase in a space-time-tradeoff. By using the computational power...
EvilSlackbot – A Slack Bot Phishing Framework For Red Teaming Exercises
EvilSlackbot A Slack Attack Framework for conducting Red Team and phishing exercises within Slack workspaces. Disclaimer This tool is intended...
Ars0N-Framework – A Modern Framework For Bug Bounty Hunting
Howdy! My name is Harrison Richardson, or rs0n (arson) when I want to feel cooler than I really am. The...
Reaper – Proof Of Concept On BYOVD Attack
Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting...
ROPDump – A Command-Line Tool Designed To Analyze Binary Executables For Potential Return-Oriented Programming (ROP) Gadgets, Buffer Overflow Vulnerabilities, And Memory Leaks
ROPDump is a tool for analyzing binary executables to identify potential Return-Oriented Programming (ROP) gadgets, as well as detecting potential...
Startup-SBOM – A Tool To Reverse Engineer And Inspect The RPM And APT Databases To List All The Packages Along With Executables, Service And Versions
This is a simple SBOM utility which aims to provide an insider view on which packages are getting executed. The...
ShellSweep – PowerShell/Python/Lua Tool Designed To Detect Potential Webshell Files In A Specified Directory
Tags: Aspx, Encryption, Entropy, Hashes, Malware, Obfuscation, PowerShell, Processes, Scan, Scanning, Scripts, Toolbox, ShellSweepShellSweep - ShellSweeping the evil.Shellsweep - Shellsweeping...
Invoke-SessionHunter – Retrieve And Display Information About Active User Sessions On Remote Computers (No Admin Privileges Required)
Retrieve and display information about active user sessions on remote computers. No admin privileges required. The tool leverages the remote...
