An automation tool that scans sub-domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters....
Once upon a time (just a handful of years ago), vulnerability management programs focused solely on servers, running quarterly scans...
Yet Another Golang Binary Parser For IDAPro NOTE: This master branch is written in Python2 for IDAPython, and tested only...
FinalRecon is an automatic web reconnaissance tool written in python. Goal of FinalRecon is to provide an overview of the...
Process Herpaderping is a method of obscuring the intentions of a process by modifying the content on disk after the...
Linux evil toolkit is a framework that aims to centralize, standardize and simplify the use of various security tools for...
tfsec uses static analysis of your terraform templates to spot potential security issues. Now with terraform v0.12+ support. Example OutputInstallationInstall...
Scripthunter is a tool that finds javascript files for a given website. To scan Google, simply run ./scripthunter.sh https://google.com. Note...
LabCIF - Forensic Analysis for Mobile AppsGetting StartedAndroid extraction and analysis framework with an integrated Autopsy Module. Dump easily user...
Leonidas is a framework for executing attacker actions in the cloud. It provides a YAML-based format for defining cloud attacker...
OctopusWAF is a open source Web application firewall, is made in C language uses libevent to make multiple connections. First...
NFCGate is an Android application meant to capture, analyze, or modify NFC traffic. It can be used as a researching...
This is the fourth and final installment of our series around 2021 security planning. Through this series, we talked to...
Jumping right back to a triple digit volume of vulnerabilities resolved, Microsoft covers 112 CVEs this November affecting products ranging...
What’s up? On November 6, 2020 Microsoft’s Kevin Beaumont alerted the community to evidence of active exploitation attempts of CVE-2020-3992...
Based on pywebfuzz, Py3webfuzz is a Python3 module to assist in the identification of vulnerabilities in web applications, Web Services...
Paradoxia Remote Access Tool. FeaturesParadoxia Console Feature Description Easy to use Paradoxia is extremely easy to use, So far the easiest...
What’s up? We start the November critical vulnerability season with a pair of CVEs—CVE-2020-16846 and CVE-2020-25592—that, when combined, can result...
Top 5 multi group queries for analyzing network sensor dataWe launched the Insight Network Sensor earlier this year and have...
Web Application Security Recon Automation FrameworkIt takes user input as a domain name and maximize the attack surface area by...
A web application that makes it easy to run your pentest and bug bounty projects.DescriptionThe app provides a convenient web...
The Belfast Team Partaking in #Rapid7GivesBack Month If you like the site, please consider joining the telegram channel or supporting...
The ShowStopper project is a tool to help malware researchers explore and test anti-debug techniques or verify debugger plugins or...
Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like...
