Caracal – Static Analyzer For Starknet Smart Contracts
Caracal is a static analyzer tool over the SIERRA representation for Starknet smart contracts. Features Detectors to detect vulnerable Cairo...
hacking
Dissect – Digital Forensics, Incident Response Framework And Toolset That Allows You To Quickly Access And Analyse Forensic Artefacts From Various Disk And File Formats
Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic...
ModuleShifting – Stealthier Variation Of Module Stomping And Module Overloading Injection Techniques That Reduces Memory IoCs
ModuleShifting is stealthier variation of Module Stomping and Module overloading injection technique. It is actually implemented in Python ctypes so...
Nodesub – Command-Line Tool For Finding Subdomains In Bug Bounty Programs
Nodesub is a command-line tool for finding subdomains in bug bounty programs. It supports various subdomain enumeration techniques and provides...
Apepe – Enumerate Information From An App Based On The APK File
Apepe is a Python tool developed to help pentesters and red teamers to easily get information from the target app....
Mellon – OSDP Attack Tool
OSDP attack tool (and the Elvish word for friend) Attack #1: Encryption is Optional OSDP supports, but doesn't strictly require,...
Electron_Shell – Developing A More Covert Remote Access Trojan (RAT) Tool By Leveraging Electron’s Features For Command Injection And Combining It With Remote Control Methods
Electron_shell Developing a more covert Remote Access Trojan (RAT) tool by leveraging Electron's features for command injection and combining it...
Skyhook – A Round-Trip Obfuscated HTTP File Transfer Setup Built To Bypass IDS Detections
Skyhook is a REST-driven utility used to smuggle files into and out of networks defended by IDS implementations. It comes...
Pinkerton – An JavaScript File Crawler And Secret Finder Developed In Python
️️ Pinkerton is a Python tool created to crawl JavaScript files and search for secrets Installing / Getting started A...
WMIExec – Set Of Python Scripts Which Perform Different Ways Of Command Execution Via WMI Protocol
Set of python scripts which perform different ways of command execution via WMI protocol. Blog Post https://whiteknightlabs.com/2023/06/26/navigating-stealthy-wmi-lateral-movement/ Usage wmiexec_scheduledjob.py Is...
KnockKnock – Enumerate Valid Users Within Microsoft Teams And OneDrive With Clean Output
Designed to validate potential usernames by querying OneDrive and/or Microsoft Teams, which are passive methods. Additionally, it can output/create a...
AtlasReaper – A Command-Line Tool For Reconnaissance And Targeted Write Operations On Confluence And Jira Instances
AtlasReaper is a command-line tool developed for offensive security purposes, primarily focused on reconnaissance of Confluence and Jira. It...
EDRaser – Tool For Remotely Deleting Access Logs, Windows Event Logs, Databases, And Other Files
EDRaser is a powerful tool for remotely deleting access logs, Windows event logs, databases, and other files on remote machines....
HTMLSmuggler – HTML Smuggling Generator And Obfuscator For Your Red Team Operations
" dir="auto"><script> import { download } from './payload.esm';</script> Call download() function: <template> <button @click="download()">Some phishy button</button></template> Happy phishing :) FAQ...
Dynmx – Signature-based Detection Of Malware Features Based On Windows API Call Sequences
dynmx (spoken dynamics) is a signature-based detection approach for behavioural malware features based on Windows API call sequences. In a...
Sekiryu – Comprehensive Toolkit For Ghidra Headless
This Ghidra Toolkit is a comprehensive suite of tools designed to streamline and automate various tasks associated with running Ghidra...
Callisto – An Intelligent Binary Vulnerability Analysis Tool
Callisto is an intelligent automated binary vulnerability analysis tool. Its purpose is to autonomously decompile a provided binary and iterate...
SMShell – Send Commands And Receive Responses Over SMS From Mobile Broadband Capable Computers
PoC for an SMS-based shell. Send commands and receive responses over SMS from mobile broadband capable computers. This tool came...
Surf – Escalate Your SSRF Vulnerabilities On Modern Cloud Environments
surf allows you to filter a list of hosts, returning a list of viable SSRF candidates. It does this by...
ADCSKiller – An ADCS Exploitation Automation Tool Weaponizing Certipy And Coercer
ADCSKiller is a Python-based tool designed to automate the process of discovering and exploiting Active Directory Certificate Services (ADCS) vulnerabilities....
Promptmap – Automatically Tests Prompt Injection Attacks On ChatGPT Instances
Prompt injection is a type of security vulnerability that can be exploited to control the behavior of a ChatGPT instance....
Z9 – PowerShell Script Analyzer
Abstract This tools detects the artifact of the PowerShell based malware from the eventlog of PowerShell logging. Online Demo Install...
NucleiFuzzer – Powerful Automation Tool For Detecting XSS, SQLi, SSRF, Open-Redirect, Etc.. Vulnerabilities In Web Applications
NucleiFuzzer is an automation tool that combines ParamSpider and Nuclei to enhance web application security testing. It uses ParamSpider to...
KaliPackergeManager – Kali Packerge Manager
kalipm.sh is a powerful package management tool for Kali Linux that provides a user-friendly menu-based interface to simplify the installation...
