Envizon v3.0 – Network Visualization And Vulnerability Management/Reporting
This tool is designed, developed and supported by evait security. In order to give something back to the security community,...
tools
Automating Multi-Factor Authentication: Time-Based One-Time Passwords
Two days ago marks my two years with Rapid7. It has been a fantastic adventure, and I’m quite excited to...
Zphisher – Automated Phishing Tool
Zphisher is an upgraded form of Shellphish. The main source code is from Shellphish . But I have not fully...
XSS-LOADER – XSS Payload Generator / XSS Scanner / XSS Dork Finder
All in one tools for XSS PAYLOAD GENERATOR -XSS SCANNER-XSS DORK FINDERWritten by Hulya KarabagInstagram: Hulya KarabagScreenshotsHow to useRead MeThis...
Active Exploitation of Unpatched Windows Font Parsing Vulnerability
Yesterday (March 23), Microsoft (https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200006) in a font rendering technology in many versions of Microsoft Windows with a warning that...
Cybersecurity Vulnerability Disclosure in Trade Agreements
Cybersecurity has now become a feature of modernized US trade agreements, with new cybersecurity provisions in the US-Mexico-Canada Agreement and...
Proactive Security Is the New Black: Lessons from the Trenches of Building a Security Product
On this week’s episode of Security Nation, we had the pleasure of speaking with Alex Kreilein, CISO for RapidDeploy, a...
Starkiller – A Frontend For PowerShell Empire
Starkiller is a Frontend for Powershell Empire. It is an Electron application written in VueJS. If you'd like to contribute...
FinalRecon v1.0.2 – OSINT Tool For All-In-One Web Reconnaissance
FinalRecon is a fast and simple python script for web reconnaissance. It follows a modular structure so in future new...
ScoringEngine – Scoring Engine For Red/White/Blue Team Competitions
Scoring Engine for Red/White/Blue Team CompetitionsGetting startedDownload Docker. If you are on Mac or Windows, Docker Compose will be automatically...
Astra – Automated Security Testing For REST API’s
REST API penetration testing is complex due to continuous changes in existing APIs and newly added APIs. Astra can be...
HTTPS Everywhere – A Browser Extension That Encrypts Your Communications With Many Websites That Offer HTTPS But Still Allow Unencrypted Connections
A browser extension that encrypts your communications with many websites that offer HTTPS but still allow unencrypted connections.Getting StartedGet the...
uDork – Google Hacking Tool
uDork is a script written in Python that uses advanced Google search techniques to obtain sensitive information in files or...
XXExploiter – Tool To Help Exploit XXE Vulnerabilities
I wrote this tool to help me testing XXE vulnerabilities.It generates the XML payloads, and automatically starts a server to...
Maryam v1.4.0 – Open-source Intelligence(OSINT) Framework
OWASP Maryam is an Open-source intelligence(OSINT) and Web-based Footprinting modular/tool framework based on the Recon-ng and written in Python. If...
InstaSave – Python Script To Download Images, Videos & Profile Pictures From Instagram
InstaSave is a python script to download images, videos & profile pictures from Instagram without any API access.FeaturesDownload Instagram PhotosDownload...
xShock – Shellshock Exploit
xShock ShellShock (CVE-2014-6271)This tool exploits shellshock.Written by Hulya KarabagVersion 1.0.0Instagram: Capture the RootScreenshotsHow to useRead MeAll founded directories will be...
The Importance of Network Visibility With a Remote Workforce
We are now living in challenging times due to the COVID-19 outbreak as we work from home, self-isolate, and protect...
Chepy – A Python Lib/Cli Equivalent Of The Awesome CyberChef Tool.
Chepy is a python library with a handy cli that is aimed to mirror some of the capabilities of CyberChef....
Sshuttle – Transparent Proxy Server That Works As A Poor Man’S VPN. Forwards Over SSH
As far as I know, sshuttle is the only program that solves the following common case:Your client machine (or router)...
How to Maintain Your Cybersecurity Posture in Uncertain Times
Right now, we are all dealing with uncertain times, given the COVID-19 pandemic. The organizations we work for are depending...
Lazydocker – The Lazier Way To Manage Everything Docker
A simple terminal UI for both docker and docker-compose, written in Go with the gocui library.Minor rant incoming: Something's not...
Pypykatz – Mimikatz Implementation In Pure Python
Mimikatz implementation in pure Python. At least a part of it :)Runs on all OS's which support python>=3.6 WIKISince version...
Redefining How to Measure the Success of Your Vulnerability Management Program
Could your team be wasting its time reporting vulnerability metrics that don’t matter? Security teams often fall into the trap...
