Astra – Automated Security Testing For REST API’s
REST API penetration testing is complex due to continuous changes in existing APIs and newly added APIs. Astra can be...
tools
HTTPS Everywhere – A Browser Extension That Encrypts Your Communications With Many Websites That Offer HTTPS But Still Allow Unencrypted Connections
A browser extension that encrypts your communications with many websites that offer HTTPS but still allow unencrypted connections.Getting StartedGet the...
uDork – Google Hacking Tool
uDork is a script written in Python that uses advanced Google search techniques to obtain sensitive information in files or...
XXExploiter – Tool To Help Exploit XXE Vulnerabilities
I wrote this tool to help me testing XXE vulnerabilities.It generates the XML payloads, and automatically starts a server to...
Maryam v1.4.0 – Open-source Intelligence(OSINT) Framework
OWASP Maryam is an Open-source intelligence(OSINT) and Web-based Footprinting modular/tool framework based on the Recon-ng and written in Python. If...
InstaSave – Python Script To Download Images, Videos & Profile Pictures From Instagram
InstaSave is a python script to download images, videos & profile pictures from Instagram without any API access.FeaturesDownload Instagram PhotosDownload...
xShock – Shellshock Exploit
xShock ShellShock (CVE-2014-6271)This tool exploits shellshock.Written by Hulya KarabagVersion 1.0.0Instagram: Capture the RootScreenshotsHow to useRead MeAll founded directories will be...
The Importance of Network Visibility With a Remote Workforce
We are now living in challenging times due to the COVID-19 outbreak as we work from home, self-isolate, and protect...
Chepy – A Python Lib/Cli Equivalent Of The Awesome CyberChef Tool.
Chepy is a python library with a handy cli that is aimed to mirror some of the capabilities of CyberChef....
Sshuttle – Transparent Proxy Server That Works As A Poor Man’S VPN. Forwards Over SSH
As far as I know, sshuttle is the only program that solves the following common case:Your client machine (or router)...
How to Maintain Your Cybersecurity Posture in Uncertain Times
Right now, we are all dealing with uncertain times, given the COVID-19 pandemic. The organizations we work for are depending...
Lazydocker – The Lazier Way To Manage Everything Docker
A simple terminal UI for both docker and docker-compose, written in Go with the gocui library.Minor rant incoming: Something's not...
Pypykatz – Mimikatz Implementation In Pure Python
Mimikatz implementation in pure Python. At least a part of it :)Runs on all OS's which support python>=3.6 WIKISince version...
Redefining How to Measure the Success of Your Vulnerability Management Program
Could your team be wasting its time reporting vulnerability metrics that don’t matter? Security teams often fall into the trap...
Token-Reverser – Word List Generator To Crack Security Tokens
Word list generator to crack security tokens.Example use case You are testing reset password function Reset password token was sent...
shuffleDNS – Wrapper Around Massdns Written In Go That Allows You To Enumerate Valid Subdomains
shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as...
How Rapid7 Customer Hilltop Holdings Integrates Security Tools for a Multi-Layered Approach
Recently, we interviewed Anthony Edwards, director of security operations for Hilltop Holdings, about how his financial holdings organization approaches multi-level...
Our Commitment to Keeping Your Organization Secure During COVID-19
COVID-19 has created a great deal of concern and uncertainty, and we want to reassure our customers that your security...
How to WFH and Keep Your Digital Self Safe
We have rapidly entered a new era of living with a global pandemic. As a result, many are working from...
AWSGen.py – Generates Permutations, Alterations And Mutations Of AWS S3 Buckets Names
AWSGen.py is a simple tool for generates permutations, alterations and mutations of AWS S3 Buckets Names.Download AWSGen.py Original Source
Jeopardize – A Low(Zero) Cost Threat Intelligence & Response Tool Against Phishing Domains
Jeopardize tool is developed to provide basic threat intelligence&response capabilities against phishing domains at the minimum cost as possible. It...
TEA – Ssh-Client Worm
A ssh-client worm made with tas framework.How it works?This is a fakessh-client that manipulates the tty input/output to execute arbitrary...
Zelos – A Comprehensive Binary Emulation Platform
Zelos (Zeropoint Emulated Lightweight Operating System) is a python-based binary emulation platform. One use of zelos is to quickly assess...
Pickl3 – Windows Active User Credential Phishing Tool
Pickl3 is Windows active user credential phishing tool. You can execute the Pickl3 and phish the target user credential.Operational Usage...
