Grouper2 – Find Vulnerabilities In AD Group Policy
What is it for?Grouper2 is a tool for pentesters to help find security-related misconfigurations in Active Directory Group Policy.It might...
tools
Gophish – Open-Source Phishing Toolkit
Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily...
Aaia – AWS Identity And Access Management Visualizer And Anomaly Finder
Aaia (pronounced as shown here ) helps in visualizing AWS IAM and Organizations in a graph format with help of...
Scallion – GPU-based Onion Addresses Hash Generator
Scallion lets you create vanity GPG keys and .onion addresses (for Tor's hidden services) using OpenCL.Scallion runs on Mono (tested...
Bluewall – A Firewall Framework Designed For Offensive And Defensive Cyber Professionals
Bluewall is a firewall framework designed for offensive and defensive cyber professionals. This framework allows Cybersecurity professionals to quickly setup...
AntiCheat-Testing-Framework – Framework To Test Any Anti-Cheat
Framework to test any Anti-Cheat on the market. This can be used as Template or Code Base to test any...
Gowitness – A Golang, Web Screenshot Utility Using Chrome Headless
gowitness is a website screenshot utility written in Golang, that uses Chrome Headless to generate screenshots of web interfaces using...
Active Exploitation of Citrix NetScaler (CVE-2019-19781): What You Need to Know
On Dec. 17, 2019, a directory traversal vulnerability was announced in the Citrix Application Discovery Controller and Citrix Gateway, which...
Lsassy – Extract Credentials From Lsass Remotely
Python library to remotely extract credentials. This blog post explains how it works.You can check the wikiThis library uses impacket...
LOLBITS – C# Reverse Shell Using Background Intelligent Transfer Service (BITS) As Communication Protocol
LOLBITS is a C# reverse shell that uses Microsoft's Background Intelligent Transfer Service (BITS) to communicate with the Command and...
Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601): What You Need to Know
What is the CryptoAPI Spoofing Vulnerability? Who is impacted?A flaw (CVE-2020-0601) has recently been found in the way the Microsoft...
How PCI Compliance Helps Keep Your App’s Credit Card Data Safe
Nowadays, it’s easier than ever to create an app that allows customers to interact with your brand. If your app...
Shell Backdoor List – PHP / ASP Shell Backdoor List
What is a shell backdoor ?A backdoor shell is a malicious piece of code (e.g. PHP, Python, Ruby) that can...
Hakrawler – Simple, Fast Web Crawler Designed For Easy, Quick Discovery Of Endpoints And Assets Within A Web Application
hakrawler is a Go web crawler designed for easy, quick discovery of endpoints and assets within a web application. It...
Announcing the 2020 Metasploit community CTF
Metasploit’s community CTF is back by popular demand. Starting January 30, put your skills to the test for a chance...
Gtfo – Search For Unix Binaries That Can Be Exploited To Bypass System Security Restrictions
This is a standalone script written in Python 3 for GTFOBins. You can search for Unix binaries that can be...
SWFPFinder – SWF Potential Parameters Finder
SWFPFinder is a simple and open source bash script designed to discovery the potential swf (file) parameters on the webapp...
Patch Tuesday – January 2020
The first Patch Tuesday of 2020 has been hotly anticipated due to a rumour that Microsoft would be fixing a...
How to Define and Communicate Vulnerability Risk Across Your Company
This is a guest post by Rapid7 customer Steven Maske, the Information Security Manager of a manufacturing, retail, and distribution...
laravelN00b – Automated Scan .env Files And Checking Debug Mode In Victim Host
Incorrect configuration allows you to access .env files or reading env variables. LaravelN00b automated scan .env files and checking debug...
Andriller – Software Utility With A Collection Of Forensic Tools For Smartphones
Andriller - is software utility with a collection of forensic tools for smartphones. It performs read-only, forensically sound, non-destructive acquisition...
Simplify Your Data Search with Query Builder in InsightVM
Security professionals responsible for vulnerability risk management are required to perform data querying and analysis on a regular basis to...
LAVA – Large-scale Automated Vulnerability Addition
Evaluating and improving bug-finding tools is currently difficult due to a shortage of ground truth corpora (i.e., software that has...
Heapinspect – Inspect Heap In Python
HeapInspect is designed to make heap much more prettier.Now this tool is a plugin of nadbg. Try it!FeaturesFree of gdb...
