Mass Assigner is a powerful tool designed to identify and exploit mass assignment vulnerabilities in web applications. It achieves this...
Evade EDR's the simple way, by not touching any of the API's they hook. Theory I've noticed that most EDRs...
Evade EDR's the simple way, by not touching any of the API's they hook. Theory I've noticed that most EDRs...
A make an LKM rootkit visible again. This tool is part of research on LKM rootkits that will be launched....
ModTracer Finds Hidden Linux Kernel Rootkits and then make visible again.Another way to make an LKM visible is using the imperius trick: https://github.com/MatheuZSecurity/ImperiusDownload ModTracer...
DockerSpy searches for images on Docker Hub and extracts sensitive information such as authentication secrets, private keys, and more. What...
Reconnaissance is the first phase of penetration testing which means gathering information before any real attacks are planned So Ashok...
A tool to find a company (target) infrastructure, files, and apps on the top cloud providers (Amazon, Google, Microsoft, DigitalOcean,...
Tool for Fingerprinting HTTP requests of malware. Based on Tshark and written in Python3. Working prototype stage :-) Its main...
A vulnerable application made using node.js, express server and ejs template engine. This application is meant for educational purposes only....
XM Goat is composed of XM Cyber terraform templates that help you learn about common Azure security issues. Each template...
Analyse binaries for missing security features, information disclosure and more. Extrude is in the early stages of development, and currently...
A proof-of-concept User-Defined Reflective Loader (UDRL) which aims to recreate, integrate, and enhance Cobalt Strike's evasion features! Contributors: Contributor Twitter...
Shell command obfuscation to avoid SIEM/detection system During pentest, an important aspect is to be stealth. For this reason you...
CyberChef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. These...
NativeDump allows to dump the lsass process using only NTAPIs generating a Minidump file with only the streams needed to...
sttr is command line software that allows you to quickly run various transformation operations on the string. // With input...
Pip-Intel is a powerful tool designed for OSINT (Open Source Intelligence) and cyber intelligence gathering activities. It consolidates various open-source...
Thief Raccoon is a tool designed for educational purposes to demonstrate how phishing attacks can be conducted on various operating...
A utility for identifying web page inputs and conducting XSS scanning. Features: Subdomain Discovery: Retrieves relevant subdomains for the target...
Pyrit allows you to create massive databases of pre-computed WPA/WPA2-PSK authentication phase in a space-time-tradeoff. By using the computational power...
A tool to generate a wordlist from the information present in LDAP, in order to crack non-random passwords of domain...
Install To install headerpwn, run the following command: go install github.com/devanshbatham/[email protected] Usage headerpwn allows you to test various headers on...
SherlockChain is a powerful smart contract analysis framework that combines the capabilities of the renowned Slither tool with advanced AI-powered...
