H4Rpy – Automated WPA/WPA2 PSK Attack Tool
h4rpy is an automated WPA/WPA2 PSK attack tool, wrapper of aircrack-ng framework.h4rpy provides clean interface for automated cracking of WPA/WPA2...
tools
SNIcat – Server Name Indication Concatenator
SNIcat is a proof of concept tool that performs data exfiltration, utilizing a covert channel method via. Server Name Indication,...
Geo-Recon – An OSINT CLI Tool Desgined To Fast Track IP Reputation And Geo-locaton Look Up For Security Analysts
An OSINT CLI tool desgined to fast track IP Reputation and Geo-locaton look up for Security Analysts.SetupThis tool is compactible...
Bbrecon – Python Library And CLI For The Bug Bounty Recon API
Bug Bounty Recon (bbrecon) is a free Recon-as-a-Service for bug bounty hunters and security researchers. The API aims to provide...
SpaceSiren – A Honey Token Manager And Alert System For AWS
SpaceSiren is a honey token manager and alert system for AWS. With this fully serverless application, you can create and...
LOLBITS v2.0.0 – C2 Framework That Uses Background Intelligent Transfer Service (BITS) As Communication Protocol And Direct Syscalls + Dinvoke For EDR User-Mode Hooking Evasion
LOLBITS is a C2 framework that uses Microsoft's Background Intelligent Transfer Service (BITS) to establish the communication channel between the...
This One Time on a Pen Test: Playing Social Security Slots
Each year, Rapid7 penetration testers complete hundreds of internally and externally based penetration testing service engagements. This post is part...
Killchain – A Unified Console To Perform The “Kill Chain” Stages Of Attacks
What is “Kill Chain”?From Wikipedia: The term kill chain was originally used as a military concept related to the structure...
CrossC2 – Generate CobaltStrike’s Cross-Platform Payload
A security framework for enterprises and Red Team personnel, supports CobaltStrike's penetration testing of other platforms (Linux / MacOS /...
Ask a Pen Tester, Part 2: A Q&A With Rapid7 Pen Testers Gisela Hinojosa and Carlota Bindner
This blog post is part two of a two-part series. For more insights from Gisela and Carlota, check out part...
DVS – D(COM) V(ulnerability) S(canner) AKA Devious Swiss Army Knife
Did you ever wonder how you can move laterally through internal networks? or interact with remote machines without alerting EDRs?Let's...
Mihari – A Helper To Run OSINT Queries & Manage Results Continuously
Mihari is a helper to run queries & manage results continuously. Mihari can be used for C2, landing page and...
Why I Joined Rapid7
“I think the best way to tell a story is by starting at the end, briefly, then going back to...
SourceWolf – Amazingly Fast Response Crawler To Find Juicy Stuff In The Source Code!
Tested environments: Windows, MAC, linux, and windows subsystem for linux (WSL) What can SourceWolf do? Crawl through responses to find...
Iblessing – An iOS Security Exploiting Toolkit, It Mainly Includes Application Information Collection, Static Analysis And Dynamic Analysis
iblessingiblessing is an iOS security exploiting toolkit, it mainly includes application information collection, static analysis and dynamic analysis.iblessing is based...
Urlgrab – A Golang Utility To Spider Through A Website Searching For Additional Links
A golang utility to spider through a website searching for additional links with support for JavaScript rendering.Installgo get -u github.com/iamstoxe/urlgrabFeaturesCustomizable...
Osintgram – A OSINT Tool On Instagram
Osintgram is a OSINT tool on Instagram.Osintgram offers an interactive shell to perform analysis on Instagram account of any users...
Vulnerable-AD – Create A Vulnerable Active Directory That’S Allowing You To Test Most Of Active Directory Attacks In Local Lab
Create a vulnerable active directory that's allowing you to test most of active directory attacks in local lab.Main FeaturesRandomize AttacksFull...
Bluescan – A Powerful Bluetooth Scanner For Scanning BR/LE Devices, LMP, SDP, GATT And Vulnerabilities!
Bluescan is a open source project by Sourcell Xu from DBAPP Security HatLab. Anyone may redistribute copies of bluescan to...
SharpHose – Asynchronous Password Spraying Tool In C# For Windows Environments
SharpHose is a C# password spraying tool designed to be fast, safe, and usable over Cobalt Strike's execute-assembly. It provides...
Bashtop – Linux/OSX/FreeBSD Resource Monitor
Bpytop, bashtop python port is now available at https://github.com/aristocratos/bpytopIt's a lot faster and about a third as cpu heavy and...
Internet of Things Cybersecurity Regulation and Rapid7
Public policy and the Internet of ThingsOver the past few years, the security of the Internet of Things (IoT) has...
Hack-Tools – The All-In-One Red Team Extension For Web Pentester
The all-in-one Red Team browser extension for Web PentestersHackTools, is a web extension facilitating your web application penetration tests, it...
ezEmu – Simple Execution Of Commands For Defensive Tuning/Research
ezEmu enables users to test adversary behaviors via various execution techniques. Sort of like an "offensive framework for blue teamers",...
