The pentester's Swiss knife

BurpSuite exention

HaE: BurpSuite Highlighter and Extractor

HaE – Highlighter and Extractor HaE is used to highlight HTTP requests and extract information from HTTP response messages or request messages.   The plugin can custom regular expressions to match HTTP response messages. You can decide...

Attack Simulation Platform

OpenBAS: Open Breach and Attack Simulation Platform

OpenBAS OpenBAS is an open-source platform allowing organizations to plan, schedule, and conduct cyber adversary simulation campaigns and tests. The goal is to create a powerful, reliable, and open-source tool to effectively plan and...

recover deleted files

RecoverPy: Recover overwritten or deleted data

RecoverPy You can already find plenty of solutions to recover deleted files, but it can be a hassle to recover overwritten files. RecoverPy searches through every block of your partition to find your request....

Reverse Shells

EchoStrike: Undetectable Reverse Shells with a Pythonic Twist

EchoStrike EchoStrike is a tool designed to generate undetectable reverse shells and perform process injection on Windows systems. Through an interactive wizard written in Python, users can customize their binaries with advanced persistence and encryption techniques. The malware code is written...

Security Assessment tool

Cloudsplaining: an AWS IAM Security Assessment tool

Cloudsplaining Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized HTML report. Cloudsplaining identifies violations of least privilege in AWS IAM policies and generates a...

Red Team

GhostStrike: The Undetectable Red Team Weapon

GhostStrike GhostStrike is an advanced cybersecurity tool designed for Red Team operations, featuring sophisticated techniques to evade detection and perform process hollowing on Windows systems. Feature Dynamic API Resolution: Utilizes a custom hash-based method to dynamically...

Events Router

vector: High-Performance, Logs, Metrics, & Events Router

Vector Vector is a high-performance, end-to-end (agent & aggregator) observability data pipeline that puts you in control of your observability data. Collect, transform, and route all your logs, metrics, and traces to any vendors you want today and...

pivoting tool

ligolo-ng: advanced tunneling/pivoting tool

Ligolo-ng : Tunneling like a VPN An advanced, yet simple, tunneling tool that uses a TUN interface. Ligolo-ng is a simple, lightweight, and fast tool that allows pentesters to establish tunnels from a reverse TCP/TLS connection without the need of...

Ethereum fuzz testing framework

echidna: Ethereum fuzz testing framework

echidna Echidna is a weird creature that eats bugs and is highly electrosensitive (with apologies to Jacob Stanley) More seriously, Echidna is a Haskell program designed for fuzzing/property-based testing of Ethereum smart contracts. It...