Penelope: A Shell Handler
Penelope Penelope is a shell handler designed to be easy to use and intended to replace netcat when exploiting RCE vulnerabilities. It is compatible with Linux and macOS and requires Python 3.6 or higher....
The pentester's Swiss knife
bomber: Scans Software Bill of Materials (SBOM) for security vulnerabilities
bomber bomber is an application that scans SBoMs for security vulnerabilities. Overview So you’ve asked a vendor for an Software Bill of Materials (SBOM) for one of their products, and they provided one to...
gost: GO Simple Tunnel
gost – GO Simple Tunnel Features Listening on multiple ports Multi-level forward proxies – proxy chain Standard HTTP/HTTPS/HTTP2/SOCKS4(A)/SOCKS5 proxy protocols support Probing resistance support for web proxy TLS encryption via negotiation support for SOCKS5...
dnsReaper: subdomain takeover tool for attackers, bug bounty hunters and the blue team
DNS Reaper DNS Reaper is yet another subdomain takeover tool, but with an emphasis on accuracy, speed, and the number of signatures in our arsenal! We can scan around 50 subdomains per second, testing...
Secure Stager: An x64 position-independent shellcode stager
Secure Stager This project demonstrates an x64 position-independent stager that verifies the stage it downloads prior to executing it. This offers a safeguard against man-in-the-middle attacks for those who are concerned about such things....
FISSURE: Frequency Independent SDR-based Signal Understanding and Reverse Engineering
FISSURE – The RF Framework Frequency Independent SDR-based Signal Understanding and Reverse Engineering FISSURE is an open-source RF and reverses engineering framework designed for all skill levels with hooks for signal detection and classification,...
vulnhuntr: A tool to identify remotely exploitable vulnerabilities
vulnhuntr Vulnhuntr leverages the power of LLMs to automatically create and analyze entire code call chains starting from remote user input and ending at server output for detection of complex, multi-step, security-bypassing vulnerabilities that...
kubeaudit: audit Kubernetes clusters for various different security concerns
kubeaudit kubeaudit is a command-line tool and a Go package to audit Kubernetes clusters for various different security concerns, such as: run as non-root use a read-only root filesystem drop scary capabilities, don’t add new...
GraphQL Cop: Security Audit Utility for GraphQL
GraphQL Cop – Security Audit Utility for GraphQL GraphQL Cop is a small Python utility to run common security tests against GraphQL APIs. GraphQL Cop is perfect for running CI/CD checks in GraphQL. It...
Ghost: Evasive shellcode loader
Ghost Ghost is a shellcode loader project designed to bypass multiple detection capabilities that are usually implemented by an EDR Detection 1 – kernel callbacks kernel callbacks are implemented by an EDR to harness...
ADcheck: Assess the security of your Active Directory
ADcheck Assess the security of your Active Directory with few or all privileges. This tool offers functionalities similar to PingCastle, ORADAD, or even PurpleKnight (with some bonuses). ADcheck is developed in pure Python to bypass operating system...
diskover: File system crawler, storage search engine and analytics
diskover diskover is an open-source file system indexer that uses Elasticsearch to index and manage data across heterogeneous storage systems. Using diskover, you are able to more effectively search and organize files, and system...
Scrapling: Fast, Adaptive Web Scraping for Python
Scrapling: Lightning-Fast, Adaptive Web Scraping for Python Scrapling is a high-performance, intelligent web scraping library for Python that automatically adapts to website changes while significantly outperforming popular alternatives. Whether you’re a beginner or an...
kubesec: Security risk analysis for Kubernetes resources
kubesec Security risk analysis for Kubernetes resources Download Kubesec is available as a: Docker container image at docker.io/kubesec/kubesec:v2 Linux/MacOS/Win binary (get the latest release) Kubernetes Admission Controller Kubectl plugin Or install the latest commit from...
Empire: PowerShell & Python post-exploitation agent
Empire Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers. The Empire server is written in Python 3 and is modular to allow operator flexibility....
Voidmaw: A new bypass technique for memory scanners
VOIDMAW This is a new bypass technique for memory scanners. It is useful in hiding problematic code that will be flagged by the antivirus vendors. This is basically an improved version of Voidgate, but without...
