The pentester's Swiss knife
GBounty GBounty is a multi-step website vulnerability scanner developed in Golang designed to help companies, pentesters, and bug hunters identify potential vulnerabilities in web applications. It takes a target URL, list of URL, raw...
VulnerableCode VulnerableCode is a free and open database of FOSS software package vulnerabilities and the tools to create and keep the data current. It is made by the FOSS community to improve and secure...
Mobile Security Framework Mobile Security Framework (MobSF) is an intelligent, all-in-one open-source mobile application (Android/iOS/Windows) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security...
Extract VMK of BitLocker volume with TPMAndPIN protector and knowing PIN Technic to extract VMK from the bitlocker volume that TPM protects are already documented in different publications. This GitHub repo gives a toolset...
EAPHammer EAPHammer is a toolkit for performing targeted evil twin attacks against WPA2-Enterprise networks. It is designed to be used in full scope wireless assessments and red team engagements. As such, the focus is...
Slack Watchman Slack Watchman is an application that uses the Slack API to look for potentially sensitive data exposed in your Slack workspaces. Features It searches for, and reports back on: Externally shared...
SharpExclusionFinder This C# program finds Windows Defender folder exclusions using Windows Defender through its command-line tool (MpCmdRun.exe). The program processes directories recursively, with configurable depth and thread usage, and outputs information about exclusions and scan progress....
Starkiller Starkiller is a Frontend for Powershell Empire. It is an Electron application written in VueJS. Multi-user GUI application for interfacing with the Empire C2 server from any computer. Starkiller represents a huge step forward...
Venator – Threat Detection Platform A flexible detection system that simplifies rule management and deployment with K8s CronJob and Helm. Venator is optimized for Kubernetes deployment but is flexible enough to run standalone or...
What is DalFox DalFox is a powerful open-source tool that focuses on automation, making it ideal for quickly scanning for XSS flaws and analyzing parameters. Its advanced testing engine and niche features are designed...
IllusiveFog IllusiveFog is an implant kit for Microsoft Windows-based networks for long-term stealthy access and recon. IllusiveFog is designed for highly covert & stealthy operations, because of this reason features are kept limited and...
interactsh Interactsh is an Open-Source Solution for Out of band Data Extraction, A tool designed to detect bugs that cause external interactions, For example – Blind SQLi, Blind CMDi, SSRF, etc. Features DNS/HTTP/SMTP Interaction...
scared scared is a library that aims to provide tools to achieve side-channel analysis. It provides pretty high-level APIs, and ready-to-use tools to quickly run classic CPA, DPA, … leakage, and reverse analysis. It...
FaceDancer FaceDancer is an exploitation tool aimed at creating hijackable, proxy-based DLLs. FaceDancer performs two main functions: Recon: Scans a given DLL to create the export definition file for proxying. Attack: Creates a malicious...
CloudShovel CloudShovel is a tool designed to search for sensitive information within public or private Amazon Machine Images (AMIs). It automates the process of launching instances from target AMIs, mounting their volumes, and scanning...
Network Flight Recorder NFR is a lightweight application which processes network traffic using the AlphaSOC Analytics Engine. NFR can monitor log files on disk (e.g. Microsoft DNS debug logs, Bro IDS logs) or run as a network...