The pentester's Swiss knife
EchoStrike EchoStrike is a tool designed to generate undetectable reverse shells and perform process injection on Windows systems. Through an interactive wizard written in Python, users can customize their binaries with advanced persistence and encryption techniques. The malware code is written...
OWASP SecurityRAT OWASP SecurityRAT (Requirement Automation Tool) is a tool supposed to assist with the problem of addressing security requirements during application development. The typical use case is: specify parameters of the software artifact you’re...
Cloudsplaining Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized HTML report. Cloudsplaining identifies violations of least privilege in AWS IAM policies and generates a...
GhostStrike GhostStrike is an advanced cybersecurity tool designed for Red Team operations, featuring sophisticated techniques to evade detection and perform process hollowing on Windows systems. Feature Dynamic API Resolution: Utilizes a custom hash-based method to dynamically...
RustScan The Modern Port Scanner. Find ports quickly (3 seconds at its fastest). Run scripts through our scripting engine (Python, Lua, Shell supported). ✨ Features Scans all 65k ports in 3 seconds. Full scripting engine support. Automatically...
Vector Vector is a high-performance, end-to-end (agent & aggregator) observability data pipeline that puts you in control of your observability data. Collect, transform, and route all your logs, metrics, and traces to any vendors you want today and...
Infiltrax Infiltrax is a post-exploitation reconnaissance tool for penetration testers and red teams, designed to capture screenshots, retrieve clipboard contents, log keystrokes, bypass UAC and install AnyDesk for persistent remote access. Feature Screenshot Capture:...
Ligolo-ng : Tunneling like a VPN An advanced, yet simple, tunneling tool that uses a TUN interface. Ligolo-ng is a simple, lightweight, and fast tool that allows pentesters to establish tunnels from a reverse TCP/TLS connection without the need of...
echidna Echidna is a weird creature that eats bugs and is highly electrosensitive (with apologies to Jacob Stanley) More seriously, Echidna is a Haskell program designed for fuzzing/property-based testing of Ethereum smart contracts. It...
COMThanasia With this tool, you will be able to detect: Incorrect access control to a COM object (LaunchPermission , AccessPermission) – LPE through abusable COM methods, DCOM Authentication relaying. That’s PermissionHunter. Incorrect registry rights to...
grapheneX In computing, hardening is usually the process of securing a system by reducing its surface of vulnerability, which is larger when a system performs more functions; in principle a single-function system is more...
Termineter Termineter is a Python framework that provides a platform for the security testing of smart meters. It implements the C1218 and C1219 protocols for communication over an optical interface. Currently supported are Meters...
BAADTokenBroker BAADTokenBroker is a post-exploitation tool designed to leverage device-stored keys (Device key, Transport key etc..) to authenticate to Microsoft Entra ID. Use Import BAADTokenBroker in your target machine. PS C:\ > import-module .\BAADTokenBroker.ps1...
lsassy Python library to remotely extract credentials. This library uses impacket projects to remotely read necessary bytes in lsass dump and pypykatz to extract credentials. Different lsass dumping methods are implemented in lsassy, and some option are provided to...
BLAKE3 BLAKE3 is a cryptographic hash function that is: Much faster than MD5, SHA-1, SHA-2, SHA-3, and BLAKE2. Secure, unlike MD5 and SHA-1. And secure against length extension, unlike SHA-2. Highly parallelizable across any number of...
Argus Argus is an all-in-one, Python-powered toolkit designed to streamline the process of information gathering and reconnaissance. With a user-friendly interface and a suite of powerful modules, Argus empowers you to explore networks, web...