xpid: Linux Process Discovery
xpid It’s nmap but for pids. xpid gives a user the ability to “investigate” for process details on a Linux system. For example, a sleeping thread will have a directory /proc/[pid] that can be navigated to,...
xpid It’s nmap but for pids. xpid gives a user the ability to “investigate” for process details on a Linux system. For example, a sleeping thread will have a directory /proc/[pid] that can be navigated to,...
MLOps Attack Toolkit – MLOKit is a toolkit that can be used to attack MLOps platforms by taking advantage of the available REST API. This tool allows the user to specify an attack module,...
Spyndicapped Spy of your users with Microsoft UIA! MS UIA (Microsoft User Interface Automation) is a special framework designed to automate the use of the Windows GUI. With its help you can read any text...
RPCMon A GUI tool for scanning RPC communication through Event Tracing for Windows (ETW). The tool was published as part of research on RPC communication between the host and a Windows container. Overview RPCMon...
Locksmith A tiny tool to identify and remediate common misconfigurations in Active Directory Certificate Services. Mode 0 (Default) – Identify Issues and Output to Console PS> .\Invoke-Locksmith.ps1 Running Invoke-Locksmith.ps1 with no parameters or -Mode 0 will...
Linux Evidence Acquisition Framework (LEAF) Linux Evidence Acquisition Framework (LEAF) acquires artifacts and evidence from Linux EXT4 systems, accepting user input to customize the functionality of the tool for easier scalability. Offering several modules...
Troll-A Troll-A is a command line tool for extracting secrets such as passwords, API keys, and tokens from WARC (Web ARChive) files. Troll-A is an easy-to-use, comprehensive, and fast solution for finding secrets in web archives. Features...
Zircolite is a standalone tool written in Python 3 that allows you to use SIGMA rules on: MS Windows EVTX (EVTX, XML, and JSONL formats) Auditd logs Sysmon for Linux EVTXtract CSV and XML logs...
WELA (Windows Event Log Analyzer) Yamato Security’s WELA(Windows Event Log Analyzer) aims to be the Swiss Army knife for Windows event logs. Currently, WELA’s greatest functionality is creating an easy-to-analyze logon timeline in order...
KoviD is a Loadable Kernel Module (LKM) designed for Linux Kernel version 5 and later. Key features include: Self-hiding from SysFS. Provides reverse shell backdoors. Conceals processes from the proc file system. Handles child...
Disconnected RSAT Disconnected RSAT is a launcher for the official Group Policy Manager, Certificate Authority and Certificate Templates snap-in to bypass the domain joined requirement that is needed when using the official MMC snap-in....
Scirius Scirius Community Edition is a web interface dedicated to Suricata ruleset management. It handles the rules file and update associated files. Scirius CE is developed by Stamus Networks and is available under the GNU GPLv3...
domainim Domainim is a Blazing fast domain reconnaissance tool for bounty hunters written in Nim. Features Virtual hostname enumeration Reverse DNS lookup Subdomains as input Verbose output TCP port scanning with full user control...
PeCoReT PeCoReT (Pentest Collaboration and Reporting Tool) is an open-source application to manage your pentest projects. PeCoReT allows pentesters to focus on testing instead of writing the report. It can be customized and once...
Carseat is a Python implementation of Seatbelt. This tool contains all (all minus one technically) modules in Seatbelt that support remote execution as an option. Just like Seatbelt you likely will need privileged access...
Live Forensicator Live Forensicator is part of the Black Widow Toolbox, its aim is to assist Forensic Investigators and Incidence responders in carrying out a quick live forensic investigation. It achieves this by gathering...