The pentester's Swiss knife
Power Pwn An offensive security toolset for Microsoft 365 focused on Microsoft Copilot, Copilot Studio and Power Platform. Modules: Copilot Connector and Automator Allow interaction with Copilot for Microsoft 365 through the WebSocket messages...
waymore The idea behind waymore is to find even more links from the Wayback Machine than other existing tools. 👉 The biggest difference between waymore and other tools is that it can also download the archived responses for URLs on...
Hubble Hubble is a fully distributed networking and security observability platform for cloud-native workloads. It is built on top of Cilium and eBPF to enable deep visibility into the communication and behavior of services as well as...
Bearer Bearer is a static application security testing (SAST) tool that scans your source code and analyzes your data flows to discover, filter and prioritize security risks and vulnerabilities leading to sensitive data exposures (PII, PHI, PD). We...
PyCript The Pycript extension for Burp Suite is a valuable tool for penetration testing and security professionals. It enables easy encryption and decryption of requests during testing, which can help evade detection and bypass...
Mageni Mageni is an open source vulnerability management platform. Mageni provides a faster, enjoyable, and leaner vulnerability management experience for modern cybersecurity programs. Real-life problems that Mageni solves for you Assets Discovery Services Discovery...
Nosey Parker: Find secrets in textual data Nosey Parker is a command-line tool that finds secrets and sensitive information in textual data. It is useful both for offensive and defensive security testing. Key features:...
Caido Caido aims to help security professionals and enthusiasts audit web applications with efficiency and ease. Feature Sitemap The Sitemap feature allows you to visualize the structure of any website that is proxied through...
Reverse SSH Want to use SSH for reverse shells? Now you can. Manage and connect to reverse shells with native SSH syntax Dynamic, local and remote forwarding Native SCP and SFTP implementations for retrieving files from your targets...
Grimoire Grimoire is a “REPL for detection engineering” that allows you to generate datasets of cloud audit logs for common attack techniques. It currently supports AWS. How it works First, Grimoire detonates an attack....
Artemis A modular web reconnaissance tool and vulnerability scanner based on Karton. Features Artemis includes: subdomain scan using crt.sh, Shodan integration, brute-forcing of interesting paths (e.g. .env), brute-forcing of easy WordPress/MySQL/PostgreSQL/FTP passwords, email...
Polaris Securing workloads in Kubernetes is an important part of overall cluster security. The overall goal should be to ensure that containers are running with as minimal privileges as possible. This includes avoiding privilege...
MaLDAPtive MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation, and detection. Its foundation is a 100% custom-built C# LDAP parser that handles tokenization and syntax tree parsing along with numerous custom properties...
DFIR Toolkit CLI tools for forensic investigation of Windows artifacts Overview of timelining tools Install cargo install dfir-toolkit Tool cleanhive merges logfiles into a hive file xx evtx2bodyfile Example evtxanalyze Analyze evtx...
JNDI-Injection-Exploit-Plus JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and providing background services by starting the RMI, LDAP, and HTTP servers. Using this tool allows you to get JNDI links, you can insert these...
In the digital age, the importance of data protection cannot be overstated. Whether you’re a casual user or managing a small business, safeguarding your system and files from unforeseen data loss is essential. This...