The pentester's Swiss knife

Memory Dump Tool

lemon: eBPF Memory Dump Tool

LEMON is a Linux and Android memory dump tool that utilizes eBPF to capture the entire physical memory of a system and save it in LiME format, compatible with forensic tools such as Volatility...

Linux Process Discovery

xpid: Linux Process Discovery

xpid It’s nmap but for pids. xpid gives a user the ability to “investigate” for process details on a Linux system. For example, a sleeping thread will have a directory /proc/[pid] that can be navigated to,...

attack MLOps platforms

MLOKit: MLOps Attack Toolkit

MLOps Attack Toolkit – MLOKit is a toolkit that can be used to attack MLOps platforms by taking advantage of the available REST API. This tool allows the user to specify an attack module,...

Linux Evidence Acquisition

LEAF: Linux Evidence Acquisition Framework

Linux Evidence Acquisition Framework (LEAF) Linux Evidence Acquisition Framework (LEAF) acquires artifacts and evidence from Linux EXT4 systems, accepting user input to customize the functionality of the tool for easier scalability. Offering several modules...

Windows Event Log Analyzer

WELA: Windows Event Log Analyzer

WELA (Windows Event Log Analyzer) Yamato Security’s WELA(Windows Event Log Analyzer) aims to be the Swiss Army knife for Windows event logs. Currently, WELA’s greatest functionality is creating an easy-to-analyze logon timeline in order...

Linux kernel rootkit

KoviD: Red-Team Linux kernel rootkit

KoviD is a Loadable Kernel Module (LKM) designed for Linux Kernel version 5 and later. Key features include: Self-hiding from SysFS. Provides reverse shell backdoors. Conceals processes from the proc file system. Handles child...