The pentester's Swiss knife

sleep obfuscation technique

Shelter: ROP-based sleep obfuscation to evade memory scanners

Shelter Shelter is a completely weaponized sleep obfuscation technique that allows you to fully encrypt your in-memory payload making extensive use of ROP. This crate comes with the following characteristics: AES-128 encryption. Whole PE...

security assessments

secator: The pentester’s swiss knife

secator is a task and workflow runner used for security assessments. It supports dozens of well-known security tools and it is designed to improve productivity for pentesters and security researchers. Feature A curated list...

HTTP Parameter Discovery Suite

Arjun: HTTP parameter discovery suite

Arjun Arjun can find query parameters for URL endpoints. If you don’t get what that means, it’s okay, read along. Web applications use parameters (or queries) to accept user input, consider the following example...

Binary instrumentation framework

medusa: automates processes and techniques practised

medusa MEDUSA is an extensible and modularized framework that automates processes and techniques practiced during the dynamic analysis of Android and iOS Applications. Some of the framework’s features are the following: Tracing and instrumentation of API calls...

privilege escalation tool

RustPotato: privilege escalation tool

RustPotato is a Rust-based implementation of GodPotato, a privilege escalation tool that abuses DCOM and RPC to leverage SeImpersonatePrivilege and gain NT AUTHORITY\SYSTEM privileges on Windows systems. Key Features TCP-based Reverse Shell: RustPotato features a TCP-based reverse shell based on Rustic64Shell. It leverages Winsock APIs...