route-detect Find authentication (authn) and authorization (authz) security bugs in web application routes: Web application HTTP route authn and authz bugs are some of the most common security issues found today. These industry standard...
Firefly Firefly is an advanced black-box fuzzer and not just a standard asset discovery tool. Firefly provides the advantage of testing a target with a large number of built-in checks to detect behaviors in...
RedGuard – Excellent C2 Front Flow Control tool RedGuard is a derivative work of the C2 facility pre-flow control technology. It has a lighter design, efficient flow interaction, and reliable compatibility with go language...
tartufo tartufo searches through git repositories for secrets, digging deep into commit history and branches. This is effective at finding secrets accidentally committed. tartufo also can be used by git pre-commit scripts to screen changes for secrets...
Ghauri An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws Features Supports the following types of injection payloads: Boolean based. Error Based Time-Based Stacked Queries Support SQL...
sniffnet Sniffnet is a network monitoring tool to help you easily keep track of your Internet traffic. Sniffnet is a technical tool, but at the same time it strongly focuses on the overall user experience: most of...
NanoDump A flexible tool that creates a minidump of the LSASS process. Feature Process forking To avoid opening a handle to LSASS with PROCESS_VM_READ, you can use the –fork parameter. This will make nanodump create a...
FACTION PenTesting Report Generation and Collaboration Framework FACTION is your entire assessment workflow in a box. With FACTION you can: Automate pen testing and security assessment Reports Peer review and track changes for reports...
Graphpython Graphpython is a modular Python tool for cross-platform Microsoft Graph API enumeration and exploitation. It builds upon the capabilities of AADInternals (Killchain.ps1), GraphRunner, and TokenTactics(V2) to provide a comprehensive solution for interacting with...
No-Consolation This is a Beacon Object File (BOF) that executes unmanaged PEs inline and retrieves their output without allocating a console (i.e. spawning conhost.exe). Feature Supports 64 and 32 bits Supports EXEs and DLLs...