Caido Caido aims to help security professionals and enthusiasts audit web applications with efficiency and ease. Feature Sitemap The Sitemap feature allows you to visualize the structure of any website that is proxied through...
Reverse SSH Want to use SSH for reverse shells? Now you can. Manage and connect to reverse shells with native SSH syntax Dynamic, local and remote forwarding Native SCP and SFTP implementations for retrieving files from your targets...
Grimoire Grimoire is a “REPL for detection engineering” that allows you to generate datasets of cloud audit logs for common attack techniques. It currently supports AWS. How it works First, Grimoire detonates an attack....
Artemis A modular web reconnaissance tool and vulnerability scanner based on Karton. Features Artemis includes: subdomain scan using crt.sh, Shodan integration, brute-forcing of interesting paths (e.g. .env), brute-forcing of easy WordPress/MySQL/PostgreSQL/FTP passwords, email...
Polaris Securing workloads in Kubernetes is an important part of overall cluster security. The overall goal should be to ensure that containers are running with as minimal privileges as possible. This includes avoiding privilege...
MaLDAPtive MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation, and detection. Its foundation is a 100% custom-built C# LDAP parser that handles tokenization and syntax tree parsing along with numerous custom properties...
DFIR Toolkit CLI tools for forensic investigation of Windows artifacts Overview of timelining tools Install cargo install dfir-toolkit Tool cleanhive merges logfiles into a hive file xx evtx2bodyfile [pastacode lang=”markup” message=”” highlight=”” provider=”manual”...
JNDI-Injection-Exploit-Plus JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and providing background services by starting the RMI, LDAP, and HTTP servers. Using this tool allows you to get JNDI links, you can insert these...
Shwmae Shwmae (shuh-my) is a Windows Hello abuse tool that was released during DEF CON 32 as part of the Abusing Windows Hello Without a Severed Hand Talk. The purpose of the tool is...
WAF Bypass Tool WAF bypass Tool is an open-source tool to analyze the security of any WAF for False Positives and False Negatives using predefined and customizable payloads. Check your WAF before an attacker...