WEF: WiFi Exploitation Framework
WEF – WiFi Exploitation Framework This project started over 2021 as a personal tool to easily audit networks without writing long commands or setting all values one by one, in order to automate the...
Author: ddos
WhacAMole: Live memory analysis tool
WhacAMole WhacAMole is a program that analyzes processes in memory in an integral way, detecting and alerting of anomalies related to the malware and presenting and saving in files all the relevant information for...
Exposor: A Contactless Reconnaissance Tool
Exposor Exposor is a contactless reconnaissance tool focused on technology detection across Censys, Fofa, Shodan, and Zoomeye. With a unified syntax for multi-platform querying, It gives security researchers and professionals a clear view of exposed systems, enabling quick...
tetragon: eBPF-based Security Observability and Runtime Enforcement
tetragon Cilium’s new Tetragon component enables powerful real-time, eBPF-based Security Observability and Runtime Enforcement. Tetragon detects and is able to respond in real-time to security-significant events, such as Process execution events Changes to privileges...
Apache Tomcat Scanner: scan for Apache Tomcat server vulnerabilities
Apache Tomcat Scanner A python script to scan for Apache Tomcat server vulnerabilities. Features Multithreaded workers to search for Apache tomcat servers. Multiple target sources accepted: Retrieving list of computers from a Windows domain...
agneyastra: A firebase Misconfiguration Detection Toolkit
agneyastra – A firebase Misconfiguration Detection Toolkit Firebase, a versatile platform by Google, powers countless web and mobile applications with its extensive suite of services including real-time databases, authentication, cloud storage, and hosting. Its...
Elkeid: Cloud-Native Host-Based Intrusion Detection solution
Elkeid Elkeid is a Cloud-Native Host-Based Intrusion Detection solution project to provide next-generation Threat Detection and Behavior Audition with modern architecture. Elkeid Agent Linux userspace agent, responsible for managing various plugins, and communication with...
kubeeye: audit tool for Kubernetes
kubeeye KubeEye is an audit tool for Kubernetes to discover Kubernetes resources (by OPA ), cluster components, cluster nodes (by Node-Problem-Detector), and other configurations that are meeting with best practices and giving suggestions for modification. KubeEye supports...
ShadowHound: Stealthy AD Enumeration with PowerShell
ShadowHound ShadowHound is a set of PowerShell scripts for Active Directory enumeration without the need for introducing known-malicious binaries like SharpHound. It leverages native PowerShell capabilities to minimize detection risks and offers two methods...
Exegol: Fully featured and community-driven hacking environment
The Exegol project Exegol is a community-driven hacking environment, powerful and yet simple enough to be used by anyone in day to day engagements. Script kiddies use Kali Linux, real pentesters use Exegol, megachads...
Group3r: Find vulnerabilities in AD Group Policy
Group3r Like its ancestors, Group3r is a tool for pentesters and red teamers to rapidly enumerate relevant settings in AD Group Policy and to identify exploitable misconfigurations in the same. It does this by...
Eclipse: Hijacking Activation Context for Arbitrary DLL Injection
Eclipse Eclipse is a PoC that performs Activation Context hijack to load and run an arbitrary DLL in any desired process. Initially, this technique was created as a more flexible alternative to DLL Sideloading + DLL...
hcltm: Threat Modeling with HCL
hcltm Threat Modeling with HCL Overview There are many different ways in which a threat model can be documented. From a simple text file to more in-depth word documents, to fully instrumented threat models...
Cloak: evade deep-packet-inspection based censorship
Cloak Cloak is a pluggable transport that works alongside traditional proxy tools like OpenVPN to evade deep-packet-inspection-based censorship. Cloak is not a standalone proxy program. Rather, it works by masquerading proxy tool’s traffic as normal...
NachoVPN: Popping SSL-VPNs with a Rogue Server
NachoVPN NachoVPN is a Proof of Concept that demonstrates exploitation of SSL-VPN clients, using a rogue VPN server. It uses a plugin-based architecture so that support for additional SSL-VPN products can be contributed by...
karton: Distributed malware processing framework
Karton Distributed malware processing framework based on Python, Redis, and MinIO. The idea Karton is a robust framework for creating flexible and lightweight malware analysis backends. It can be used to connect malware analysis systems into a...
