crAPI At a high level, the crAPI application is modeled as a B2C application that allows any user to get their car servicing done by a car mechanic. A user can create an account...
cats REST API fuzzer and negative testing tool. Run thousands of self-healing API tests within minutes with no coding effort! Comprehensive: tests are generated automatically based on a large number of scenarios and cover...
xnLinkFinder This is a tool used to discover endpoints for a given target. It can find them by: crawling a target (pass a domain/URL) crawling multiple targets (pass a file of domains/URLs) searching files...
Octopii Octopii is an open-source AI-powered Personal Identifiable Information (PII) scanner that can look for image assets such as Government IDs, passports, photos, and signatures in a directory. Working Octopii uses Tesseract’s Optical Character...
Evilent Coerce A practical NTLM relay attack using the MS-EVEN RPC protocol and antivirus-assisted coercion. Evilent is a PoC tool that triggers the ElfrOpenBELW procedure in the MS-EVEN RPC interface (used for Windows Event...
Sandman Sandman is a backdoor that is meant to work on hardened networks during red team engagements. Sandman works as a stager and leverages NTP (a protocol to sync time & date) to get...
SharpSCCM SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr, formerly SCCM) for lateral movement without requiring access to the SCCM administration console GUI. SharpSCCM was initially created to...
Rekono combines other hacking tools and its results to execute complete pentesting processes against a target in an automated way. The findings obtained during the executions will be sent to the user via email...
Packj flags malicious/risky open-source packages Packj (pronounced package) is a command-line (CLI) tool to vet open-source software packages for “risky” attributes that make them vulnerable to supply chain attacks. This is the tool behind...
RESTler What is RESTler? RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services. For a given cloud service...
ropr ropr is a blazing fast multithreaded ROP Gadget finder What is an ROP Gadget? ROP (Return Oriented Programming) Gadgets are small snippets of a few assembly instructions typically ending in a ret instruction which...
TerraformGoat TerraformGoat is HuoCorp research lab’s “Vulnerable by Design” multi-cloud deployment tool. Currently, supported cloud vendors include Alibaba Cloud, Tencent Cloud, Huawei Cloud, Amazon Web Services, Google Cloud Platform, and Microsoft Azure. Scenarios ID...
pretender pretender is a tool developed by RedTeam Pentesting to obtain machine-in-the-middle positions via spoofed local name resolution and DHCPv6 DNS takeover attacks. pretender primarily targets Windows hosts, as it is intended to be used...
Cervantes is an open-source, collaborative platform designed specifically for pentesters and red teams. It serves as a comprehensive management tool, streamlining the organization of projects, clients, vulnerabilities, and reports in a single, centralized location....
VulnLab A web vulnerability lab project developed by Yavuzlar. Vulnerabilities SQL Injection Cross-Site Scripting (XSS) Command Injection Insecure Direct Object References (IDOR) Cross-Site Request Forgery (CSRF) XML External Entity (XXE) Insecure Deserialization File Upload...
mx-takeover mx-takeover focuses on DNS MX records and detects misconfigured MX records. It currently supports three-technique. These are, MX domains that will expire soon Unregistered MX domains Domains that point to not currently in...
