ASPJinjaObfuscator A heavily obfuscated Windows–based ASP web shell generation tool utilizing the power of Python’s Jinja2 templating engine. Generates a web shell with randomized variable/function names and HTML strings of random lengths, XOR encrypted strings with base64...
AzurEnum Enumerate some Entra ID (formerly Azure AD) stuff fast, including: General information such as number of users, groups, apps, Entra ID license, tenant ID … General security settings such as group creation, consent...
EyeSpy EyeSpy was developed by Miiden and utilizes PowerShell to help with penetration tests and research in a Windows environment. EyeSpy is designed to enumerate and gain access to IP cameras via RTSP. It...
GTPDOOR Scan A multithreaded network scanner to scan for hosts infected with the GTPDOOR malware. Technical writeup here. Three detection methods are supported: ACK scan (detects GTPDOOR v2) TCP connect scan (detects GTPDOOR v2) GTP-C...
jsluice++ jsluice++ is a Burp Suite extension designed for passive and active scanning of JavaScript traffic using the CLI tool jsluice. The extension utilizes jsluice’s capabilities to extract URLs, paths, and secrets from static JavaScript...
Windows 10/11 Hardening Script This script enhances the security of Windows operating systems by making various system modifications. It includes adjusting settings, policies, and features to reduce vulnerabilities and protect against various cyber threats....
CloudGrappler CloudGrappler is a purpose-built tool designed for effortless querying of high-fidelity and single-event detections related to well-known threat actors in popular cloud environments such as AWS and Azure. Key Features Threat Actor Querying...
eclipse Eclipse was designed as a part of Nebula Pro, the first AI-Powered Penetration Testing Application. Eclipse was designed to address the growing concerns surrounding sensitive data management. Unlike traditional methods, Eclipse is not limited...
SecretPixel – Advanced Image Steganography Tool SecretPixel is a cutting-edge steganography tool designed to securely conceal sensitive information within images. It stands out in the realm of digital steganography by combining advanced encryption, compression,...
LogSnare LogSnare is an intentionally vulnerable web application, where your goal is to go from a basic gopher user of the LogSnare company to the prestigious acme-admin of Acme Corporation. The application, while hosting multiple vulnerabilities,...
Surfactant A modular framework to gather file information for SBOM generation and dependency analysis. Surfactant can be used to gather information from a set of files to generate an SBOM, along with manipulating SBOMs...
GearGoat: Car Vulnerabilities Simulator A Python implementation inspired by ICSim. Currently supports running on a single interface “vcan0” and fixed arbitration IDs for the actions including, turn indicators, door lock unlock indicators, and speedometer....
