bkcrack Crack legacy zip encryption with Biham and Kocher’s known-plaintext attack. Overview A ZIP archive may contain many entries whose content can be compressed and/or encrypted. In particular, entries can be encrypted with a...
AzureGoat: A Damn Vulnerable Azure Infrastructure Compromising an organization’s cloud infrastructure is like sitting on a gold mine for attackers. And sometimes, a simple misconfiguration or a vulnerability in web applications, is all an...
SSTImap SSTImap is a penetration testing software that can check websites for Code Injection and Server-Side Template Injection vulnerabilities and exploit them, giving access to the operating system itself. This tool was developed to...
exifLooter ExifLooter finds geolocation on all image urls and directories and also integrates with OpenStreetMap. Installation go install github.com/aydinnyunus/exifLooter@latest Exif Looter depends on exiftool, so make sure it is on your PATH. Use Analyze Image...
BloodHound Attack Research Kit BARK stands for BloodHound Attack Research Kit. It is a PowerShell script built to assist the BloodHound Enterprise team with researching and continuously validating abuse primitives. BARK currently focuses on...
Compromising an organization’s cloud infrastructure is like sitting on a gold mine for attackers. And sometimes, a simple misconfiguration or a vulnerability in web applications, is all an attacker needs to compromise the entire...
The HexStrike AI repository has released HexStrike AI MCP Agents v6.0—a powerful framework for automating penetration tests. The system integrates more than 150 security tools and 12 autonomous AI agents operating through the FastMCP...
A security researcher named Wayne has unveiled a new tool for Windows 11 that circumvents the PatchGuard protection mechanism in the system’s latest release (24H2). The project, called Kurasagi, has already been published on...
monkey365 Monkey365 is an Open Source security tool that can be used to easily conduct not only Microsoft 365 but also Azure subscriptions and Azure Active Directory security configuration reviews without the significant overhead...
SQLiDetector Simple python script supported with BurpBouty profile that helps you to detect SQL injection “Error based” by sending multiple requests with 14 payloads and checking for 152 regex patterns for different databases. The...
The Hashcat development team has unveiled a major update to its renowned password-cracking tool—version 7.0.0. This marks the first major release in over two years, encompassing hundreds of bug fixes, dozens of new features,...
GooFuzz GooFuzz is a script written in Bash Scripting that uses advanced Google search techniques to obtain sensitive information in files or directories without making requests to the web server. GooFuzz performs fuzzing with an OSINT...
