JSubFinder JSubFinder is a tool written in golang to search webpages & javascript for hidden subdomains and secrets in the given URL. Developed with BugBounty hunters in mind JSubFinder takes advantage of Go’s amazing...
crAPI At a high level, the crAPI application is modeled as a B2C application that allows any user to get their car servicing done by a car mechanic. A user can create an account...
cats REST API fuzzer and negative testing tool. Run thousands of self-healing API tests within minutes with no coding effort! Comprehensive: tests are generated automatically based on a large number of scenarios and cover...
xnLinkFinder This is a tool used to discover endpoints for a given target. It can find them by: crawling a target (pass a domain/URL) crawling multiple targets (pass a file of domains/URLs) searching files...
Octopii Octopii is an open-source AI-powered Personal Identifiable Information (PII) scanner that can look for image assets such as Government IDs, passports, photos, and signatures in a directory. Working Octopii uses Tesseract’s Optical Character...
Evilent Coerce A practical NTLM relay attack using the MS-EVEN RPC protocol and antivirus-assisted coercion. Evilent is a PoC tool that triggers the ElfrOpenBELW procedure in the MS-EVEN RPC interface (used for Windows Event...
Sandman Sandman is a backdoor that is meant to work on hardened networks during red team engagements. Sandman works as a stager and leverages NTP (a protocol to sync time & date) to get...
SharpSCCM SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr, formerly SCCM) for lateral movement without requiring access to the SCCM administration console GUI. SharpSCCM was initially created to...
Rekono combines other hacking tools and its results to execute complete pentesting processes against a target in an automated way. The findings obtained during the executions will be sent to the user via email...
Packj flags malicious/risky open-source packages Packj (pronounced package) is a command-line (CLI) tool to vet open-source software packages for “risky” attributes that make them vulnerable to supply chain attacks. This is the tool behind...
RESTler What is RESTler? RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services. For a given cloud service...
ropr ropr is a blazing fast multithreaded ROP Gadget finder What is an ROP Gadget? ROP (Return Oriented Programming) Gadgets are small snippets of a few assembly instructions typically ending in a ret instruction which...
