TokenFlare Serverless AITM Phishing Simulation Framework for Entra ID / M365 Features Lean: Core logic (in src/worker.js only ~530 lines of JavaScript). Modular: Supports a number of OAuth flows, with Intune Conditional Access bypass support out of the...
BOF RunPE is a Beacon Object File for Cobalt Strike that executes PE files entirely in-memory within the beacon process. Unlike traditional fork&run, no child process is spawned, no console is created, and no pipe...
PyGraphistry: Leverage the power of graphs & GPUs to visualize, analyze, and scale your data PyGraphistry is an open source Python library for data scientists and developers to leverage the power of graph visualization,...
KnoxSpy KnoxSpy is developed by Appknox, a leading mobile security company dedicated to making mobile applications more secure through innovative security testing tools and platforms. Traditional proxy tools like Burp Suite fail when dealing with: Mobile Device...
KANVAS is an IR (incident response) case management tool with an intuitive desktop interface, built using Python. It provides a unified workspace for investigators working with SOD (Spreadsheet of Doom) or similar spreadsheets, enabling key...
AnonyMask: Automated Masking and Unmasking of Explicit and Implicit Privacy Data AnonyMask is a privacy-preserving tool designed to automatically detect, mask, and unmask privacy data across various file formats. It allows enterprises to leverage the power of...
Mantra The tool in question was created in Go and its main objective is to search for API keys in JavaScript files and HTML pages. It works by checking the source code of web...
DepConfuse is a command-line tool that proactively detects dependency confusion vulnerabilities. It scans SBOMs or PURLs to identify internal package names that could be subject to public package takeover, providing actionable insights to secure your...
Bug Bounty Reconnaissance Framework The Bug Bounty Reconnaissance Framework (BBRF) can be used to coordinate your reconnaissance workflows across multiple devices. For more background, read the original blog post. If you are new to BBRF,...
Nidhogg Nidhogg is a multi-functional rootkit for red teams. The goal of Nidhogg is to provide an all-in-one and easy-to-use rootkit with multiple helpful functionalities for red team engagements that can be integrated with...
jsleak It is an easy-to-use command-line tool designed to uncover secrets and links in JavaScript files or source code. The jsleak was inspired by Linkfinder and regexes are collected from multiple sources. Features: Discover secrets...
MAAD Attack Framework MAAD-AF is an open-source cloud attack tool developed for testing the security of Microsoft 365 & Azure AD environments through adversary emulation. MAAD-AF provides security practitioners with easy-to-use attack modules to...
