SiCat – The useful exploit finder SiCat is an advanced exploit search tool designed to identify and gather information about exploits from both open sources and local repositories effectively. With a focus on cybersecurity,...
Fuzztruction Fuzztruction is an academic prototype of a fuzzer that does not directly mutate inputs (as most fuzzers do) but instead uses a so-called generator application to produce an input for our fuzzing target....
KRBJack This tool can be used to abuse the dangerous ZONE_UPDATE_UNSECURE flag on DNS main domain zone in an Active Directory. This flag when set allows anyone unauthenticated to update, add and remove DNS records anonymously....
rayder Rayder is a command-line tool designed to simplify the orchestration and execution of workflows. It allows you to define a series of modules in a YAML file, each consisting of commands to be...
Frelatage Frelatage is a coverage-based Python fuzzing library which can be used to fuzz python code. The development of Frelatage was inspired by various other fuzzers, including AFL/AFL++, Atheris, and PythonFuzz. The main purpose of the project is...
Indetectables Toolkit This tool compilation is carefully crafted to be useful both for beginners and veterans of the malware analysis world. It has also proven useful for people trying their luck at the cracking...
FirmWire FirmWire is a full-system baseband firmware analysis platform that supports Samsung and MediaTek. It enables fuzzing, root-cause analysis, and debugging of baseband firmware images. FirmWire is the result of a multi-year, cross-university research...
Argus This repo contains the code for our USENIX Security ’23 paper “ARGUS: A Framework for Staged Static Taint Analysis of GitHub Workflows and Actions”. Argus is a comprehensive security analysis tool specifically designed...
ParaForge ParaForge is a simple Burp Suite extension to extract the parameters and endpoints from the request to create a custom wordlist for fuzzing and enumeration. This is just a simple extension for easy...
Flopz – Firmware Liberation on Python Flopz is an assembler toolkit written in pure python. Use it to: Create shellcode for embedded systems Dynamically patch large collections of binaries Instrument firmware images, for debugging...
FullBypass A tool that bypasses AMSI (AntiMalware Scan Interface) and PowerShell CLM (Constrained Language Mode) and gives you a FullLanguage PowerShell reverse shell. Usage: First, Download the bypass.csproj file into the victim machine (Find...
CloudRecon CloudRecon is a suite of tools for red teamers and bug hunters to find ephemeral and development assets in their campaigns and hunts. Often, target organizations stand up cloud infrastructure that is not...
