IOCTLance Presented at CODE BLUE 2023, this project titled Enhanced Vulnerability Hunting in WDM Drivers with Symbolic Execution and Taint Analysis introduces IOCTLance, a tool that enhances its capacity to detect various vulnerability types in Windows Driver...
Sucosh Scanny “Sucosh” is an automated Source Code vulnerability scanner(SAST) and assessment framework for Python(Flask-Django) & NodeJs capable of performing code review in Web Application Developing or Source Code Analysis processes. It can detect...
CLZero A project for fuzzing HTTP/1.1 CL.0 Request Smuggling Attack Vectors. Inspired by the tool Smuggler all attack gadgets adapted from Smuggler and https://portswigger.net/research/how-to-turn-security-research-into-profit CL.0 Identification method The first request will be the “base” request. This is...
AtlasReaper AtlasReaper is a command-line tool developed for offensive security purposes, primarily focused on a reconnaissance of Confluence and Jira. It also provides various features that can be helpful for tasks such as credential...
WebCopilot WebCopilot is an automation tool designed to enumerate subdomains of the target and detect vulnerabilities using different open-source tools. The script first enumerates all the subdomains of the given target domain using assetfinder,...
What is BinAbsInspector? BinAbsInspector (Binary Abstract Inspector) is a static analyzer for automated reverse engineering and scanning vulnerabilities in binaries, which is a long-term research project incubated at Keenlab. It is based on abstract interpretation...
shortscan Shortscan is designed to quickly determine which files with short filenames exist on an IIS webserver. Once a short filename has been identified the tool will try to automatically identify the full filename....
DIAL Workloads on the cloud provide equal opportunities for hackers as much as they do for internal teams. Cloud-native companies are open to attacks from both outside forces and from within. With the ever-growing...
Honeyscanner – A vulnerability analyzer for Honeypots Honeyscanner is a vulnerability analyzer for honeypots designed to automatically attack a given honeypot, in order to determine if the honeypot is vulnerable to specific types of...
PipeViewer A GUI tool for viewing Windows Named Pipes and searching for insecure permissions. PipeViewer is a GUI tool that allows users to view details about Windows-named pipes and their permissions. It is designed...
RedCloud OS RedCloud OS is a Debian-based Cloud Adversary Simulation Operating System for Red Teams to assess the security of leading Cloud Service Providers (CSPs). It includes tools optimized for adversary simulation tasks within Amazon Web...
apk2url apk2url easily extracts URL and IP endpoints from an APK file to a .txt output. This is suitable for information gathering by the red team, penetration testers, and developers to quickly identify endpoints...
PEnetration TEsting Proxy PETEP (PEnetration TEsting Proxy) is an open-source Java application for creating proxies for traffic analysis & modification. The main goal of PETEP is to provide a useful tool for performing penetration tests...
What is Minder? Minder by Stacklok is an open-source platform that helps development teams and open-source communities build more secure software, and prove to others that what they’ve built is secure. Minder helps project owners...
SmuggleFuzz SmuggleFuzz is designed to assist in identifying HTTP downgrade attack vectors. Its standout feature is not just the time-based detection or request handling, but the detailed response information it provides. This empowers users...
Logsensor A Powerful Sensor Tool to discover login panels, and POST Form SQLi Scanning Features login panel Scanning for multiple hosts Proxy compatibility (http, https) Login panel scanning is done in multiprocessing Installation git...
