With the rise of AI infrastructures, the rise of attacks on such vulnerable infrastructure is inevitable. Insecure AI infrastructure can expose organizations to significant risks, including data breaches and manipulation of AI-driven decisions. Often,...
dummy Generator of static files for testing file upload functionality. When generating a png, as in the following screenshot, you can generate a png of a specified size. Motivation I often test the file...
Locksmith A tiny tool to identify and remediate common misconfigurations in Active Directory Certificate Services. Mode 0 (Default) – Identify Issues and Output to Console PS> .\Invoke-Locksmith.ps1 Running Invoke-Locksmith.ps1 with no parameters or -Mode 0 will...
Troll-A Troll-A is a command line tool for extracting secrets such as passwords, API keys, and tokens from WARC (Web ARChive) files. Troll-A is an easy-to-use, comprehensive, and fast solution for finding secrets in web archives. Features...
domainim Domainim is a Blazing fast domain reconnaissance tool for bounty hunters written in Nim. Features Virtual hostname enumeration Reverse DNS lookup Subdomains as input Verbose output TCP port scanning with full user control...
EntraFalcon is a PowerShell-based assessment tool for pentesters, security analysts, and system administrators to evaluate the security posture of a Microsoft Entra ID environment. Designed for ease of use, EntraFalcon runs on PowerShell 5.1...
Caracal Caracal is a static analyzer tool over the SIERRA representation for Starknet smart contracts. Features Detectors to detect vulnerable Cairo code Printers to report information Taint analysis Data flow analysis framework Easy to...
QuadraInspect The security of mobile devices has become a critical concern due to the increasing amount of sensitive data being stored on them. With the rise of Android OS as the most popular mobile...
ADMiner ADMiner is an Active Directory audit tool that leverages cypher queries to crunch data from the BloodHound graph database (neo4j) and gives you a global overview of existing weaknesses through a web-based static report, including...
WPProbe is a fast and efficient WordPress plugin scanner that leverages REST API enumeration (?rest_route) to detect installed plugins without brute-force. Unlike traditional scanners that hammer websites with requests, WPProbe takes a smarter approach by querying the exposed REST API....
Nebula Nebula is an AI-powered assistant specifically designed for the field of ethical hacking. It provides a unique capability for users to input commands using natural language processing, facilitating a seamless transition from intent...
OWASP OFFAT OWASP OFFAT (OFFensive Api Tester) is created to automatically test API for common vulnerabilities after generating tests from the openapi specification file. It provides the feature to automatically fuzz inputs and use...
APKDeepLens APKDeepLens is a Python-based tool designed to scan Android applications (APK files) for security vulnerabilities. It specifically targets the OWASP Top 10 mobile vulnerabilities, providing an easy and efficient way for developers, penetration...
SQLMap Command Generator is a web-based application designed to assist penetration testers and security enthusiasts in generating SQLMap commands with various options for testing SQL injection vulnerabilities. It provides an easy-to-use interface where users...
pphack is a CLI tool for scanning websites for client-side prototype pollution vulnerabilities. Feature Fast (concurrent workers) Default payload covers a lot of cases Payload and Javascript customization Proxy-friendly Support output in a file...
Cloud Privilege Escalation Awesome Script Suite The current goal of Cloud PEASS is simple: Once you manage to get some credentials to access Azure, GCP or AWS, use different techniques to get the permissions the principal has and highlight...
