MyJWT A cli for cracking, and testing vulnerabilities on Json Web Token(JWT). This cli is for pentesters, CTF players, or devs. You can modify your jwt, sign, inject, etc… Features copy new jwt to...
Go Test WAF GoTestWAF is a tool for API and OWASP attack simulation, that supports a wide range of API protocols including REST, GraphQL, gRPC, WebSockets, SOAP, XMLRPC, and others. It was designed to...
Ping Castle The risk level regarding Active Directory security has changed. Several vulnerabilities have been made popular with tools like mimikatz or sites likes adsecurity.org. Ping Castle is a tool designed to assess quickly...
Sysdig Inspect Sysdig Inspect is a powerful opensource interface for container troubleshooting and security investigation Inspect’s user interface is designed to intuitively navigate the data-dense sysdig captures that contain granular system, network, and application activity...
Nuclei Nuclei is a fast vulnerability scanner designed to probe modern applications, infrastructure, cloud platforms, and networks, aiding in the identification and mitigation of exploitable vulnerabilities. At its core, Nuclei uses templates—expressed as straightforward...
legitify Detect and remediate misconfigurations, security, and compliance issues across all your GitHub assets with ease. Scorecard Support scorecard is an OSSF’s open-source project: Scorecards is an automated tool that assesses a number of...
ModelScan: Protection Against Model Serialization Attacks Machine Learning (ML) models are shared publicly over the internet, within teams, and across teams. The rise of Foundation Models have resulted in public ML models being increasingly...
route-detect Find authentication (authn) and authorization (authz) security bugs in web application routes: Web application HTTP route authn and authz bugs are some of the most common security issues found today. These industry standard...
Firefly Firefly is an advanced black-box fuzzer and not just a standard asset discovery tool. Firefly provides the advantage of testing a target with a large number of built-in checks to detect behaviors in...
tartufo tartufo searches through git repositories for secrets, digging deep into commit history and branches. This is effective at finding secrets accidentally committed. tartufo also can be used by git pre-commit scripts to screen changes for secrets...
Ghauri An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws Features Supports the following types of injection payloads: Boolean based. Error Based Time-Based Stacked Queries Support SQL...
nacs: event-driven pentest scanner Detect if the target machine is alive Service scan (regular & non-regular ports) poc detection (xray & nuclei format) Weak password blasting for services such as databases Common Vulnerability Exploitation...
ROPDump ROPDump is a tool for analyzing binary executables to identify potential Return-Oriented Programming (ROP) gadgets, as well as detecting potential buffer overflow and memory leak vulnerabilities. Features Identifies potential ROP gadgets in binary...
WebCopilot WebCopilot is an automation tool designed to enumerate subdomains of the target and detect bugs using different open-source tools. The script first enumerates all the subdomains of the given target domain using assetfinder, sublister,...
The JSON Web Token Toolkit jwt_tool.py is a toolkit for validating, forging, scanning and tampering JWTs (JSON Web Tokens). Its functionality includes: Checking the validity of a token Testing for known exploits: (CVE-2015-2951) The alg=none signature-bypass vulnerability...
AegiScan Aegi(s)Scan(er) is a static dataflow analysis framework for iOS application binaries, which can be used to facilitate vulnerability scanning. Design AegiScan utilizes top-down type propagation to resolve Objective-C MsgSend calls, thereby reconstructing the call...
Ethical Hacking / Network Attacks
Kraken: All-in-One Toolkit for BruteForce Attacks
October 10, 2024
