tartufo tartufo searches through git repositories for secrets, digging deep into commit history and branches. This is effective at finding secrets accidentally committed. tartufo also can be used by git pre-commit scripts to screen changes for secrets...
Ghauri An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws Features Supports the following types of injection payloads: Boolean based. Error Based Time-Based Stacked Queries Support SQL...
nacs: event-driven pentest scanner Detect if the target machine is alive Service scan (regular & non-regular ports) poc detection (xray & nuclei format) Weak password blasting for services such as databases Common Vulnerability Exploitation...
ROPDump ROPDump is a tool for analyzing binary executables to identify potential Return-Oriented Programming (ROP) gadgets, as well as detecting potential buffer overflow and memory leak vulnerabilities. Features Identifies potential ROP gadgets in binary...
WebCopilot WebCopilot is an automation tool designed to enumerate subdomains of the target and detect bugs using different open-source tools. The script first enumerates all the subdomains of the given target domain using assetfinder, sublister,...
The JSON Web Token Toolkit jwt_tool.py is a toolkit for validating, forging, scanning and tampering JWTs (JSON Web Tokens). Its functionality includes: Checking the validity of a token Testing for known exploits: (CVE-2015-2951) The alg=none signature-bypass vulnerability...
AegiScan Aegi(s)Scan(er) is a static dataflow analysis framework for iOS application binaries, which can be used to facilitate vulnerability scanning. Design AegiScan utilizes top-down type propagation to resolve Objective-C MsgSend calls, thereby reconstructing the call...
3klCon Project Automated Recon tool which works with Large and Medium scopes. It’s recommended to use it on VPS, it’ll discover secrets and search for vulnerabilities What’re the tasks it will do? Search for...
SQLiDetector Simple Python script supported with BurpBouty profile that helps you to detect SQL injection “Error based” by sending multiple requests with 14 payloads and checking for 152 regex patterns for different databases. The...
PinguCrew PinguCrew is a web-based fuzzer platform that allows security researchers to test their software for vulnerabilities in a scalable and efficient manner. The tool is inspired by the ClusterFuzz tool but aims to remove any...
Cloud Offensive Breach and Risk Assessment (COBRA) Tool Cloud Offensive Breach and Risk Assessment (COBRA) is an open-source tool designed to empower users to simulate attacks within multi-cloud environments, offering a comprehensive evaluation of...
APIDetector APIDetector is a powerful and efficient tool designed for testing exposed Swagger endpoints in various subdomains with unique smart capabilities to detect false-positives. It’s particularly useful for security professionals and developers who are...
Managed Kubernetes Auditing Toolkit (MKAT) MKAT is an all-in-one auditing toolkit for identifying common security issues within managed Kubernetes environments. It is focused on Amazon EKS at the moment, and will be extended to...
What is afrog afrog is a high-performance vulnerability scanner that is fast and stable. It supports user-defined PoC and comes with several built-in types, such as CVE, CNVD, default passwords, information disclosure, fingerprint identification,...
reconftw reconFTW automates the entire process of reconnaissance for you. It outperforms the work of subdomain enumeration along with various vulnerability checks and obtaining maximum information about your target. reconFTW uses a lot of techniques...
What is Pacu? Pacu is an open-source AWS exploitation framework, designed for offensive security testing against cloud environments. Created and maintained by Rhino Security Labs, Pacu allows penetration testers to exploit configuration flaws within...
