rayder Rayder is a command-line tool designed to simplify the orchestration and execution of workflows. It allows you to define a series of modules in a YAML file, each consisting of commands to be...
ParaForge ParaForge is a simple Burp Suite extension to extract the parameters and endpoints from the request to create a custom wordlist for fuzzing and enumeration. This is just a simple extension for easy...
Session Hijacking Visual Exploitation Session Hijacking Visual Exploitation is a tool that allows for the hijacking of user sessions by injecting malicious JavaScript code. Installation Prerequisites To run Session Hijacking Visual Exploitation, you will...
The Ars0n Framework The Ars0n Framework is designed to provide aspiring Application Security Engineers with all the tools they need to leverage Bug Bounty hunting as a means to learn valuable, real-world AppSec concepts...
CLZero A project for fuzzing HTTP/1.1 CL.0 Request Smuggling Attack Vectors. Inspired by the tool Smuggler all attack gadgets adapted from Smuggler and https://portswigger.net/research/how-to-turn-security-research-into-profit CL.0 Identification method The first request will be the “base” request. This is...
Web Application Firewall (WAF) Comparison Project This project repository contains testing datasets and tools to compare WAF efficacy in the two most important categories: Security Coverage (True Positive Rate) – measures the WAF’s ability...
WebCopilot WebCopilot is an automation tool designed to enumerate subdomains of the target and detect vulnerabilities using different open-source tools. The script first enumerates all the subdomains of the given target domain using assetfinder,...
BucketLoot BucketLoot is an automated S3-compatible Bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning...
EscalateGPT A powerful Python tool that leverages the power of OpenAI to analyze AWS IAM misconfigurations. Features 🛠️ EscalateGPT is a Python tool to identify IAM policy issues and enhance Tenable Cloud Security 💻 EscalateGPT retrieves...
APIDetector APIDetector is a powerful and efficient tool designed for testing exposed Swagger endpoints in various subdomains with unique smart capabilities to detect false positives. It’s particularly useful for security professionals and developers who...
RedCloud OS RedCloud OS is a Debian-based Cloud Adversary Simulation Operating System for Red Teams to assess the security of leading Cloud Service Providers (CSPs). It includes tools optimized for adversary simulation tasks within Amazon Web...
SmuggleFuzz SmuggleFuzz is designed to assist in identifying HTTP downgrade attack vectors. Its standout feature is not just the time-based detection or request handling, but the detailed response information it provides. This empowers users...
Logsensor A Powerful Sensor Tool to discover login panels, and POST Form SQLi Scanning Features login panel Scanning for multiple hosts Proxy compatibility (http, https) Login panel scanning is done in multiprocessing Installation git...
CHOMTE.SH CHOMTE.SH is a versatile framework designed for automating reconnaissance tasks in penetration testing. It’s useful for bug bounty hunters and penetration testers in both internal and external network engagements. Its key features include...
Pentest Mapper Pentest Mapper is a Burp Suite extension that integrates the Burp Suite request logging with a custom application testing checklist. The extension provides a straightforward flow for application penetration testing. The extension...
OSINT Toolkit OSINT Toolkit is a full-stack web application designed to assist security analysts in their work. It combines various functions and services into a single tool, making it easier for analysts to identify...
