CLZero A project for fuzzing HTTP/1.1 CL.0 Request Smuggling Attack Vectors. Inspired by the tool Smuggler all attack gadgets adapted from Smuggler and https://portswigger.net/research/how-to-turn-security-research-into-profit CL.0 Identification method The first request will be the “base” request. This is...
Web Application Firewall (WAF) Comparison Project This project repository contains testing datasets and tools to compare WAF efficacy in the two most important categories: Security Coverage (True Positive Rate) – measures the WAF’s ability...
WebCopilot WebCopilot is an automation tool designed to enumerate subdomains of the target and detect vulnerabilities using different open-source tools. The script first enumerates all the subdomains of the given target domain using assetfinder,...
BucketLoot BucketLoot is an automated S3-compatible Bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning...
EscalateGPT A powerful Python tool that leverages the power of OpenAI to analyze AWS IAM misconfigurations. Features 🛠️ EscalateGPT is a Python tool to identify IAM policy issues and enhance Tenable Cloud Security 💻 EscalateGPT retrieves...
APIDetector APIDetector is a powerful and efficient tool designed for testing exposed Swagger endpoints in various subdomains with unique smart capabilities to detect false positives. It’s particularly useful for security professionals and developers who...
RedCloud OS RedCloud OS is a Debian-based Cloud Adversary Simulation Operating System for Red Teams to assess the security of leading Cloud Service Providers (CSPs). It includes tools optimized for adversary simulation tasks within Amazon Web...
SmuggleFuzz SmuggleFuzz is designed to assist in identifying HTTP downgrade attack vectors. Its standout feature is not just the time-based detection or request handling, but the detailed response information it provides. This empowers users...
Logsensor A Powerful Sensor Tool to discover login panels, and POST Form SQLi Scanning Features login panel Scanning for multiple hosts Proxy compatibility (http, https) Login panel scanning is done in multiprocessing Installation git...
CHOMTE.SH CHOMTE.SH is a versatile framework designed for automating reconnaissance tasks in penetration testing. It’s useful for bug bounty hunters and penetration testers in both internal and external network engagements. Its key features include...
Pentest Mapper Pentest Mapper is a Burp Suite extension that integrates the Burp Suite request logging with a custom application testing checklist. The extension provides a straightforward flow for application penetration testing. The extension...
OSINT Toolkit OSINT Toolkit is a full-stack web application designed to assist security analysts in their work. It combines various functions and services into a single tool, making it easier for analysts to identify...
Damn Vulnerable RESTaurant An intentionally vulnerable API service designed for learning and training purposes dedicated to developers, ethical hackers, and security engineers. The idea of the project is to provide an environment that can...
MetaHub MetaHub is an open-source security tool for context-based security vulnerability management. It can automate the process of contextualizing and prioritizing security findings based on your environment and your needs, YOUR context. It focuses on...
APTRS APTRS (Automated Penetration Testing Reporting System) is an automated reporting tool in Python and Django. The tool allows Penetration testers to create a report directly without using the Traditional Docx file. It also...
Masker Logger Have you ever been coding late at night, desperately trying to fix a bug before a deadline? In that mad scramble, did you accidentally log some sensitive data like a password or...
