The pentester's Swiss knife
BucketLoot BucketLoot is an automated S3-compatible Bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning...
CloudPrivs CloudPrivs is a tool that leverages the existing power of SDKs like Boto3 to brute force privileges of all cloud services to determine what privileges exist for a given set of credentials. This...
EmploLeaks This is a tool designed for Open Source Intelligence (OSINT) purposes, which helps to gather information about employees of a company. 🚀 How it Works The tool starts by searching through LinkedIn to...
ebpfmon ebpfmon is a tool for monitoring eBPF programs. It is designed to be used with bpftool from the Linux kernel. ebpfmon is a TUI (terminal UI) application written in Go that allows you to do real-time...
airgorah Airgorah is a WiFi auditing software that can discover the clients connected to an access point, perform deauthentication attacks against specific clients or all the clients connected to it, capture WPA handshakes, and crack...
OFRAK OFRAK (Open Firmware Reverse Analysis Konsole) is a binary analysis and modification platform. OFRAK combines the ability to: Identify and Unpack many binary formats Analyze unpacked binaries with field-tested reverse engineering tools Modify and Repack binaries with powerful patching strategies...
EscalateGPT A powerful Python tool that leverages the power of OpenAI to analyze AWS IAM misconfigurations. Features 🛠️ EscalateGPT is a Python tool to identify IAM policy issues and enhance Tenable Cloud Security 💻 EscalateGPT retrieves...
sharem SHAREM is intended to be the ultimate Windows shellcode tool, with support to emulate over 12,000 WinAPIs, virtually all user-mode Windows syscalls, and SHAREM provides numerous new features. SHAREM was released on September...
Process Stomping A variation of ProcessOverwriting to execute shellcode on an executable’s section What is it Process Stomping, is a variation of hasherezade’s Process Overwriting and it has the advantage of writing a shellcode payload on...
PurpleOps PurpleOps is a free, open-source web app to track Purple Team assessments. Create assessments aligned with MITRE ATT&CK, leveraging data from sources like Atomic Red Team and SIGMA. Centralise blue and red team...
What is BinAbsInspector? BinAbsInspector (Binary Abstract Inspector) is a static analyzer for automated reverse engineering and scanning vulnerabilities in binaries, which is a long-term research project incubated at Keenlab. It is based on abstract interpretation...
Invoke-SessionHunter Retrieve and display information about active user sessions on remote computers. No admin privileges are required. The tool leverages the remote registry service to query the HKEY_USERS registry hive on the remote computers....
shortscan Shortscan is designed to quickly determine which files with short filenames exist on an IIS webserver. Once a short filename has been identified the tool will try to automatically identify the full filename....
Perform malware scan analysis of on-prem servers using AWS services Challenges with on-premises malware detection It can be difficult for security teams to continuously monitor all on-premises servers due to budget and resource constraints....
Amnesiac Amnesiac is a post-exploitation framework designed to assist with lateral movement within active directory environments. Amnesiac is being developed to bridge a gap on Windows OS, where post-exploitation frameworks are not readily available...
DIAL Workloads on the cloud provide equal opportunities for hackers as much as they do for internal teams. Cloud-native companies are open to attacks from both outside forces and from within. With the ever-growing...