What is Impacket? Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC)...
Forbidden Bypass 4xx HTTP response status codes. Script uses multithreading, and is based on brute-forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code...
Silver SAML Forger Silver SAML Forger is C# tool that helps you create custom SAML responses. It can be used to implement the Silver SAML attack. Defend against Silver SAML To safeguard effectively against...
S3Scanner A tool to find open S3 buckets in AWS or other cloud providers: AWS DigitalOcean DreamHost GCP Linode Custom The tool takes in a list of bucket names to check. Found S3 buckets...
Knock Knock is a Python tool designed to enumerate subdomains on a target domain through a wordlist. It is designed to scan for DNS zone transfer and to try to bypass the wildcard DNS...
pwnobd Offensive cybersecurity toolkit for vulnerability analysis and penetration testing of OBD-II devices. Adding new functionality Most functionality is dynamically registered onto pwnobd through the use of decorators. Attacks Located in src/pwnobd/modules/attacks/. See...
cemu Writing assembly is fun. Assembly is the lowest language (humanly understandable) available to communicate with computers, and is crucial to understand the internal mechanisms of any machine. Unfortunately, setting up an environment to...
What is BinCAT? A static Binary Code Analysis Toolkit, designed to help reverse engineers, directly from IDA. It features: value analysis (registers and memory) taint analysis type reconstruction and propagation backward and forward analysis In action...
What is Traceeshark? Traceeshark brings the world of Linux runtime security monitoring and advanced system tracing to the familiar and ubiquitous network analysis tool Wireshark. Using Traceeshark, you can load Tracee captures in JSON format into...
Brakeman Brakeman is an open-source static analysis tool that checks Ruby on Rails applications for security vulnerabilities. It can detect: Possibly unescaped model attributes or parameters in views (Cross-Site Scripting) Bad string interpolation in...
AIL framework AIL framework – Framework for Analysis of Information Leaks AIL is a modular framework to analyse potential information leaks from unstructured data sources like pastes from Pastebin or similar services or unstructured...
Blackdagger Blackdagger represents a significant advancement in automation technology, offering a comprehensive solution for orchestrating complex workflows in DevOps, DevSecOps, MLOps, MLSecOps, and Continuous Automated Red Teaming (CART) environments. At its core, Blackdagger simplifies...
Clair Clair is an open-source project for the static analysis of vulnerabilities in application containers (currently including appc and docker). In regular intervals, Clair ingests vulnerability metadata from a configured set of sources and stores it in the...
HookCase HookCase is a tool for debugging and reverse engineering applications on macOS (aka OS X), and the operating system itself. It re-implements and extends Apple’s DYLD_INSERT_LIBRARIES functionality. It can be used to hook any method...
MACOBOX The all-in-one hacking toolbox for hardware penetration testing. MACOBOX is designed to simplify and enhance hardware penetration testing by providing a comprehensive toolset for analyzing and extracting firmware from various hardware interfaces. With...
OneGadget When playing ctf pwn challenges we usually need the one-gadget RCE (remote code execution), which leads to call execve(‘/bin/sh’, NULL, NULL). This gem provides such gadgets finder, no need to use objdump or IDA-pro...
