The Firmware Analysis and Comparison Tool (FACT) Firmware analysis is a tough challenge with a lot of tasks. Many of these tasks can be automated (either with new approaches or incorporation of existing tools)...
Slhasher – Bulk VirusTotal Hash Lookups Slhasher is a collaborative tool designed to perform bulk SHA256 hash lookups through a graphical user interface. It integrates with VirusTotal to fetch hash metadata and supports exporting...
gosec – Golang Security Checker Inspects source code for security problems by scanning the Go AST. Usage Gosec can be configured to only run a subset of rules, exclude certain file paths, and...
FireEye Labs Obfuscated String Solver The FLARE Obfuscated String Solver (FLOSS, formerly FireEye Labs Obfuscated String Solver) uses advanced static analysis techniques to automatically extract and deobfuscate all strings from malware binaries. You can...
GBounty GBounty is a multi-step website vulnerability scanner developed in Golang designed to help companies, pentesters, and bug hunters identify potential vulnerabilities in web applications. It takes a target URL, list of URL, raw...
VulnerableCode VulnerableCode is a free and open database of FOSS software package vulnerabilities and the tools to create and keep the data current. It is made by the FOSS community to improve and secure...
Mobile Security Framework Mobile Security Framework (MobSF) is an intelligent, all-in-one open-source mobile application (Android/iOS/Windows) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security...
Extract VMK of BitLocker volume with TPMAndPIN protector and knowing PIN Technic to extract VMK from the bitlocker volume that TPM protects are already documented in different publications. This GitHub repo gives a toolset...
EAPHammer EAPHammer is a toolkit for performing targeted evil twin attacks against WPA2-Enterprise networks. It is designed to be used in full scope wireless assessments and red team engagements. As such, the focus is...
Slack Watchman Slack Watchman is an application that uses the Slack API to look for potentially sensitive data exposed in your Slack workspaces. Features It searches for, and reports back on: Externally shared...
SharpExclusionFinder This C# program finds Windows Defender folder exclusions using Windows Defender through its command-line tool (MpCmdRun.exe). The program processes directories recursively, with configurable depth and thread usage, and outputs information about exclusions and scan progress....
Starkiller Starkiller is a Frontend for Powershell Empire. It is an Electron application written in VueJS. Multi-user GUI application for interfacing with the Empire C2 server from any computer. Starkiller represents a huge step forward...
Venator – Threat Detection Platform A flexible detection system that simplifies rule management and deployment with K8s CronJob and Helm. Venator is optimized for Kubernetes deployment but is flexible enough to run standalone or...
What is DalFox DalFox is a powerful open-source tool that focuses on automation, making it ideal for quickly scanning for XSS flaws and analyzing parameters. Its advanced testing engine and niche features are designed...
IllusiveFog IllusiveFog is an implant kit for Microsoft Windows-based networks for long-term stealthy access and recon. IllusiveFog is designed for highly covert & stealthy operations, because of this reason features are kept limited and...
interactsh Interactsh is an Open-Source Solution for Out of band Data Extraction, A tool designed to detect bugs that cause external interactions, For example – Blind SQLi, Blind CMDi, SSRF, etc. Features DNS/HTTP/SMTP Interaction...
Ethical Hacking / Vulnerability Assessment
S3Scanner: Scan for open S3 buckets and dump
December 11, 2024