The pentester's Swiss knife
Sekiryu This Ghidra Toolkit is a comprehensive suite of tools designed to streamline and automate various tasks associated with running Ghidra in Headless mode. This toolkit provides a wide range of scripts that can...
Detection Replay Framework DeRF (Detection Replay Framework) is an “Attacks As A Service” framework, allowing the emulation of offensive techniques and generation of repeatable detection samples from a UI – without the need for...
Bob the Smuggler “Bob the Smuggler” is a tool that leverages HTML Smuggling Attack and allows you to create HTML files with embedded 7z/zip archives. The tool would compress your binary (EXE/DLL) into 7z/zip...
Honeyscanner – A vulnerability analyzer for Honeypots Honeyscanner is a vulnerability analyzer for honeypots designed to automatically attack a given honeypot, in order to determine if the honeypot is vulnerable to specific types of...
Reaper Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate, vulnerable driver into a target system, which allows attackers to exploit...
ThievingFox ThievingFox is a collection of post-exploitation tools to gather credentials from various password managers and Windows utilities. Each module leverages a specific method of injecting into the target process and then hooks internal...
POSTDump Another tool to perform a minidump of the LSASS process using a few technics to avoid detection. POSTDump is the C# / .NET implementation of the ReactOS minidump function (like nanodump), thus avoiding...
Hardening Meter HardeningMeter is an open-source Python tool carefully designed to comprehensively assess the security hardening of binaries and systems. Its robust capabilities include thorough checks of various binary exploitation protection mechanisms, including Stack...
PipeViewer A GUI tool for viewing Windows Named Pipes and searching for insecure permissions. PipeViewer is a GUI tool that allows users to view details about Windows-named pipes and their permissions. It is designed...
RedCloud OS RedCloud OS is a Debian-based Cloud Adversary Simulation Operating System for Red Teams to assess the security of leading Cloud Service Providers (CSPs). It includes tools optimized for adversary simulation tasks within Amazon Web...
apk2url apk2url easily extracts URL and IP endpoints from an APK file to a .txt output. This is suitable for information gathering by the red team, penetration testers, and developers to quickly identify endpoints...
CAZT (Cloud AuthoriZation Trainer) CAZT (Cloud AuthoriZation Trainer) is a simulator of cloud-provider responsible REST APIs. It includes a lab manual for getting hands-on practice with how to attack authorization vulnerabilities in a cloud...
Patching – Interactive Binary Patching for IDA Pro Patching assembly code to change the behavior of an existing program is not uncommon in malware analysis, software reverse engineering, and broader domains of security research....
PEnetration TEsting Proxy PETEP (PEnetration TEsting Proxy) is an open-source Java application for creating proxies for traffic analysis & modification. The main goal of PETEP is to provide a useful tool for performing penetration tests...
C2 Tracker Free to use IOC feed for various tools/malware. It started for just C2 tools but has morphed into tracking infostealers and botnets as well. It uses Shodan searches to collect the IPs....
MELEE: A Tool to Detect Ransomware Infections in MySQL Instances Attackers are abusing MySQL instances for conducting nefarious operations on the Internet. The cybercriminals are targeting exposed MySQL instances and triggering infections at scale...