The pentester's Swiss knife

Damn Vulnerable SCA Application

SCAGoat : Damn Vulnerable SCA Application

SCAGoat SCAGoat is an application for Software Composition Analysis (SCA) that focuses on vulnerable and compromised JAR dependencies used in development code, providing users with hands-on learning opportunities to understand potential attack scenarios. It...

Threat Intelligence Security

msticpy: Microsoft Threat Intelligence Security Tools

MSTIC Jupyter and Python Security Tools Microsoft Threat Intelligence Python Security Tools. The msticpy package was initially developed to support Jupyter Notebooks authoring for Azure Sentinel. Many of the included tools can be used in other security scenarios for...

Kubernetes Goat

kubernetes goat: “Vulnerable by Design” Kubernetes Cluster

Kubernetes Goat The Kubernetes Goat designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security. 🏁 Scenarios Sensitive keys in codebases DIND (docker-in-docker) exploitation SSRF in the Kubernetes (K8S) world Container...

MORF – Mobile Reconnaissance Framework

MORF – Mobile Reconnaissance Framework Mobile Reconnaissance Framework is a powerful, lightweight and platform-independent offensive mobile security tool designed to help hackers and developers identify and address sensitive information within mobile applications. It is...

Indirect syscall

Ulfberht: Shellcode loader

Ulfberht Shellcode loader Features : Indirect syscall. Module stomping. Load a stomped module using APC. Execute the payload with a direct jump (jmp) without creating a new thread. API hashing implemented using the DJB2...