The pentester's Swiss knife
Flow Analyzer Flow Analyzer is designed for helping in low-level understanding and testing of OAuth 2.0 Grants/Flows. OpenID Connect (OIDC) OAuth 2.0 was designed for authorization. OpenID Connect (OIDC) extends the OAuth 2.0 functionality...
PHPStan – PHP Static Analysis Tool PHPStan focuses on finding errors in your code without actually running it. It catches whole classes of bugs even before you write tests for the code. It moves...
What is CTFd? CTFd is a Capture The Flag framework focusing on ease of use and customizability. It comes with everything you need to run a CTF and it’s easy to customize with plugins...
dnSpy dnSpy is a tool to reverse engineer .NET assemblies. It includes a decompiler, a debugger, and an assembly editor (and more) and can be easily extended by writing your extension. It uses dnlib to...
Janusec Application Gateway Janusec Application Gateway is an application security solution that provides WAF (Web Application Firewall), CC attack defense, a unified web administration portal, private key protection, web routing, and scalable load balancing....
CyberChef The Cyber Swiss Army Knife CyberChef is a simple, intuitive web app for carrying out all manner of “cyber” operations within a web browser. These operations include simple encoding like XOR or Base64,...
Aleph Aleph is a tool for indexing large amounts of both documents (PDF, Word, HTML) and structured (CSV, XLS, SQL) data for easy browsing and search. It is built with investigative reporting as a primary...
What is CommandoVM? Complete Mandiant Offensive VM (“CommandoVM”) is a comprehensive, customizable, Windows-based security distribution for penetration testing and red teaming. CommandoVM comes packaged with various offensive tools not included in Kali Linux, highlighting the...
Odinova Digital Tiger: Overview Odinova Digital Tiger is an advanced application designed for Open-Source Intelligence (OSINT), equipped with versatile tools and a user-friendly interface to streamline investigative workflows and enhance data analysis capabilities. Documenter:...
CrowdSec The CrowdSec Security Engine is an open-source, lightweight software that detects and blocks malicious actors from accessing your systems at various levels, using log analysis and threat patterns called scenarios. CrowdSec is a modular framework,...
Ominis-OSINT: Web Hunter It performs online information gathering by querying Google for search results related to a user-inputted query. The tool extracts relevant information such as titles, URLs, and potential mentions of the query...
What is ciscoconfparse? Short answer: ciscoconfparse is a Python library that helps you quickly answer questions like these about your configurations: What interfaces are shutdown? Which interfaces are in trunk mode? What address and subnet mask...
DefectDojo DefectDojo is a DevSecOps platform. DefectDojo streamlines DevSecOps by serving as an aggregator and single pane of glass for your security tools. DefectDojo has smart features to enhance and tune the results from...
SQLRecon Description A C# MS-SQL toolkit designed for offensive reconnaissance and post-exploitation. Mandatory Arguments The mandatory arguments consist of an authentication type (either Windows, Local or Azure), connection parameters and a module. -a – Authentication...
Dependency-Track Modern applications leverage the availability of existing components for use as building blocks in application development. By using existing components, organizations can dramatically decrease time-to-market. Reusing existing components, however, comes at a cost....
FinalRecon FinalRecon is a fast and simple Python script for web reconnaissance. It follows a modular structure so in the future new modules can be added with ease. Features Header Information Whois SSL Certificate...