The pentester's Swiss knife

firebase Misconfiguration Detection

agneyastra: A firebase Misconfiguration Detection Toolkit

agneyastra – A firebase Misconfiguration Detection Toolkit Firebase, a versatile platform by Google, powers countless web and mobile applications with its extensive suite of services including real-time databases, authentication, cloud storage, and hosting. Its...

Cloud-Native Host-Based Intrusion Detection

Elkeid: Cloud-Native Host-Based Intrusion Detection solution

Elkeid Elkeid is a Cloud-Native Host-Based Intrusion Detection solution project to provide next-generation Threat Detection and Behavior Audition with modern architecture. Elkeid Agent Linux userspace agent, responsible for managing various plugins, and communication with...

Kubernetes audit tool

kubeeye: audit tool for Kubernetes

kubeeye KubeEye is an audit tool for Kubernetes to discover Kubernetes resources (by OPA ), cluster components, cluster nodes (by Node-Problem-Detector), and other configurations that are meeting with best practices and giving suggestions for modification. KubeEye supports...

AD Enumeration

ShadowHound: Stealthy AD Enumeration with PowerShell

ShadowHound ShadowHound is a set of PowerShell scripts for Active Directory enumeration without the need for introducing known-malicious binaries like SharpHound. It leverages native PowerShell capabilities to minimize detection risks and offers two methods...

Threat Modeling

hcltm: Threat Modeling with HCL

hcltm Threat Modeling with HCL Overview There are many different ways in which a threat model can be documented. From a simple text file to more in-depth word documents, to fully instrumented threat models...

evade deep-packet-inspection

Cloak: evade deep-packet-inspection based censorship

Cloak Cloak is a pluggable transport that works alongside traditional proxy tools like OpenVPN to evade deep-packet-inspection-based censorship. Cloak is not a standalone proxy program. Rather, it works by masquerading proxy tool’s traffic as normal...

SSL-VPN exploitation

NachoVPN: Popping SSL-VPNs with a Rogue Server

NachoVPN NachoVPN is a Proof of Concept that demonstrates exploitation of SSL-VPN clients, using a rogue VPN server. It uses a plugin-based architecture so that support for additional SSL-VPN products can be contributed by...

malware processing framework

karton: Distributed malware processing framework

Karton Distributed malware processing framework based on Python, Redis, and MinIO. The idea Karton is a robust framework for creating flexible and lightweight malware analysis backends. It can be used to connect malware analysis systems into a...