VulFi: IDA Pro plugin to assist during bug hunting in binaries
VulFi The VulFi (Vulnerability Finder) tool is a plugin to IDA Pro which can be used to assist during bug hunting in binaries. Its main objective is to provide a single view with all...
The pentester's Swiss knife
HEDnsExtractor: A suite for hunting suspicious targets, expose domains and phishing discovery
HEDnsExtractor A suite for hunting suspicious targets, exposing domains, and phishing discovery Features Implementing workflows with yaml 🔥 Adds support to work with multiple domains as target 🔥 Regex support VirusTotal Integration Adds support...
SmuggleFuzz: HTTP/2 based downgrade and smuggle scanner
SmuggleFuzz SmuggleFuzz is designed to assist in identifying HTTP downgrade attack vectors. Its standout feature is not just the time-based detection or request handling, but the detailed response information it provides. This empowers users...
PoolParty: A set of fully-undetectable process injection techniques
PoolParty A collection of fully-undetectable process injection techniques abusing Windows Thread Pools. Presented at Black Hat EU 2023 Briefings under the title – The Pool Party You Will Never Forget: New Process Injection Techniques Using...
Logsensor: discover login panels, and POST Form SQLi Scanning
Logsensor A Powerful Sensor Tool to discover login panels, and POST Form SQLi Scanning Features login panel Scanning for multiple hosts Proxy compatibility (http, https) Login panel scanning is done in multiprocessing Installation git...
EvilSlackbot: A Slack bot phishing framework for Red Teaming exercises
EvilSlackbot A Slack Attack Framework for conducting Red Team and phishing exercises within Slack workspaces. Background Thousands of organizations utilize Slack to help their employees communicate, collaborate, and interact. Many of these Slack workspaces...
OpenGFW: flexible, open-source implementation of Great Firewall on Linux
OpenGFW OpenGFW is a flexible, easy-to-use, open-source implementation of GFW on Linux that’s in many ways more powerful than the real thing. It’s cyber sovereignty you can have on a home router. Features Full IP/TCP...
LDAPWordlistHarvester: generate a wordlist from the information present in LDAP
LDAPWordlistHarvester A tool to generate a wordlist from the information present in LDAP, in order to crack non-random passwords of domain accounts. Features The bigger the domain is, the better the wordlist will be....
OpenArk: Next Generation of Anti-Rootkit(ARK) tool for Windows
OpenArk OpenArk is an open-source anti-rootkit (ARK) tool for Windows. Ark is an Anti-Rootkit abbreviated, it aims at reversing/programming helper, and also users can find hidden malwares in the OS. More and more powerful...
bugsy: CLI tool that provides automatic security vulnerability remediation for your code
Bugsy Bugsy is a command-line interface (CLI) tool that provides automatic security vulnerability remediation for your code. It is the community edition version of Mobb, the first vendor-agnostic automated security vulnerability remediation tool. Bugsy is...
JADXecute: JADX-gui scripting plugin for dynamic decompiler manipulation
JADXecute JADXecute is a plugin for JADX that enhances its functionality by adding Dynamic Code Execution abilities. With JADXecute, you can dynamically run Java code to modify or print components of the jadx-gui output. JADXecute is inspired by IDAPython to help and aims to...
chomtesh: automate reconnaissance tasks during penetration testing
CHOMTE.SH CHOMTE.SH is a versatile framework designed for automating reconnaissance tasks in penetration testing. It’s useful for bug bounty hunters and penetration testers in both internal and external network engagements. Its key features include...
PPLBlade: Protected Process Dumper Tool
PPLBlade Protected Process Dumper Tool that supports obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk. Key functionalities: Bypassing PPL protection Obfuscating memory dump files to evade Defender...
eHIDS: Linux Host-based Intrusion Detection System based on eBPF
eHIDS A Linux Host-based Intrusion Detection System based on eBPF. Implementations & Functionalities: TCP network data capture UDP network data capture DNS information capture in uprobe mode Process data capture Uprobe way to achieve...
Pentest Mapper: Burp Suite Extension for Application Penetration Testing
Pentest Mapper Pentest Mapper is a Burp Suite extension that integrates the Burp Suite request logging with a custom application testing checklist. The extension provides a straightforward flow for application penetration testing. The extension...
nysm: A stealth post-exploitation container
nysm: A stealth post-exploitation container With the rise in popularity of offensive tools based on eBPF, going from credential stealers to rootkits hiding their own PID, a question came to our mind: Would it...
