The pentester's Swiss knife
Nuclei Nuclei is a fast vulnerability scanner designed to probe modern applications, infrastructure, cloud platforms, and networks, aiding in the identification and mitigation of exploitable vulnerabilities. At its core, Nuclei uses templates—expressed as straightforward...
Security Scorecards Goals Automate analysis and trust decisions on the security posture of open source projects. Use this data to proactively improve the security posture of the critical projects the world depends on. Checks...
Quark Engine An Obfuscation-Neglect Android Malware Scoring System Android malware analysis engine is not a new story. Every antivirus company has its secrets to build it. With curiosity, we develop a malware scoring system...
nipe The Tor project allows users to surf the Internet, chat, and send instant messages anonymously through its mechanism. It is used by a wide variety of people, companies, and organizations, both for lawful...
uncompyle6 A native Python cross-version decompiler and fragment decompiler. The successor to decompyle, uncompyle, and uncompyle2. Introduction uncompyle6 translates Python bytecode back into the equivalent Python source code. It accepts bytecodes from Python version...
What is TCA Tencent Cloud Code Analysis (TCA for short, code-named CodeDog inside the company early) is a code comprehensive analysis platform, which includes three components: server, web, and client. It supports the integration...
httpx httpx is a fast and multi-purpose HTTP toolkit built to support running multiple probes using a public library. Probes are specific tests or checks to gather information about web servers, URLs, or other...
Maryam OWASP Maryam is an Open-source intelligence(OSINT) and Web-based Footprinting modular framework based on the Recon-ng core and written in Python. If you want Extracts Emails, Docs, Subdomains, Social networks from search engines Extracts Links, CSS and JS files,...
tfsec tfsec uses static analysis of your terraforms templates to spot potential security issues. Features ☁️ Checks for misconfigurations across all major (and some minor) cloud providers ⛔ Hundreds of built-in rules 🪆 Scans...
ImHex A Hex Editor for Reverse Engineers, Programmers, and people who value their eyesight when working at 3 AM. Features Featureful hex view Byte patching Patch management Copy bytes as a feature Bytes...
mihari A query aggregator for OSINT based threat hunting. Mihari can aggregate multiple searches across multiple services in a single rule & persist findings in a database. How it works Mihari makes a...
js-x-ray JavaScript AST analysis. This package has been created to export the Node-Secure AST Analysis to enable better code evolution and allow better access to developers and researchers. The goal is to quickly identify dangerous code...
Reverse Engineers’ Hex Editor A cross-platform (Windows, Linux, Mac) hex editor for reverse engineering, and everything else. Features Large (1TB+) file support Decoding of integer/floating point value types Inline disassembly of machine code Highlighting...
Secret Magpie Organizations struggle to scan for leaked secrets in ALL of their repos. It’s easy to scan one repo, but time-consuming and tedious to scan all of them. SecretMagpie is a secret detection...
teler-waf teler-waf is a comprehensive security solution for Go-based web applications. It acts as an HTTP middleware, providing an easy-to-use interface for integrating IDS functionality with teler IDS into existing Go applications. By using teler-waf, you can...
CloudFox CloudFox helps you gain situational awareness in unfamiliar cloud environments. It’s an open-source command line tool created to help penetration testers and other offensive security professionals find exploitable attack paths in cloud infrastructure....