DOLOS-T DOLOS-T is an orchestration platform for cyber deception operations that allows the deployment of realistic decoys and services with high and medium interaction to detect threats in the operational infrastructure. It can be...
vArmor vArmor is a cloud-native container sandbox system. It leverages Linux’s AppArmor LSM, BPF LSM and Seccomp technologies to implement enforcers. It can be used to strengthen container isolation, reduce the kernel attack surface, and increase the difficulty and...
Mobile Proxies: What They Are and How They Work Mobile proxies, a gateway to a mobile IP address, are revolutionizing how we experience online privacy and accessibility. Mobile proxies provide an extra layer of...
Bypass Url Parser Tool that tests MANY url bypasses to reach a 40X protected page. If you wonder why this code is nothing but a dirty curl wrapper, here’s why: Most of the Python...
Betterscan Community Edition (CE) Betterscan is based on QuantifedCode. QuantifiedCode is a code analysis & automation platform. It helps you to keep track of issues and metrics in your software projects, and can be...
Evil-WinRM This shell is the ultimate WinRM shell for hacking/pentesting. WinRM (Windows Remote Management) is the Microsoft implementation of the WS-Management Protocol. A standard SOAP-based protocol that allows hardware and operating systems from different...
3klCon Project Automated Recon tool which works with Large and Medium scopes. It’s recommended to use it on VPS, it’ll discover secrets and search for vulnerabilities What’re the tasks it will do? Search for...
Kubernetes Goat Kubernetes Goat is an interactive Kubernetes security learning playground. It has intentionally vulnerable by design scenarios to showcase the common misconfigurations, real-world vulnerabilities, and security issues in Kubernetes clusters, containers, and cloud native...
SQLiDetector Simple Python script supported with BurpBouty profile that helps you to detect SQL injection “Error based” by sending multiple requests with 14 payloads and checking for 152 regex patterns for different databases. The...
ROP ROCKET This new, advanced ROP framework made it debut at DEF CON 31 with some unprecedented capabilities. ROCKET generates several types of chains, and it provides new patterns or techniques. Powerful ROP Capabilities...
PinguCrew PinguCrew is a web-based fuzzer platform that allows security researchers to test their software for vulnerabilities in a scalable and efficient manner. The tool is inspired by the ClusterFuzz tool but aims to remove any...
Cloud Offensive Breach and Risk Assessment (COBRA) Tool Cloud Offensive Breach and Risk Assessment (COBRA) is an open-source tool designed to empower users to simulate attacks within multi-cloud environments, offering a comprehensive evaluation of...
APIDetector APIDetector is a powerful and efficient tool designed for testing exposed Swagger endpoints in various subdomains with unique smart capabilities to detect false-positives. It’s particularly useful for security professionals and developers who are...
DA_Plugin_AntiDebugSeeker Through this tool, users can automatically extract potential anti-debugging methods used by malware, making it easier for analysts to take appropriate action. The main functionalities of this plugin are as follows: Extraction of...
Managed Kubernetes Auditing Toolkit (MKAT) MKAT is an all-in-one auditing toolkit for identifying common security issues within managed Kubernetes environments. It is focused on Amazon EKS at the moment, and will be extended to...
BadZure BadZure is a PowerShell script that leverages the Microsoft Graph SDK to orchestrate the setup of Azure Active Directory tenants, populating them with diverse entities while also introducing common security misconfigurations to create...
