Seekr Seekr is a multi-purpose toolkit for gathering and managing OSINT-data with a sleek web interface. Our desktop view enables you to have all of your favorite OSINT tools integrated into one. The backend...
TeamsPhisher TeamsPhisher is a Python3 program that facilitates the delivery of phishing messages and attachments to Microsoft Teams users whose organizations allow external communications. It is not ordinarily possible to send files to Teams...
Damn Vulnerable RESTaurant An intentionally vulnerable API service designed for learning and training purposes dedicated to developers, ethical hackers, and security engineers. The idea of the project is to provide an environment that can...
Sessionless Sessionless is a Burp Suite extension for editing, signing, verifying, and attacking signed tokens: Django TimestampSigner, ItsDangerous Signer, Express cookie-session middleware, OAuth2 Proxy, and Tornado’s signed cookies. It provides automatic detection and in-line editing of tokens within HTTP...
SentryPeer A distributed list of bad IP addresses and phone numbers was collected via a SIP Honeypot. This is basically a fraud detection tool. It lets bad actors try to make phone calls and...
ShellcodeGenZ takes your commands (like mshta.exe http://192.168.0.1/azi.hta) and turns ’em into shellcode that’s ready to flex. It hunts down bad chars (like 0x0a, 0x0b, or the default 0x00), lets you yeet ’em manually or auto...
Digital Forensics Lab & Shared Cyber Forensic Intelligence Repository Features of Repository Interactive Digital Forensics Labs: Tailored for students and faculty engagement Linux-Centric Lab Environment: Utilizes Kali Linux exclusively for all labs Visual Learning Support: Each lab...
Telerecon Telerecon is a comprehensive OSINT reconnaissance framework for researching, investigating, and scraping Telegram. For example: Input a target username, and Telerecon efficiently crawls across multiple chats gathering profile metadata, account activity, and user...
EntraFalcon is a PowerShell-based assessment tool for pentesters, security analysts, and system administrators to evaluate the security posture of a Microsoft Entra ID environment. Designed for ease of use, EntraFalcon runs on PowerShell 5.1...
This technique exploits the COM-level mechanics AMSI uses when delegating scan requests to antivirus (AV) providers through RPC. By hooking into the NdrClientCall3 function—used internally by the RPC runtime to marshal and dispatch function...
ntfstool NTFSTool is a forensic tool to play with disks and NTFS volumes. It supports reading partition info (mbr, partition table, vbr) but also information on bitlocker encrypted partition (fve). See examples below to...
fuzzuf fuzzuf (fuzzing unification framework) is a fuzzing framework with its own DSL to describe a fuzzing loop by constructing building blocks of fuzzing primitives. Why use fuzzuf? fuzzuf enables a flexible definition of a fuzzing loop...
CuddlePhish Weaponized multi-user browser-in-the-middle (BitM) for penetration testers. This attack can be used to bypass multi-factor authentication on many high-value web applications. It even works for applications that do not use session tokens, and...
Apepe Apepe is a Python tool developed to help pentesters and red teamers easily get information from the target app. This tool will extract basic pieces of information such as the package name if...
T-Pot – The All In One Honeypot Platform T-Pot is based on the Debian (Stable) network installer. The honeypot daemons as well as other support components are dockered. This allows T-Pot to run multiple honeypot...
Caracal Caracal is a static analyzer tool over the SIERRA representation for Starknet smart contracts. Features Detectors to detect vulnerable Cairo code Printers to report information Taint analysis Data flow analysis framework Easy to...
