Truffle Hog Searches through git repositories for secrets, digging deep into commit history and branches. This is effective at finding secrets accidentally committed. How it works This module will go through the entire commit...
Androguard Androguard is a full Python tool to play with Android files. It is designed to work with Python 3 only. Features Androguard is a full Python tool to play with Android files....
ecapture capture SSL/TLS text content without CA cert by eBPF. eBPF is a revolutionary technology with origins in the Linux kernel that can run sandboxed programs in an operating system kernel. It is used...
Malcolm Malcolm is a powerful network traffic analysis tool suite designed with the following goals in mind: Easy to use – Malcolm accepts network traffic data in the form of full packet capture (PCAP) files...
Prometheus Prometheus, a Cloud Native Computing Foundation project, is a systems and service monitoring system. It collects metrics from configured targets at given intervals, evaluates rule expressions, displays the results, and can trigger alerts if some...
Trivy Trivy is a comprehensive and versatile security scanner. Trivy has scanners that look for security issues, and targets where it can find those issues. Targets (what Trivy can scan): Container Image Filesystem Git Repository (remote) Virtual Machine Image...
jSQL Injection jSQL Injection is a lightweight application used to find database information from a distant server. It is free, open-source, and cross-platform (Windows, Linux, Mac OS X). It is also part of the...
sish An open-source serveo/ngrok alternative. How it works SSH can normally forward local and remote ports. This service implements an SSH server that only handles forwarding and nothing else. The service supports multiplexing connections...
kubeshark Kubeshark is an API Traffic Analyzer for Kubernetes providing real-time, protocol-level visibility into Kubernetes’ internal network, capturing and monitoring all traffic and payloads going in, out, and across containers, pods, nodes, and clusters. Think TCPDump and Wireshark re-invented...
SysReptor – Pentest Reporting Easy As Pie SysReptor is a fully customizable, offensive security reporting solution designed for pentesters, red teamers, and other security-related people alike. You can create designs based on simple HTML...
NetExec – The Network Execution Tool This project was initially created in 2015 by @byt3bl33d3r, known as CrackMapExec. In 2019 @mpgn_x64 started maintaining the project for the next 4 years, adding a lot of...
Subprober – A Fast Multi-Purpose Http Probing Tool for Penetration Testing Subprober is a powerful and efficient tool designed for penetration testers and security professionals. This release introduces several enhancements, bug fixes, and new...
poutine Created by BoostSecurity.io, poutine is a security scanner that detects misconfigurations and vulnerabilities in the build pipelines of a repository. It supports parsing CI workflows from GitHub Actions and Gitlab CI/CD. When given an...
AHHHZURE AHHHZURE is an automated vulnerable Azure deployment script designed for offensive security practitioners and enthusiasts to brush up their cloud sec skills. The lab has 5 flags in total to collect. You may...
What is Akto? Akto is an open-source, instant API security platform that takes only 60 secs to get started. Akto is used by security teams to maintain a continuous inventory of APIs, test APIs...
BREADS – BREaking Active Directory Security BREADS is a tool focused on enumerating and attacking Active Directory environments through LDAP and SMB protocols. This project is inspired by other existing tools like NetExec (CrackMapExec) and...
