poutine Created by BoostSecurity.io, poutine is a security scanner that detects misconfigurations and vulnerabilities in the build pipelines of a repository. It supports parsing CI workflows from GitHub Actions and Gitlab CI/CD. When given an...
AHHHZURE AHHHZURE is an automated vulnerable Azure deployment script designed for offensive security practitioners and enthusiasts to brush up their cloud sec skills. The lab has 5 flags in total to collect. You may...
What is Akto? Akto is an open-source, instant API security platform that takes only 60 secs to get started. Akto is used by security teams to maintain a continuous inventory of APIs, test APIs...
BREADS – BREaking Active Directory Security BREADS is a tool focused on enumerating and attacking Active Directory environments through LDAP and SMB protocols. This project is inspired by other existing tools like NetExec (CrackMapExec) and...
kunai The goal behind this project is to bring relevant events to achieve various monitoring tasks ranging from security monitoring to Threat Hunting on Linux-based systems. If you are familiar with Sysmon on Windows,...
ADMiner ADMiner is an Active Directory audit tool that leverages cypher queries to crunch data from the BloodHound graph database (neo4j) and gives you a global overview of existing weaknesses through a web-based static report, including...
SCCMHunter SCCMHunter is a post-ex tool built to streamline identifying, profiling, and attacking SCCM related assets in an Active Directory domain. The basic function of the tool is to query LDAP with the find...
legba Legba is a multiprotocol credentials bruteforcer / password sprayer and enumerator built with Rust and the Tokio asynchronous runtime to achieve better performances and stability while consuming fewer resources than similar tools. Supported...
The Auditor Automated Audit Simulation (AAS) is an innovative computer-assisted audit tool meticulously crafted for cybersecurity professionals, auditors, advisors, and consultants engaged in conducting comprehensive audits for diverse organizations. This cutting-edge tool operates seamlessly...
EFIDrill – IDA plugin for UEFI firmware vulnerability hunting based on data flow analysis The Unified Extensible Firmware Interface (UEFI) is a critical component in the boot process, but it’s vulnerable to attacks....
MagicDot A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue. MagicDot Python Package Implements MagicDot’s rootkit-like techniques: Files/Directories named with dots only Bonus – Such...
Mantis Mantis is a command-line framework designed to automate the workflow of asset discovery, reconnaissance, and scanning. It takes the top-level domains as input, and then seamlessly progresses to discovering corresponding assets, including subdomains...
Misconfig Mapper Misconfig Mapper is a project by Intigriti for the community to help you find, detect, and resolve common security misconfigurations in various popular services, technologies, and SaaS-based solutions that your targets use!...
NativeDump NativeDump allows to dump the lsass process using only NTAPIs generating a Minidump file with only the streams needed to be parsed by tools like Mimikatz or Pypykatz (SystemInfo, ModuleList, and Memory64List Streams)....
The Browser-Bruter The Browser-Bruter is the first ever browser-based automated web pentesting tool for fuzzing web forms by controlling the browser it self. It automates the process of sending payloads to input fields of the browser...
modpot modpot is a modular web application honeypot framework written in Golang and making use of the gin framework. It is the antithesis to honeydet in many ways and allows the user to deploy...
