OWASP WrongSecrets Welcome to the OWASP WrongSecrets p0wnable app. With this app, we have packed various ways of how to not store your secrets. These can help you to realize whether your secret management...
Nightingale Nightingale is an enterprise-level cloud-native monitoring system, which can be used as a drop-in replacement for Prometheus for alerting and management. Nightingale is a cloud-native monitoring system by All-In-On design, that supports enterprise-class...
Gitxray Gitxray (short for Git X-Ray) is a multifaceted security tool designed for use on GitHub repositories. It can serve many purposes, including OSINT and Forensics. gitxray leverages public GitHub REST APIs to gather information that...
Stealth Guardian Performing adversary simulation exercises is a time-consuming task, especially when developing new attack mechanisms and testing those against defence systems that have been deployed to the target. With this tool, we have...
uncover uncover is a go wrapper using APIs of well-known search engines to quickly discover exposed hosts on the internet. It is built with automation in mind, so you can query it and utilize...
Kerbeus-BOF Beacon Object Files for Kerberos abuse. This is an implementation of some important features of the Rubeus project, written in C. The project features integration with the C2 frameworks Cobalt Strike and Havoc. Ticket requests and renewals asktgt...
GitGuardian Shield: protect your secrets with GitGuardian GitGuardian shield (ggshield) is a CLI application that runs in your local environment or in a CI environment to help you detect more than 300 types of secrets,...
Catalyst Catalyst is an incident response platform or SOAR (Security Orchestration, Automation, and Response) system. It can help you to automate your alert handling and incident response procedures. Features Ticket (Alert & Incident) Management...
What is WHAD? The cybersecurity community has published a lot of wireless hacking tools based on various hardware platforms and custom communication protocols specifically designed to work with associated software. This leads to hackers...
betterscan-ce It is a Code and Infrastructure (IaC) and Cloud-native Scanning/SAST/Static Analysis/Linting solution using many tools/Scanners with One Report. You can also add any tool to it. Currently, it supports many languages and tech...
logdata-anomaly-miner This tool parses log data and allows to definition of analysis pipelines for anomaly detection. It was designed to run the analysis with limited resources and the lowest possible permissions to make it...
Power Pwn An offensive security toolset for Microsoft 365 focused on Microsoft Copilot, Copilot Studio and Power Platform. Modules: Copilot Connector and Automator Allow interaction with Copilot for Microsoft 365 through the WebSocket messages...
waymore The idea behind waymore is to find even more links from the Wayback Machine than other existing tools. ? The biggest difference between waymore and other tools is that it can also download the archived responses for URLs on...
Hubble Hubble is a fully distributed networking and security observability platform for cloud-native workloads. It is built on top of Cilium and eBPF to enable deep visibility into the communication and behavior of services as well as...
Bearer Bearer is a static application security testing (SAST) tool that scans your source code and analyzes your data flows to discover, filter and prioritize security risks and vulnerabilities leading to sensitive data exposures (PII, PHI, PD). We...
PyCript The Pycript extension for Burp Suite is a valuable tool for penetration testing and security professionals. It enables easy encryption and decryption of requests during testing, which can help evade detection and bypass...
