Less than four months remain until the end of support for Windows 10, prompting companies across Europe to actively replace their aging, yet still serviceable desktop computers in anticipation of transitioning to Microsoft’s next-generation...
FirmwareDroid is a research project that aims to develop novel methods to analyse Android firmware. It is mainly made to automate the process of extracting and scanning pre-installed Android apps for security research purposes....
Fofa Viewer A simple FOFA client written in JavaFX Features Support tabs Feature-rich Context Menu on items Export query result into Excel spreadsheet Manually set max query count pre-query for non-premium users (Change the...
WiFi Exploitation Framework This tool is designed for security researchers and penetration testers to analyze and exploit vulnerabilities in Wi-Fi networks. It provides an intuitive interface with a wide range of automated and manual...
peeko is a browser-based XSS-powered C2 (Command and Control) tool that leverages the victim’s browser as a stealthy proxy inside internal networks. Through an injected XSS payload, peeko establishes a WebSocket connection to a central...
ghidraMCP is an Model Context Protocol server for allowing LLMs to autonomously reverse engineer applications. It exposes numerous tools from core Ghidra functionality to MCP clients. Features MCP Server + Ghidra Plugin Decompile and...
chain-bench Chain-bench is an open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark. The auditing focuses on the entire SDLC process, where...
Nali An offline tool for querying IP geographic information and CDN provider. Inspired by the Nali C version and nali-cli js version. I want to query the IP geographic information and CDN service provider...
Varalyze is a threat intelligence tool suite that combines a diverse range of web-based applications into one seamless platform through the use of APIs and python libraries. This allows for comprehensive security event triaging due...
Kereva LLM Code Scanner is a static analysis tool designed to identify potential security risks, performance issues, and vulnerabilities in Python codebases that use Large Language Models (LLMs). It analyzes your code without execution...
Docker for Pentesters Docker containerization is the most powerful technology in the current market so I came up with the idea to develop Docker images for Pentesters. Nightingale contains all the required well-known tools...
BinSync is a decompiler collaboration tool built on the Git versioning system to enable fined-grained reverse engineering collaboration regardless of decompiler. BinSync is built by mahaloz, the angr team, and the SEFCOM research lab. It’s also due in large...
gowitness gowitness is a website screenshot utility written in Golang, that uses Chrome Headless to generate screenshots of web interfaces using the command line, with a handy report viewer to process results. Both Linux and...
bitcrook Bitcrook is an open-source intelligence apparatus that aims to centralize all of the tools necessary to carry out an investigation. Although investigations will still require human interaction to connect the dots, the interface...
BFScan – Tool for initial processing of APK / XAPK / DEX / JAR / WAR applications. Search for strings in source code and resources that look like URIs, paths, or secrets Generate raw...
VAmPI The Vulnerable API (Based on OpenAPI 3) VAmPI is a vulnerable API made with Flask and it includes vulnerabilities from the OWASP top 10 vulnerabilities for APIs. It was created as I wanted a...