CTFd: Capture The Flag framework
What is CTFd? CTFd is a Capture The Flag framework focusing on ease of use and customizability. It comes with everything you need to run a CTF and it’s easy to customize with plugins...
The pentester's Swiss knife
dnSpy: .NET assembly editor, decompiler, and debugger
dnSpy dnSpy is a tool to reverse engineer .NET assemblies. It includes a decompiler, a debugger, and an assembly editor (and more) and can be easily extended by writing your extension. It uses dnlib to...
janusec: Golang based application security solutions
Janusec Application Gateway Janusec Application Gateway is an application security solution that provides WAF (Web Application Firewall), CC attack defense, a unified web administration portal, private key protection, web routing, and scalable load balancing....
CyberChef: web app for encryption, encoding, compression and data analysis
CyberChef The Cyber Swiss Army Knife CyberChef is a simple, intuitive web app for carrying out all manner of “cyber” operations within a web browser. These operations include simple encoding like XOR or Base64,...
aleph: find the people and companies you look for
Aleph Aleph is a tool for indexing large amounts of both documents (PDF, Word, HTML) and structured (CSV, XLS, SQL) data for easy browsing and search. It is built with investigative reporting as a primary...
Commando VM: fully customizable Windows-based pentesting virtual machine distribution
What is CommandoVM? Complete Mandiant Offensive VM (“CommandoVM”) is a comprehensive, customizable, Windows-based security distribution for penetration testing and red teaming. CommandoVM comes packaged with various offensive tools not included in Kali Linux, highlighting the...
Odinova: An advanced application designed for Open-Source Intelligence
Odinova Digital Tiger: Overview Odinova Digital Tiger is an advanced application designed for Open-Source Intelligence (OSINT), equipped with versatile tools and a user-friendly interface to streamline investigative workflows and enhance data analysis capabilities. Documenter:...
CrowdSec: Real-time & crowdsourced protection against aggressive IPs
CrowdSec The CrowdSec Security Engine is an open-source, lightweight software that detects and blocks malicious actors from accessing your systems at various levels, using log analysis and threat patterns called scenarios. CrowdSec is a modular framework,...
Ominis-OSINT Web Hunter: Open Source Intelligence Tool
Ominis-OSINT: Web Hunter It performs online information gathering by querying Google for search results related to a user-inputted query. The tool extracts relevant information such as titles, URLs, and potential mentions of the query...
ciscoconfparse: Parse, Audit, Query, Build, and Modify Cisco IOS-style configurations
What is ciscoconfparse? Short answer: ciscoconfparse is a Python library that helps you quickly answer questions like these about your configurations: What interfaces are shutdown? Which interfaces are in trunk mode? What address and subnet mask...
django-DefectDojo: application vulnerability correlation & security orchestration application
DefectDojo DefectDojo is a DevSecOps platform. DefectDojo streamlines DevSecOps by serving as an aggregator and single pane of glass for your security tools. DefectDojo has smart features to enhance and tune the results from...
SQLRecon: C# MS-SQL toolkit designed for offensive reconnaissance and post-exploitation
SQLRecon Description A C# MS-SQL toolkit designed for offensive reconnaissance and post-exploitation. Mandatory Arguments The mandatory arguments consist of an authentication type (either Windows, Local or Azure), connection parameters and a module. -a – Authentication...
dependency-track: intelligent Software Composition Analysis platform
Dependency-Track Modern applications leverage the availability of existing components for use as building blocks in application development. By using existing components, organizations can dramatically decrease time-to-market. Reusing existing components, however, comes at a cost....
FinalRecon: OSINT Tool for All-In-One Web Reconnaissance
FinalRecon FinalRecon is a fast and simple Python script for web reconnaissance. It follows a modular structure so in the future new modules can be added with ease. Features Header Information Whois SSL Certificate...
sippts: Set of tools to audit SIP based VoIP Systems
What is Sippts? Sippts is a suite of tools to audit VoIP servers and devices using SIP protocol. It is programmed in Perl script and it allows us to check the security of a...
semgrep: Fast and syntax-aware semantic code pattern search
Semgrep Semgrep is a command-line tool for offline static analysis. Use pre-built or custom rules to enforce code and security standards in your codebase. You can try it now with our interactive live editor. Semgrep combines the...
