The pentester's Swiss knife
FACTION PenTesting Report Generation and Collaboration Framework FACTION is your entire assessment workflow in a box. With FACTION you can: Automate pen testing and security assessment Reports Peer review and track changes for reports...
Graphpython Graphpython is a modular Python tool for cross-platform Microsoft Graph API enumeration and exploitation. It builds upon the capabilities of AADInternals (Killchain.ps1), GraphRunner, and TokenTactics(V2) to provide a comprehensive solution for interacting with...
No-Consolation This is a Beacon Object File (BOF) that executes unmanaged PEs inline and retrieves their output without allocating a console (i.e. spawning conhost.exe). Feature Supports 64 and 32 bits Supports EXEs and DLLs...
IAT-Tracer IAT-Tracer V2 is a plugin for Tiny-Tracer framework (by @hasherezade) for automatically detecting and resolving functions’ parameters out of the IAT or trace logs (.tag files) of PE files. The plugin has a GUI that...
bbot BBOT (Bighuge BLS OSINT Tool) is a recursive internet scanner inspired by Spiderfoot, but designed to be faster, more reliable, and friendlier to pentesters, bug bounty hunters, and developers. Special features include: Support for...
nacs: event-driven pentest scanner Detect if the target machine is alive Service scan (regular & non-regular ports) poc detection (xray & nuclei format) Weak password blasting for services such as databases Common Vulnerability Exploitation...
cloud_enum Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud. Currently enumerates the following: Amazon Web Services: Open / Protected S3 Buckets awsapps (WorkMail, WorkDocs, Connect, etc.) Microsoft Azure: Storage Accounts...
EDRPrison EDRPrison leverages a legitimate WFP callout driver, WinDivert, to effectively silence EDR systems. Drawing inspiration from tools like Shutter, FireBlock, and EDRSilencer, this project focuses on network-based evasion techniques. Unlike its predecessors, EDRPrison installs and loads an...
pwnat pwnat, by Samy Kamkar, is a tool that allows any client behind a NAT to communicate with a server behind a separate NAT with no port forwarding and no DMZ setup on any routers to...
GraphQLer GraphQLer is a cutting-edge tool designed to dynamically test GraphQL APIs with a focus on awareness. It offers a range of sophisticated features that streamline the testing process and ensure robust analysis of...
BlueToolkit BlueToolkit is an extensible Bluetooth Classic vulnerability testing framework that helps uncover new and old vulnerabilities in Bluetooth-enabled devices. It works by executing templated exploits one by one and verifying appropriate properties based...
ROPDump ROPDump is a tool for analyzing binary executables to identify potential Return-Oriented Programming (ROP) gadgets, as well as detecting potential buffer overflow and memory leak vulnerabilities. Features Identifies potential ROP gadgets in binary...
MemFiles MemFiles is a toolkit for CobaltStrike that enables Operators to write files produced by the Beacon process into memory, rather than writing them to disk on the target system. It has been successfully...
ADRecon: Active Directory Recon ADRecon is a tool that extracts and combines various artifacts out of an AD environment. The information can be presented in a specially formatted Microsoft Excel report that includes summary...
HackSys Extreme Vulnerable Driver (HEVD) – BufferOverflowNonPagedPoolNx Exploit This repository contains an exploit for the BufferOverflowNonPagedPoolNx vulnerability in HackSys Extreme Vulnerable Driver (HEVD). The exploit targets Windows 10 Version 22H2 (OS Build 19045.3930) and demonstrates...
apkInspector apkInspector is a tool designed to provide detailed insights into the zip structure of APK files, offering the capability to extract the content and decode the AndroidManifest.xml file. What sets APKInspector apart is...