Chisel-Strike A .NET XOR encrypted cobalt strike aggressor implementation for the chisel to utilize faster proxy and advanced socks5 capabilities. Why write this? In my experience, I found socks4/socks4a proxies quite slow in comparison...
apkLeaks Scanning APK file for URIs, endpoints & secrets. Installation Linux $ sudo apt-get install libssl-dev swig -y OSX $ brew install openssl swig Windows You need to install: OpenSSL, and swig-win. To install apkLeaks,...
RequestShield RequestShield is a 100% Free and Open Source tool designed to analyze HTTP access.logs and identify suspicious HTTP requests and potential security threats. It uses factors like geolocation, abuse history, request volume, and...
autobloody autobloody is a tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound combining pathgen.py and autobloody.py. This tool automates the AD privesc between two AD objects, the source (the one we own) and...
Attack Surface Analyzer Attack Surface Analyzer (ASA) is a Microsoft-developed open source security tool that analyzes the attack surface of a target system and reports on potential security vulnerabilities introduced during the installation of...
bloodyAD BloodyAD is an Active Directory Privilege Escalation Framework. This tool can perform specific LDAP/SAMR calls to a domain controller in order to perform AD privesc. It supports authentication using cleartext passwords, pass-the-hash, pass-the-ticket,...
Muraena Muraena is an almost-transparent reverse proxy aimed at automating phishing and post-phishing activities. The tool re-implements the 15-years old idea of using a custom reverse proxy to dynamically interact with the origin to be...
Makes A software supply chain framework powered by Nix. Ever needed to run applications locally to try out your code? Execute CI/CD pipelines locally to make sure jobs are being passed. Keep execution environments frozen...
Hooka Hooka is able to generate shellcode loaders with multiple capabilities. It is also based on other tools like BokuLoader, Freeze or Shhhloader, and it tries to implement more evasion features. Why in Golang? Why not? Feature This...
WEF – WiFi Exploitation Framework This project started over 2021 as a personal tool to easily audit networks without writing long commands or setting all values one by one, in order to automate the...
WhacAMole WhacAMole is a program that analyzes processes in memory in an integral way, detecting and alerting of anomalies related to the malware and presenting and saving in files all the relevant information for...
Exposor Exposor is a contactless reconnaissance tool focused on technology detection across Censys, Fofa, Shodan, and Zoomeye. With a unified syntax for multi-platform querying, It gives security researchers and professionals a clear view of exposed systems, enabling quick...
tetragon Cilium’s new Tetragon component enables powerful real-time, eBPF-based Security Observability and Runtime Enforcement. Tetragon detects and is able to respond in real-time to security-significant events, such as Process execution events Changes to privileges...
Apache Tomcat Scanner A python script to scan for Apache Tomcat server vulnerabilities. Features Multithreaded workers to search for Apache tomcat servers. Multiple target sources accepted: Retrieving list of computers from a Windows domain...
agneyastra – A firebase Misconfiguration Detection Toolkit Firebase, a versatile platform by Google, powers countless web and mobile applications with its extensive suite of services including real-time databases, authentication, cloud storage, and hosting. Its...
Elkeid Elkeid is a Cloud-Native Host-Based Intrusion Detection solution project to provide next-generation Threat Detection and Behavior Audition with modern architecture. Elkeid Agent Linux userspace agent, responsible for managing various plugins, and communication with...
