The pentester's Swiss knife
eBPFShield Welcome to eBPFShield, a powerful and intuitive security tool for monitoring and protecting your servers. Featuring both IP-Intelligence and DNS monitoring capabilities, eBPFShield utilizes the power of ebpf and python to provide real-time monitoring and actionable insights...
Cloud edge Lookup an IP to find the cloud provider and other details based on the provider’s published JSON data Cloud edge is a recon tool focused on exploring cloud service providers. It can...
Red Canary Mac Monitor Red Canary Mac Monitor is an advanced, stand-alone system monitoring tool tailor-made for macOS security research, malware triage, and system troubleshooting. Harnessing Apple Endpoint Security (ES), it collects and enriches system...
DeepSecrets – a better tool for secret scanning Yet another tool – why? Existing tools don’t really “understand” code. Instead, they mostly parse texts. DeepSecrets expands classic regex-search approaches with semantic analysis, dangerous variable...
GCPGoat: A Damn Vulnerable GCP Infrastructure Compromising an organization’s cloud infrastructure is like sitting on a gold mine for attackers. And sometimes, a simple misconfiguration or a vulnerability in web applications, is all an...
Slack Jack – Slack Bot Token Abuse Slack Jack is a penetration testing tool designed for ethical hacking and security testing purposes. It allows you to hijack a Slack bot using its token (e.g.,...
VED-eBPF: Kernel Exploit and Rootkit Detection using eBPF VED (Vault Exploit Defense)-eBPF leverages eBPF (extended Berkeley Packet Filter) to implement runtime kernel security monitoring and exploit detection for Linux systems. Introduction eBPF is an...
What is Hiphp? The HIPHP BackDoor is an open-source tool that allows for remote control of websites utilizing the PHP programming language via the HTTP/HTTPS protocol. By utilizing the POST/GET method on port 80,...
OSTE-Meta-Scanner This project aims to simplify the field of Dynamic Application Security Testing. The OSTE meta scanner is a comprehensive web vulnerability scanner that combines multiple DAST scanners, including Nikto Scanner, OWASP ZAP, Nuclei,...
SiCat – The useful exploit finder SiCat is an advanced exploit search tool designed to identify and gather information about exploits from both open sources and local repositories effectively. With a focus on cybersecurity,...
Fuzztruction Fuzztruction is an academic prototype of a fuzzer that does not directly mutate inputs (as most fuzzers do) but instead uses a so-called generator application to produce an input for our fuzzing target....
KRBJack This tool can be used to abuse the dangerous ZONE_UPDATE_UNSECURE flag on DNS main domain zone in an Active Directory. This flag when set allows anyone unauthenticated to update, add and remove DNS records anonymously....
rayder Rayder is a command-line tool designed to simplify the orchestration and execution of workflows. It allows you to define a series of modules in a YAML file, each consisting of commands to be...
Frelatage Frelatage is a coverage-based Python fuzzing library which can be used to fuzz python code. The development of Frelatage was inspired by various other fuzzers, including AFL/AFL++, Atheris, and PythonFuzz. The main purpose of the project is...
Indetectables Toolkit This tool compilation is carefully crafted to be useful both for beginners and veterans of the malware analysis world. It has also proven useful for people trying their luck at the cracking...
FirmWire FirmWire is a full-system baseband firmware analysis platform that supports Samsung and MediaTek. It enables fuzzing, root-cause analysis, and debugging of baseband firmware images. FirmWire is the result of a multi-year, cross-university research...