Clik here to view.
X-Recon - A Utility For Detecting Webpage Inputs And Conducting XSS Scans
A utility for identifying web page inputs and conducting XSS scanning.Features:Subdomain Discovery:Retrieves relevant subdomains for the target website and consolidates them into a whitelist. These...
View ArticleClik here to view.
Thief Raccoon - Login Phishing Tool
Thief Raccoon is a tool designed for educational purposes to demonstrate how phishing attacks can be conducted on various operating systems. This tool is intended to raise awareness about cybersecurity...
View ArticleClik here to view.
PIP-INTEL - OSINT and Cyber Intelligence Tool
 Pip-Intel is a powerful tool designed for OSINT (Open Source Intelligence) and cyber intelligence gathering activities. It consolidates various open-source tools into a single user-friendly interface...
View ArticleClik here to view.
Sttr - Cross-Platform, Cli App To Perform Various Operations On String
sttr is command line software that allows you to quickly run various transformation operations on the string.// With input promptsttr// Direct inputsttr md5 "Hello World"// File inputsttr md5...
View ArticleClik here to view.
NativeDump - Dump Lsass Using Only Native APIs By Hand-Crafting Minidump...
NativeDump allows to dump the lsass process using only NTAPIs generating a Minidump file with only the streams needed to be parsed by tools like Mimikatz or Pypykatz (SystemInfo, ModuleList and...
View ArticleClik here to view.
CyberChef - The Cyber Swiss Army Knife - A Web App For Encryption, Encoding,...
CyberChef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. These operations include simple encoding like XOR and Base64, more complex encryption...
View ArticleClik here to view.
Volana - Shell Command Obfuscation To Avoid Detection Systems
Shell command obfuscation to avoid SIEM/detection system During pentest, an important aspect is to be stealth. For this reason you should clear your tracks after your passage. Nevertheless, many...
View ArticleClik here to view.
BokuLoader - A Proof-Of-Concept Cobalt Strike Reflective Loader Which Aims To...
A proof-of-concept User-Defined Reflective Loader (UDRL) which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!Contributors:ContributorTwitterNotable ContributionsBobby...
View ArticleClik here to view.
Extrude - Analyse Binaries For Missing Security Features, Information...
Analyse binaries for missing security features, information disclosure and more.Extrude is in the early stages of development, and currently only supports ELF and MachO binaries. PE (Windows) binaries...
View ArticleClik here to view.
XMGoat - Composed of XM Cyber terraform templates that help you learn about...
XM Goat is composed of XM Cyberterraform templates that help you learn about common Azure security issues. Each template is a vulnerable environment, with some significant misconfigurations. Your job...
View ArticleClik here to view.
VulnNodeApp - A Vulnerable Node.Js Application
A vulnerable application made using node.js, express server and ejs template engine. This application is meant for educational purposes only.SetupClone this repositorygit clone...
View ArticleClik here to view.
Hfinger - Fingerprinting HTTP Requests
Tool for Fingerprinting HTTP requests of malware. Based on Tshark and written in Python3. Working prototype stage :-)Its main objective is to provide unique representations (fingerprints) of malware...
View ArticleClik here to view.
CloudBrute - Awesome Cloud Enumerator
A tool to find a company (target) infrastructure, files, and apps on the top cloud providers (Amazon, Google, Microsoft, DigitalOcean, Alibaba, Vultr, Linode). The outcome is useful for bug bounty...
View ArticleClik here to view.
Ashok - A OSINT Recon Tool, A.K.A Swiss Army Knife
Reconnaissance is the first phase of penetration testing which means gathering information before any real attacks are planned So Ashok is an Incredible fast recon tool for penetration tester which is...
View ArticleClik here to view.
DockerSpy - DockerSpy Searches For Images On Docker Hub And Extracts...
DockerSpy searches for images on Docker Hub and extracts sensitive information such as authentication secrets, private keys, and more.What is Docker?Docker is an open-source platform that automates the...
View ArticleClik here to view.
ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make...
ModTracer Finds Hidden Linux Kernel Rootkits and then make visible again.Another way to make an LKM visible is using the imperius trick: https://github.com/MatheuZSecurity/ImperiusDownload ModTracer
View ArticleClik here to view.
Psobf - PowerShell Obfuscator
Tool for obfuscating PowerShell scripts written in Go. The main objective of this program is to obfuscate PowerShell code to make its analysis and detection more difficult. The script offers 5 levels...
View ArticleClik here to view.
BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
Evade EDR's the simple way, by not touching any of the API's they hook.TheoryI've noticed that most EDRs fail to scan scripting files, treating them merely as text files. While this might be...
View ArticleClik here to view.
Imperius - Make An Linux Kernel Rootkit Visible Again
A make an LKM rootkit visible again.This tool is part of research on LKM rootkits that will be launched.It involves getting the memory address of a rootkit's "show_module" function, for example, and...
View ArticleClik here to view.
Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability...
Mass Assigner is a powerful tool designed to identify and exploit mass assignment vulnerabilities in web applications. It achieves this by first retrieving data from a specified request, such as...
View ArticleClik here to view.
File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File...
file-unpumper is a powerful command-line utility designed to clean and analyze Portable Executable (PE) files. It provides a range of features to help developers and security professionals work with PE...
View ArticleClik here to view.
Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator...
The Damn Vulnerable Drone is an intentionally vulnerable drone hacking simulator based on the popular ArduPilot/MAVLink architecture, providing a realistic environment for hands-on drone hacking.About...
View ArticleClik here to view.
Secator - The Pentester'S Swiss Knife
secator is a task and workflow runner used for security assessments. It supports dozens of well-known security tools and it is designed to improve productivity for pentesters and security...
View ArticleClik here to view.
PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload...
BYOSI- Bring-Your-Own-Script-Interpreter- Leveraging the abuse of trusted applications, one is able to deliver a compatible script interpreter for a Windows, Mac, or Linux system as well as malicious...
View ArticleClik here to view.
SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks...
SafeLine is a self-hosted WAF(Web Application Firewall) to protect your web apps from attacks and exploits.A web application firewall helps protect web apps by filtering and monitoring HTTP traffic...
View Article