Clik here to view.
Hardcodes - Find Hardcoded Strings From Source Code
hardcodes is a utility for searching strings hardcoded by developers in programs. It uses a modular tokenizer that can handle comments, any number of backslashes & nearly any syntax you throw at...
View ArticleClik here to view.
VPS-Docker-For-Pentest - Create A VPS On Google Cloud Platform Or Digital...
Create a VPS on Google Cloud Platform or Digital Ocean easily with the docker for pentest included to launch the assessment to the target.RequirementsTerraform installedAnsible installedSSH private and...
View ArticleClik here to view.
Autovpn - Create On Demand Disposable OpenVPN Endpoints On AWS
Script that allows the easy creation of OpenVPN endpoints in any AWS region. To create a VPN endpoint is done with a single command takes ~3 minutes. It will create the proper security groups. It spins...
View ArticleClik here to view.
SQLMap v1.4.9 - Automatic SQL Injection And Database Takeover Tool
SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection...
View ArticleClik here to view.
OpenRedireX - Asynchronous Open redirect Fuzzer for Humans
A Fuzzer For OpenRedirect Issues.Key Features :Takes a url or list of urls and fuzzes them for Open redirect issuesYou can specify your own payloads in 'payloads.txt'Shows Location header history (if...
View ArticleClik here to view.
PurpleCloud - An Infrastructure As Code (IaC) Deployment Of A Small Active...
Pentest Cyber Range for a small Active Directory Domain. Automated templates for building your own Pentest/Red Team/Cyber Range in the Azure cloud! Purple Cloud is a small Active Directory enterprise...
View ArticleClik here to view.
Bpytop - Linux/OSX/FreeBSD Resource Monitor
Resource monitor that shows usage and stats for processor, memory, disks, network and processes.Python port of bashtop.FeaturesEasy to use, with a game inspired menu system.Full mouse support, all...
View ArticleClik here to view.
Browsertunnel - Surreptitiously Exfiltrate Data From The Browser Over DNS
Browsertunnel is a tool for exfiltrating data from the browser using the DNS protocol. It achieves this by abusing dns-prefetch, a feature intended to reduce the perceived latency of websites by doing...
View ArticleClik here to view.
Rakkess - Kubectl Plugin To Show An Access Matrix For K8S Server Resources
Review Access - kubectl plugin to show an access matrix for server resourcesIntroHave you ever wondered what access rights you have on a provided kubernetes cluster? For single resources you can use...
View ArticleClik here to view.
Anchore Engine - A Service That Analyzes Docker Images And Applies...
For the most up-to-date information on Anchore Engine, Anchore CLI, and other Anchore software, please refer to the Anchore DocumentationThe Anchore Engine is an open-source project that provides a...
View ArticleClik here to view.
Safety - Check Your Installed Dependencies For Known Security Vulnerabilities
Safety checks your installed dependencies for known security vulnerabilities.By default it uses the open Python vulnerability database Safety DB, but can be upgraded to use pyup.io's Safety API using...
View ArticleClik here to view.
Spyre - Simple YARA-based IOC Scanner
...a simple, self-contained modular host-based IOC scannerSpyre is a simple host-based IOC scanner built around the YARApattern matching engine and other scan modules. The main goal of this project is...
View ArticleClik here to view.
Avcleaner - C/C++ Source Obfuscator For Antivirus Bypass
C/C++ source obfuscator for antivirus bypass.Builddocker build . -t avcleanerdocker run -v ~/dev/scrt/avcleaner:/home/toto -it avcleaner bash #adapt ~/dev/scrt/avcleaner to the path where you cloned...
View ArticleClik here to view.
Monsoon - Fast HTTP Enumerator
A fast HTTP enumerator that allows you to execute a large number of HTTP requests, filter the responses and display them in real-time.ExampleRun an HTTP GET request for each entry in filenames.txt,...
View ArticleClik here to view.
MZAP - Multiple Target ZAP Scanning
Multiple target ZAPScanning / mzap is a tool for scanning N*N in ZAP.ConceptInstallationgo-get$ go get -u github.com/hahwul/mzapsnapcraft$ sudo snap install mzap --devmodehomebrew$ brew tap...
View ArticleClik here to view.
Some-Tools - Install And Keep Up To Date Some Pentesting Tools
Some-ToolsWhyI was looking for a way to manage and keep up to date some tools that are not include in Kali-Linux. For exemple, I was looking for an easy way to manage privilege escalation scripts. One...
View ArticleClik here to view.
HTTP-revshell - Powershell Reverse Shell Using HTTP/S Protocol With AMSI...
HTTP-revshell is a tool focused on redteam exercises and pentesters. This tool provides a reverse connection through the http/s protocol. It use a covert channel to gain control over the victim machine...
View ArticleClik here to view.
DockerENT - The Only Open-Source Tool To Analyze Vulnerabilities And...
DockerENT is activE ruNtime application security scanning Tool (RAST tool) and framework which is pluggable and written in python. It comes with a CLI application and clean Web Interface written with...
View ArticleClik here to view.
Chimera - PowerShell Obfuscation Script Designed To Bypass AMSI And...
Chimera is a (shiny and very hack-ish) PowerShellobfuscation script designed to bypass AMSI and antivirus solutions. It digests malicious PS1's known to trigger AV and uses string substitution and...
View ArticleClik here to view.
WMIHACKER - A Bypass Anti-virus Software Lateral Movement Command Execution Tool
中文版(Chinese version)Disclaimer: The technology involved in this project is only for security learning and defense purposes, illegal use is prohibited!Bypass anti-virus software lateral movement command...
View Article