Popeye – A Kubernetes Cluster Resource Sanitizer
Popeye - A Kubernetes Cluster Sanitizer Popeye is a utility that scans live Kubernetes cluster and reports potential issues with...
Tools
Tai-e – An Easy-To-Learn/Use Static Analysis Framework For Java
Tai-e What is Tai-e? Tai-e (Chinese: 太阿; pronunciation: ) is a new static analysis framework for Java (please see our...
Ghauri – An Advanced Cross-Platform Tool That Automates The Process Of Detecting And Exploiting SQL Injection Security Flaws
An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws Requirements Python 3 Python...
DragonCastle – A PoC That Combines AutodialDLL Lateral Movement Technique And SSP To Scrape NTLM Hashes From LSASS Process
A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process. Description Upload a...
Kscan – Simple Asset Mapping Tool
0 Disclaimer (The author did not participate in the XX action, don't trace it) This tool is only for legally...
APTRS – Automated Penetration Testing Reporting System
APTRS (Automated Penetration Testing Reporting System) is an automated reporting tool in Python and Django. The tool allows Penetration testers...
LATMA – Lateral Movement Analyzer Tool
Lateral movement analyzer (LATMA) collects authentication logs from the domain and searches for potential lateral movement attacks and suspicious activity....
AVIator – Antivirus Evasion Project
AviAtor Ported to NETCore 5 with an updated UI AV|Ator About://name AV: AntiVirus Ator: Is a swordsman, alchemist, scientist, magician,...
Fuzzable – Framework For Automating Fuzzable Target Discovery With Static Analysis
Framework for Automating Fuzzable Target Discovery with Static Analysis. Introduction Vulnerability researchers conducting security assessments on software will often harness...
Bkcrack – Crack Legacy Zip Encryption With Biham And Kocher’s Known Plaintext Attack
Crack legacy zip encryption with Biham and Kocher's known plaintext attack. Overview A ZIP archive may contain many entries whose...
KRIe – Linux Kernel Runtime Integrity With eBPF
KRIe is a research project that aims to detect Linux Kernel exploits with eBPF. KRIe is far from being a...
PowerHuntShares – Audit Script Designed In Inventory, Analyze, And Report Excessive Privileges Configured On Active Directory Domains
PowerHuntShares is design to automatically inventory, analyze, and report excessive privilege assigned to SMB shares on Active Directory domain joined...
YATAS – A Simple Tool To Audit Your AWS Infrastructure For Misconfiguration Or Potential Security Issues With Plugins Integration
Yet Another Testing & Auditing Solution The goal of YATAS is to help you create a secure AWS environment without...
TerraLdr – A Payload Loader Designed With Advanced Evasion Features
TerraLdr: A Payload Loader Designed With Advanced Evasion Features Details: no crt functions imported syscall unhooking using KnownDllUnhook api hashing...
AceLdr – Cobalt Strike UDRL For Memory Scanner Evasion
A position-independent reflective loader for Cobalt Strike. Zero results from Hunt-Sleeping-Beacons, BeaconHunter, BeaconEye, Patriot, Moneta, PE-sieve, or MalMemDetect. Features Easy...
REST-Attacker – Designed As A Proof-Of-Concept For The Feasibility Of Testing Generic Real-World REST Implementations
REST-Attacker is an automated penetration testing framework for APIs following the REST architecture style. The tool's focus is on streamlining...
Villain – Windows And Linux Backdoor Generator And Multi-Session Handler That Allows Users To Connect With Sibling Servers And Share Their Backdoor Sessions
Villain is a Windows & Linux backdoor generator and multi-session handler that allows users to connect with sibling servers (other...
ExchangeFinder – Find Microsoft Exchange Instance For A Given Domain And Identify The Exact Version
ExchangeFinder is a simple and open-source tool that tries to find Micrsoft Exchange instance for a given domain based on...
DotDumper – An Automatic Unpacker And Logger For DotNet Framework Targeting Files
An automatic unpacker and logger for DotNet Framework targeting files! This tool has been unveiled at Black Hat USA 2022....
PXEThief – Set Of Tooling That Can Extract Passwords From The Operating System Deployment Functionality In Microsoft Endpoint Configuration Manager
PXEThief is a set of tooling that implements attack paths discussed at the DEF CON 30 talk Pulling Passwords out...
Subparse – Modular Malware Analysis Artifact Collection And Correlation Framework
Subparse, is a modular framework developed by Josh Strochein, Aaron Baker, and Odin Bernstein. The framework is designed to parse...
Cypherhound – Terminal Application That Contains 260+ Neo4j Cyphers For BloodHound Data Sets
A Python3 terminal application that contains 260+ Neo4j cyphers for BloodHound data sets. Why? BloodHound is a staple tool for...
S3Crets_Scanner – Hunting For Secrets Uploaded To Public S3 Buckets
S3cret Scanner tool designed to provide a complementary layer for the Amazon S3 Security Best Practices by proactively hunting secrets...
Havoc – Modern and malleable post-exploitation command and control framework
Havoc is a modern and malleable post-exploitation command and control framework, created by @C5pider. Havoc is in an early state...
