MalSCCM – Tool To Abuse Local Or Remote SCCM Servers To Deploy Malicious Applications
This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage. To...
Tools
GooFuzz – Tool To Perform Fuzzing With An OSINT Approach, Managing To Enumerate Directories, Files, Subdomains Or Parameters Without Leaving Evidence On The Target’s Server With Google Dorking
CreditsAuthor: M3n0sD0n4ldTwitter: @David_UtonDescription:GooFuzz is a script written in Bash Scripting that uses advanced Google search techniques to obtain sensitive information...
Naabu – A Fast Port Scanner Written In Go With A Focus On Reliability And Simplicity
Naabu is a port scanning tool written in Go that allows you to enumerate valid ports for hosts in a...
Msprobe – Finding All Things On-Prem Microsoft For Password Spraying And Enumeration
Finding all things on-prem Microsoft for password spraying and enumeration. The tool will used a list of common subdomains associated...
SharpSniper – Find Specific Users In Active Directory Via Their Username And Logon IP Address
Often a Red Team engagement is more than just achieving Domain Admin. Some clients will want to see if specific...
Xss_Vulnerability_Challenges – This Repository Is A Docker Containing Some “XSS Vulnerability” Challenges And Bypass Examples
This repository is a Dockerized php application containing some XSS vulnerability challenges. The ideas behind challenges are: Javascript validation bypass...
VAmPI – Vulnerable REST API With OWASP Top 10 Vulnerabilities For Security Testing
The Vulnerable API (Based on OpenAPI 3) VAmPI is a vulnerable API made with Flask and it includes vulnerabilities from...
Cervantes – Collaborative Platform For Pentesters Or Red Teams Who Want To Save Time To Manage Their Projects, Clients, Vulnerabilities And Reports In One Place
Cervantes is an opensource collaborative platform for pentesters or red teams who want to save time to manage their projects,...
Hunt-Sleeping-Beacons – Aims To Identify Sleeping Beacons
The idea of this project is to identify beacons which are unpacked at runtime or running in the context of...
Nightingale – Docker Environment For Pentesting Which Having All The Required Tool For VAPT
In today's technological era, docker is the most powerful technology in each and every domain, whether it is Development, cyber...
OSIPs – Gathers All Valid IP Addresses From All Text Files From A Directory, And Checks Them Against Whois Database, TOR Relays And Location
This script scans every file from a given folder recursively, extracts every IPv4 and IPv6 address, filters out the public...
LambdaGuard – AWS Serverless Security
AWS Lambda is an event-driven, serverless computing platform provided by Amazon Web Services. It is a computing service that...
Frostbyte – FrostByte Is A POC Project That Combines Different Defense Evasion Techniques To Build Better Redteam Payloads
FrostByte Progolue: In the past few days I've been experimenting with the Steps to build Signed Shellcode Executable Pick any...
Admin-Panel_Finder – A Burp Suite Extension That Enumerates Infrastructure And Application Admin Interfaces (OTG-CONFIG-005)
A burp suite extension that enumerates infrastructure and application Admin Interfaces. OWASP References: Classification: Web Application Security Testing > 02-Configuration...
Gshell – A Flexible And Scalable Cross-Plaform Shell Generator Tool
A simple yet flexible cross-platform shell generator tool. Name: G(Great) Shell Description: A cross-platform shell generator tool that lets you...
Goreplay – Open-Source Tool For Capturing And Replaying Live HTTP Traffic Into A Test Environment In Order To Continuously Test Your System With Real Data
GoReplay is an open-source network monitoring tool which can record your live Check latest documentation. Installation Download the latest binary...
SharpEventPersist – Persistence By Writing/Reading Shellcode From Event Log
Persistence by writing/reading shellcode from Event Log. Usage The SharpEventPersist tool takes 4 case-sensitive parameters: -file "C:pathtoshellcode.bin" -instanceid 1337 -source...
confluencePot – Simple Honeypot For Atlassian Confluence (CVE-2022-26134)
ConfluencePot is a simple honeypot for the Atlassian Confluence unauthenticated and remote OGNL injection vulnerability (CVE-2022-26134). About the vulnerability You...
DOMDig – DOM XSS Scanner For Single Page Applications
DOMDig is a DOM XSS scanner that runs inside the Chromium web browser and it can scan single page applications...
Exfilkit – Data Exfiltration Utility For Testing Detection Capabilities
Data exfiltration utility for testing detection capabilities Description Data exfiltration utility used for testing detection capabilities of security products. Obviously...
Pulsar – Data Exfiltration And Covert Communication Tool
Pulsar is a tool for data exfiltration and covert communication that enable you to create a secure data transfer, a...
WhiteBeam – Transparent Endpoint Security
Transparent endpoint security Features Block and detect advanced attacks Modern audited cryptography: RustCrypto for hashing and encryption Highly compatible: Development...
Jeeves – Time-Based Blind SQLInjection Finder
Jeeves is made for looking to Time-Based Blind SQLInjection through recon. - Installation & Requirements: Installing Jeeves $ go...
PacketStreamer – Distributed Tcpdump For Cloud Native Environments
Deepfence PacketStreamer is a high-performance remote PacketStreamer sensors collect raw network packets on remote hosts. It selects packets to capture...
