Rehex – Reverse Engineers’ Hex Editor
A cross-platform (Windows, Linux, Mac) hex editor for reverse engineering, and everything else.FeaturesLarge (1TB+) file support Decoding of integer/floating point...
hacking
Gping – Ping, But With A Graph
Ping, but with a graph.InstallFYI: The old Python version can be found under the python tag. Homebrew (MacOS + Linux)brew...
Don’t Put It on the Internet: Tesla Backup Gateway Edition
Derek Abdine, formerly Director of Rapid7 Labs, now CTO at Censys, contributed this blog post.This blog post aims to increase...
MacC2 – Mac Command And Control That Uses Internal API Calls Instead Of Command Line Utilities
MacC2 is a macOS post exploitation tool written in python that uses Objective C calls or python libraries as opposed...
Garud – An Automation Tool That Scans Sub-Domains, Sub-Domain Takeover And Then Filters Out XSS, SSTI, SSRF And More Injection Point Parameters
An automation tool that scans sub-domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters....
Defining Vulnerability Risk Management (and How to Build a Modern VRM Program)
Once upon a time (just a handful of years ago), vulnerability management programs focused solely on servers, running quarterly scans...
Go_Parser – Yet Another Golang Binary Parser For IDAPro
Yet Another Golang Binary Parser For IDAPro NOTE: This master branch is written in Python2 for IDAPython, and tested only...
FinalRecon v1.1.0 – The Last Web Recon Tool You’ll Need
FinalRecon is an automatic web reconnaissance tool written in python. Goal of FinalRecon is to provide an overview of the...
Herpaderping – Process Herpaderping Bypasses Security Products By Obscuring The Intentions Of A Process
Process Herpaderping is a method of obscuring the intentions of a process by modifying the content on disk after the...
Linux-Evil-Toolkit – A Framework That Aims To Centralize, Standardize And Simplify The Use Of Various Security Tools For Pentest Professionals
Linux evil toolkit is a framework that aims to centralize, standardize and simplify the use of various security tools for...
Tfsec – Security Scanner For Your Terraform Code
tfsec uses static analysis of your terraform templates to spot potential security issues. Now with terraform v0.12+ support. Example OutputInstallationInstall...
Scripthunter – Tool To Find JavaScript Files On Websites
Scripthunter is a tool that finds javascript files for a given website. To scan Google, simply run ./scripthunter.sh https://google.com. Note...
FAMA – Forensic Analysis For Mobile Apps
LabCIF - Forensic Analysis for Mobile AppsGetting StartedAndroid extraction and analysis framework with an integrated Autopsy Module. Dump easily user...
Leonidas – Automated Attack Simulation In The Cloud, Complete With Detection Use Cases
Leonidas is a framework for executing attacker actions in the cloud. It provides a YAML-based format for defining cloud attacker...
Octopus WAF – Web Application Firewall Made In C Language And Use Libevent
OctopusWAF is a open source Web application firewall, is made in C language uses libevent to make multiple connections. First...
NFCGate – An NFC Research Toolkit Application For Android
NFCGate is an Android application meant to capture, analyze, or modify NFC traffic. It can be used as a researching...
2021 Detection and Response Planning, Part 4: Planning for Success with a Cloud SIEM
This is the fourth and final installment of our series around 2021 security planning. Through this series, we talked to...
Patch Tuesday – November 2020
Jumping right back to a triple digit volume of vulnerabilities resolved, Microsoft covers 112 CVEs this November affecting products ranging...
VMware ESXi OpenSLP Remote Code Execution Vulnerability (CVE-2020-3992 and CVE-2019-5544): What You Need To Know
What’s up? On November 6, 2020 Microsoft’s Kevin Beaumont alerted the community to evidence of active exploitation attempts of CVE-2020-3992...
Py3Webfuzz – A Python3 Module To Assist In Fuzzing Web Applications
Based on pywebfuzz, Py3webfuzz is a Python3 module to assist in the identification of vulnerabilities in web applications, Web Services...
paradoxiaRAT – Native Windows Remote Access Tool
Paradoxia Remote Access Tool. FeaturesParadoxia Console Feature Description Easy to use Paradoxia is extremely easy to use, So far the easiest...
SaltStack Pre-Authenticated Remote Root (CVE-2020-16846 and CVE-2020-25592): What You Need to Know
What’s up? We start the November critical vulnerability season with a pair of CVEs—CVE-2020-16846 and CVE-2020-25592—that, when combined, can result...
Visualizing Network Traffic Data to Drive Action
Top 5 multi group queries for analyzing network sensor dataWe launched the Insight Network Sensor earlier this year and have...
ReconNote – Web Application Security Automation Framework Which Recons The Target For Various Assets To Maximize The Attack Surface For Security Professionals & Bug-Hunters
Web Application Security Recon Automation FrameworkIt takes user input as a domain name and maximize the attack surface area by...
