Raider – Web Authentication Testing Framework
This is a framework designed to test authentication for web applications. While web proxies like ZAProxy and Burpsuite allow authenticated...
tools
Tko-Subs – A Tool That Can Help Detect And Takeover Subdomains With Dead DNS Records
This tool allows: To check whether a subdomain can be taken over because it has: a dangling CNAME pointing to...
Bantam – A PHP Backdoor Management And Generation tool/C2 Featuring End To End Encrypted Payload Streaming Designed To Bypass WAF, IDS, SIEM Systems
An advanced PHP backdoor management tool, with a lightweight server footprint, multi-threaded communication, and an advanced payload generation and obfuscation...
NinjaDroid – Ninja Reverse Engineering On Android APK Packages
NinjaDroid is a simple tool to reverse engineering Android APK packages. Published at: https://snapcraft.io/ninjadroid $ snap install ninjadroid --channel=betaOverviewNinjaDroid uses...
Nimplant – A Cross-Platform Implant Written In Nim
Nimplant is a cross-platform (Linux & Windows) implant written in Nim as a fun project to learn about Nim and...
jwtXploiter – A Tool To Test Security Of Json Web Token
A tool to test security of JSON Web Tokens. Test a JWT against all known CVEs; Tamper with the token...
Http-Request-Smuggling – HTTP Request Smuggling Detection Tool
HTTP request smuggling is a high severity vulnerability which is a technique where an attacker smuggles an ambiguous HTTP request...
AlanFramework – A Post-Exploitation Framework
Alan Framework is a post-exploitation framework useful during red-team activities. If you find my tool useful, please consider to sponsor...
Wsh – Web Shell Generator And Command Line Interface
wsh (pronounced woosh) is a web shell generator and command line interface. This started off as just an http client...
Jarm – Active Transport Layer Security (TLS) server fingerprinting tool
Please read the initial JARM blog post for more information. JARM is an active Transport Layer Security (TLS) server fingerprinting...
Karton – Distributed Malware Processing Framework Based On Python, Redis And MinIO
Distributed malware processing framework based on Python, Redis and MinIO. The ideaKarton is a robust framework for creating flexible and...
UnhookMe – An Universal Windows API Resolver And Unhooker Addressing Problem Of Invoking Unmonitored System Calls From Within Of Your Red Teams Malware
In the era of intrusive AVs and EDRs that introduce hot-patches to the running processes for their enhanced optics requirements,...
ADCSPwn – A Tool To Escalate Privileges In An Active Directory Network By Coercing Authenticate From Machine Accounts And Relaying To The Certificate Service
A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts (Petitpotam) and relaying to...
Sigurlfind3R – A Reconnaissance Tool, It Fetches URLs From AlienVault’s OTX, Common Crawl, URLScan, Github And The Wayback Machine
sigurlfind3r is a passive reconnaissance tool, it fetches known URLs from AlienVault's OTX, Common Crawl, URLScan, Github and the Wayback...
Php-Jpeg-Injector – Injects Php Payloads Into Jpeg Images
Injects php payloads into jpeg images. Related to this post. Use CaseYou have a web application that runs a jpeg...
Solitude – A Privacy Analysis Tool That Enables Anyone To Conduct Their Own Privacy Investigations
Solitude is a privacy analysis tool that enables anyone to conduct their own privacy investigations. Whether a curious novice or...
Go-Shellcode – A Repository Of Windows Shellcode Runners And Supporting Utilities
go-shellcode is a repository of Windows Shellcode runners and supporting utilities. The applications load and execute Shellcode using various API...
cThreadHijack – Beacon Object File (BOF) For Remote Process Injection Via Thread Hijacking
___________.__ .______ ___ .__ __ __ _____ ___/| |_________ ____ _____ __| _/ | |__| |__|____ ____ | | ___/...
TwiTi – Tool for extracting IOCs from tweet
TwiTi, a tool for extracting IOCs from tweets, can collect a large number of fresh, accurate IOCs. TwiTi does classifying...
WARCannon – High Speed/Low Cost CommonCrawl RegExp In Node.js
WARCannon was built to simplify and cheapify the process of 'grepping the internet'.With WARCannon, you can:Build and test regex patterns...
ChangeTower – Tool To Help You Watch Changes In Webpages And Get Notified Of Any Changes
ChangeTower is intended to help you watch changes in webpages and get notified of any changes written in Go This...
Elpscrk – An Intelligent Common User-Password Profiler Based On Permutations And Statistics
An Intelligent common user-password profiler that's named after the same tool in Mr.Robot series S01E01In simple words, elpscrk will ask...
Uchihash – A Small Utility To Deal With Malware Embedded Hashes
Uchihash is a small utility that can save malware analysts the time of dealing with embedded hash values used for...
SharpLAPS – Retrieve LAPS Password From LDAP
The attribute ms-mcs-AdmPwd stores the clear-text LAPS password. This executable is made to be executed within Cobalt Strike session using...
