BurpMetaFinder – Burp Suite Extension For Extracting Metadata From Files
Burp Suite extension for extracting metadata from files Currently supported documents: PDF DOCX PPTX XLSX The project created at Jetbrains...
tools
Flawfinder – A Static Analysis Tool For Finding Vulnerabilities In C/C++ Source Code
This is "flawfinder" by David A. Wheeler. Flawfinder is a simple program that scans C/C++ source code and reports potential...
Web-Brutator – Modular Web Interfaces Bruteforcer
Fast Modular Web Interfaces BruteforcerInstallpython3 -m pip install -r requirements.txt Usage$ python3 web-brutator.py -h __ __ ___. __________ __ __...
Addressing the OT-IT Risk and Asset Inventory Gap
Cyber-espionage and exploitation from nation-state-sanctioned actors have only become more prevalent in recent years, with recent examples including the SolarWinds...
Rapid7 Acquires Leading Kubernetes Security Provider, Alcide
Organizations around the globe continue to embrace the flexibility, speed, and agility of the cloud. Those that have adopted it...
MOSE – Post Exploitation Tool For Configuration Management Servers.
MOSE is a post exploitation tool that enables security professionals with little or no experience with configuration management (CM) technologies...
OpenCVE – CVE Alerting Platform
OpenCVE, formerly known as Saucs, is a platform used to locally import the list of CVEs and perform searches on...
PSC – E2E Encryption For Multi-Hop Tty Sessions Or Portshells + TCP/UDP Port Forward
DNS lookup and SSH session forwarded across an UART connection to a Pi PSC allows to e2e encrypt shell sessions,...
SSRF-King – SSRF Plugin For Burp Automates SSRF Detection In All Of The Request
SSRF plugin for burp that Automates SSRF Detection in all of the RequestUpcoming Features ChecklistIt will soon have a user...
CSSG – Cobalt Strike Shellcode Generator
Adds Shellcode - Shellcode Generator to the Cobalt Strike top menu bar CSSG is an aggressor and python script used...
Arbitrium-RAT – A Cross-Platform, Fully Undetectable Remote Access Trojan, To Control Android, Windows And Linux
Arbitrium is a cross-platform is a remote access trojan (RAT), Fully UnDetectable (FUD), It allows you to control Android, Windows...
JWT Key ID Injector – Simple Python Script To Check Against Hypothetical JWT Vulnerability
Simple python script to check against hypothetical JWT vulnerability. Let's say there is an application that uses JWT tokens signed...
Tritium – Password Spraying Framework
A tool to enumerate and spray valid Active Directory accounts through Kerberos Pre-Authentication. BackgroundAlthough many Kerberos password spraying tools currently...
SharpEDRChecker – Checks Running Processes, Process Metadata, DLLs Loaded Into Your Current Process And The Each DLLs Metadata, Common Inst all Directories, Installed Services And Each Service Binaries Metadata, Installed Drivers And Each Drivers Metadata, All For The Presence Of Known Defensive Products Such As AV’s, EDR’s And Logging Tools
New and improved C# Implementation of Invoke-EDRChecker. Checks running processes, process metadata, Dlls loaded into your current process and each...
Emba – An Analyzer For Linux-based Firmware Of Embedded Devices
emba is being developed as a firmware scanner that analyses already-extracted Linux-based firmware images. It should help you to identify...
Upcoming Rapid7 Webcast: How Far Does Your VRM Strategy Go?
Web applications have been growing in complexity over the past several years, while also becoming the preferred method for attackers...
Batea – AI-based, Context-Driven Network Device Ranking
Batea is a context-driven network device ranking framework based on the anomaly detection family of machine learning algorithms. The goal...
Duf – Disk Usage/Free Utility (Linux, BSD, macOS & Windows)
Disk Usage/Free Utility (Linux, BSD, macOS & Windows) FeaturesUser-friendly, colorful output Adjusts to your terminal's width Sort the results according...
State-Sponsored Threat Actors Target Security Researchers
This blog was co-authored by Caitlin Condon, VRM Security Research Manager, and Bob Rudis, Senior Director and Chief Security Data...
Shellex – C-shellcode To Hex Converter, Handy Tool For Paste And Execute Shellcodes In Gdb, Windbg, Radare2, Ollydbg, X64Dbg, Immunity Debugger And 010 Editor
C-shellcode to hex converter. Handy tool for paste & execute shellcodes in gdb, windbg, radare2, ollydbg, x64dbg, immunity debugger &...
Recon Simplified with Spyse
One of the major struggles in bug bounty hunting is to collect and analyze data during reconnaissance, especially when there...
Finding Results at the Intersection of Security and Engineering
As vice president and head of global security at ActiveCampaign, I’m fortunate to be able to draw on a multitude...
WSuspicious – A Tool To Abuse Insecure WSUS Connections For Privilege Escalations
This is a proof of concept program to escalate privileges on a Windows host by abusing WSUS. Details in this...
ATMMalScan – Tool for Windows which helps to search for malware traces on an ATM during the DFIR process
ATMMalScan is a commandline tool for Windows operating systems version 7 and higher, which helps to search for malware traces...
