RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding...
Depix is a tool for recovering passwords from pixelized screenshots. This implementation works on pixelized images that were created with...
Just using InsightAppSec and still want access to the new executive reports? Don’t worry—we have you covered. Check out your...
With the popularity of web front-end packaging tools, have you encountered more and more websites represented by Webpack packager in...
Static analysis to search for vulnerabilities in Wordpress plugins. __ ____________ ___ ___ __ / / ______ / | __...
We close off our 2020 year of Patch Tuesdays with 58 vulnerabilities being addressed. While it's a higher count than...
Penetration testing (“pentesting”) is the practice of simulating a criminal breach of a sensitive area in order to uncover and...
This is a proof of concept of how a ransomware works, and some techniques that we usually use to hijack...
JavaScript AST analysis. This package has been created to export the Node-Secure AST Analysis to enable better code evolution and...
Thank you all that participated in the 2020 December Metasploit community CTF! The four day CTF was well received by...
Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet...
HiJackThis Fork is a free utility for Microsoft Windows that scans your computer for settings changed by adware, spyware, malware...
Karkinos is a light-weight 'Swiss Army Knife' for penetration testing and/or hacking CTF's. Currently, Karkinos offers the following: Encoding/Decoding characters...
A tool written for cobalt-strike's execute-assembly command that allows for more efficent querying of AD. Key FeaturesList all Domain Admins...
The program is designed to obfuscate the shellcode. Currently the tool supports 2 encryption. 1) XOR2) AES The tool accepts...
PYTMIPE (PYthon library for Token Manipulation and Impersonation for Privilege Escalation) is a Python 3 library for manipulating Windows tokens...
enum4linux-ng.py is a rewrite of Mark Lowe's (former Portcullis Labs now Cisco CX Security Labs) enum4linux.pl, a tool for enumerating...
Aclpwn.py is a tool that interacts with BloodHound to identify and exploit ACL based privilege escalation paths. It takes a...
Blog can be found at https://medium.com/@patelkathan22/beginners-guide-on-how-you-can-use-javascript-in-bugbounty-492f6eb1f9ea?sk=21500dc4288281c7e6ed2315943269e7 Script made for all your javascript recon automation in bugbounty. Just pass subdomain list...
A small contribution to community :)We use all these tools in security assessments and in our vulnerability monitoring service Check...
Without practice, theory is dead. Applied knowledge is essential in any area, especially in cybersecurity, and practice is the only...
Today’s business world is increasingly driven by e-commerce and the cloud, which means it requires a proactive approach toward vulnerability...
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure. GitHub Repo: https://github.com/accurics/terrascan...
OnionSearch is a Python3 script that scrapes urls on different ".onion" search engines. PrerequisitePython 3 Currently supported Search enginesahmia...
