Clik here to view.
Uscrapper - Powerful OSINT Webscraper For Personal Data Collection
Introducing Uscrapper 2.0, A powerfull OSINT webscrapper that allows users to extract various personal information from a website. It leverages web scraping techniques and regular expressions to...
View ArticleClik here to view.
Rayder - A Lightweight Tool For Orchestrating And Organizing Your Bug Hunting...
Rayder is a command-line tool designed to simplify the orchestration and execution of workflows. It allows you to define a series of modules in a YAML file, each consisting of commands to be executed....
View ArticleClik here to view.
Airgorah - A WiFi Auditing Software That Can Perform Deauth Attacks And...
Airgorah is a WiFi auditing software that can discover the clients connected to an access point, perform deauthentication attacks against specific clients or all the clients connected to it, capture...
View ArticleClik here to view.
Antisquat - Leverages AI Techniques Such As NLP, ChatGPT And More To Empower...
AntiSquat leverages AI techniques such as natural language processing (NLP), large language models (ChatGPT) and more to empower detection of typosquatting and phishing domains.How to useClone the...
View ArticleClik here to view.
Ligolo-Ng - An Advanced, Yet Simple, Tunneling/Pivoting Tool That Uses A TUN...
Ligolo-ng is a simple, lightweight and fast tool that allows pentesters to establish tunnels from a reverse TCP/TLS connection using a tun interface (without the need of SOCKS).FeaturesTun interface...
View ArticleClik here to view.
Route-Detect - Find Authentication (Authn) And Authorization (Authz) Security...
Find authentication (authn) and authorization (authz) security bugs in web application routes:Web application HTTP route authn and authz bugs are some of the most common security issues found today....
View ArticleClik here to view.
Raven - CI/CD Security Analyzer
RAVEN (Risk Analysis and Vulnerability Enumeration for CI/CD) is a powerful security tool designed to perform massive scans for GitHub Actions CI workflows and digest the discovered data into a Neo4j...
View ArticleClik here to view.
BucketLoot - An Automated S3-compatible Bucket Inspector
BucketLoot is an automated S3-compatible Bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from...
View ArticleClik here to view.
PurpleKeep - Providing Azure Pipelines To Create An Infrastructure And Run...
With the rapidly increasing variety of attack techniques and a simultaneous rise in the number of detection rules offered by EDRs (Endpoint Detection and Response) and custom-created ones, the need for...
View ArticleClik here to view.
Stompy - Timestomp Tool To Flatten MAC Times With A Specific Timestamp
A PowerShell function to perform timestomping on specified files and directories. The function can modify timestamps recursively for all files in a directory.Change timestamps for individual files or...
View ArticleClik here to view.
Sncscan - Tool For Analyzing SAP Secure Network Communications (SNC)
Tool for analyzing SAP Secure Network Communications (SNC).How to use?In its current state, sncscan can be used to read the SNC configurations for SAP Router and DIAG (SAP GUI) connections. The...
View ArticleClik here to view.
Melee - Tool To Detect Infections In MySQL Instances
MELEE: A Tool to Detect Ransomware Infections in MySQL InstancesAttackers are abusing MySQL instances for conducting nefarious operations on the Internet. The cybercriminals are targeting exposed MySQL...
View ArticleClik here to view.
Nemesis - An Offensive Data Enrichment Pipeline
Nemesis is an offensive data enrichmentpipeline and operator support system.Built on Kubernetes with scale in mind, our goal with Nemesis was to create a centralized data processing platform that...
View ArticleClik here to view.
Argus - A Framework for Staged Static Taint Analysis of GitHub Workflows and...
This repo contains the code for our USENIX Security '23 paper "ARGUS: A Framework for Staged Static Taint Analysis of GitHub Workflows and Actions". Argus is a comprehensive security analysis tool...
View ArticleClik here to view.
Navgix - A Multi-Threaded Golang Tool That Will Check For Nginx Alias...
navgix is a multi-threaded golang tool that will check for nginx alias traversal vulnerabilitiesTechniquesCurrently, navgix supports 2 techniques for finding vulnerable directories (or location...
View ArticleClik here to view.
SharpShares - Multithreaded C# .NET Assembly To Enumerate Accessible Network...
Multithreaded C# .NET Assembly to enumerate accessible network shares in a domainBuilt upon djhohnstein's SharpShares project> .\SharpShares.exe helpUsage: SharpShares.exe /threads:50 /ldap:servers...
View ArticleClik here to view.
BounceBack - Stealth Redirector For Your Red Team Operation Security
BounceBack is a powerful, highly customizable and configurable reverse proxy with WAF functionality for hiding your C2/phishing/etc infrastructure from blue teams, sandboxes, scanners, etc. It uses...
View ArticleClik here to view.
SADProtocol goes to Hollywood
Faraday’s researchers Javier Aguinaga and Octavio Gianatiempo have investigated on IP cameras and two high severity vulnerabilities.This research project began when Aguinaga's wife, a former Research...
View ArticleClik here to view.
CloudMiner - Execute Code Using Azure Automation Service Without Getting Charged
Execute code within Azure Automation service without getting chargedDescriptionCloudMiner is a tool designed to get free computing power within Azure Automation service. The tool utilizes the upload...
View ArticleClik here to view.
SqliSniper - Advanced Time-based Blind SQL Injection Fuzzer For HTTP Headers
SqliSniper is a robust Python tool designed to detect time-based blind SQL injections in HTTP request headers. It enhances the security assessment process by rapidly scanning and identifying potential...
View Article