.svg){kind=icon}
API Security Vulnerability Scanner designed to help you secure your APIs.
Your First Line of Defense in API Security. Scan your APIs for vulnerabilities with VulnAPI.
Help developers and security professionals quickly and efficiently scan their APIs for security vulnerabilities and weaknesses.
🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens
Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests.
AuthMatrix is a Burp Suite extension that provides a simple way to test authorization in web applications and web services.
Custom bash scripts used to automate various penetration testing tasks including recon, scanning, enumeration, and malicious payload creation using Metasploit. For use with Kali Linux.
Control Your Infrastructure, Scale Your Scanning—On Your Terms. Easily distribute arbitrary binaries and scripts using any of our seven supported cloud providers.
The Ax Framework is a free and open-source tool utilized by Bug Hunters and Penetration Testers to efficiently operate in multiple cloud environments. It helps build and deploy repeatable infrastructure tailored for offensive security purposes.
CloudShovel is a tool designed to search for sensitive information within public or private Amazon Machine Images (AMIs). It automates the process of launching instances from target AMIs, mounting their volumes, and scanning for potential secrets or sensitive data.
Dive into a new Pentesting Experience with Athena OS!
Athena OS is an open-source, NixOS-based distribution intended to build a new concept of pentesting operating system. Its purpose is to offer a different experience than the most used pentesting distributions by providing reproducibility, flexibility, isolation, default packages that fit with the user needs, diverse hacking resources and learning materials.
Credentials gathering tool automating remote procdump and parse of lsass process.
Spraykatz is a tool without any pretention able to retrieve credentials on Windows machines and large Active Directory environments.
It simply tries to procdump machines and parse dumps remotely in order to avoid detections by antivirus softwares as much as possible.
Linux enumeration tool for pentesting and CTFs with verbosity levels.
This shell script will show relevant information about the security of the local Linux system, helping to escalate privileges. From version 2.0 it is mostly POSIX compliant and tested with shellcheck and posh.
It can also monitor processes to discover recurrent program executions. It monitors while it is executing all the other tests so you save some time. By default it monitors during 1 minute but you can choose the watch time with the -p parameter.
Go CLI and Library for quickly mapping organization network ranges using ASN information.
secator is a task and workflow runner used for security assessments. It supports dozens of well-known security tools and is designed to improve productivity for pentesters and security researchers.
Uncover Threats. Take Action.
Embrace a proactive approach with end-to-end Cyber Threat Management, from anticipation to response.
OpenBAS is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests.
ALL IN ONE Hacking Tool For Hackers.
Unexpected Exposures in SSH. SSHamble is a research tool for SSH implementations.
SSHamble simulates potential attack scenarios, including unauthorized remote access due to unexpected state transitions, remote command execution in post-session login implementations, and information leakage through unlimited high-speed authentication requests. The SSHamble interactive shell provides raw access to SSH requests in the post-session (but pre-execution) environment, allowing for simple testing of environment controls, signal processing, port forwarding, and more.
macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to fin…
A companion toolkit for Pentesters & Red Teams.
BallisKit helps by providing automation and weaponization of payload generation. Our products are also equipped with multiple security solution bypasses and ready to use templates to cover any scenarios the RedTeam may face. BallisKit is an array of tools and services developed to help Red Teams and Pentesters in their mission. Capabilities include, among other, penetration testing, demos and social engineering campaigns (email, USB key, etc.).
Tools for analyzing EDR agents.
PurpleLab is an efficient and readily deployable lab solution, providing a swift setup for cybersecurity professionals to test detection rules, simulate logs, and undertake various security tasks, all accessible through a user-friendly web interface.
AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security weaknesses.
ADMiner is an Active Directory audit tool that leverages cypher queries to crunch data from the BloodHound graph database (neo4j) and gives you a global overview of existing weaknesses through a web-based static report, including detailed listing, dynamic graphs, key indicators history, along with risk ratings.
- AD Miner - Analyse Active Directory — Emilien Vannier, Jean-Michel Besnard, Tanguy Boisset @ SSTIC :fr:.
- Episode #461 consacré à ADMiner avec Jean-Michel BESNARD @ NoLimitSecu :fr:.
- Not All Paths are Created Equal -- Attackers' Economy (Part 1) @ Riccardo Ancarani - Red Team Adventures.
- Graph theory to assess Active Directory : Smartest vs. Shortest Control Paths @ Jean-Michel BESNARD's LinkedIn.