Introducing Varunastra, an innovative tool designed to enhance the security of Docker environments. Named after The Varunastra (वरुणास्त्र), it is the water weapon according to the Indian scriptures, incepted by Varuna, god of hydrosphere....
The post Varunastra: Securing the Depths of Docker appeared first on Penetration Testing Tools.
Metlo Metlo is an open-source API security platform Create an Inventory of all your API Endpoints. Proactively test your APIs before they go into production. Detect API attacks in real-time. Features Endpoint Discovery –...
The post metlo: open-source API security platform appeared first on Penetration Testing Tools.
Subdominator Meet Subdominator, your new favorite CLI tool for detecting subdomain takeovers. It’s designed to be fast, accurate, and dependable, offering a significant improvement over other available tools. Benchmark ? A benchmark was run across...
The post Subdominator: CLI tool for detecting subdomain takeovers appeared first on Penetration Testing Tools.
The ABAP Code Scanner is a powerful tool designed to analyze ABAP (Advanced Business Application Programming) code for potential security vulnerabilities, code quality issues, and best practice violations. This provides a flexible and extensible...
The post RedRays ABAP Code Analyzer: Open-Source Security Scanner for SAP ABAP appeared first on Penetration Testing Tools.
xeol A scanner for end-of-life (EOL) packages in container images, filesystems, and SBOMs What is EOL software? End of Life (EOL) means the vendor has decided the software in question has reached the end...
The post xeol: scanner for end-of-life software in container images, filesystems, and SBOMs appeared first on Penetration Testing Tools.
kntrl is an eBPF based runtime agent that monitors and prevents anomalous behaviour defined by you on your pipeline. kntrl achieves this by monitoring kernel calls, and denying access as soon as your defined...
The post kntrl: Real-time eBPF Runtime Security for Your CI/CD Pipelines appeared first on Penetration Testing Tools.
Linux kernel vulnerability reproduction is a critical task in system security. To reproduce a kernel vulnerability, the vulnerable environment and the Proof of Concept (PoC) program are needed. Most existing research focuses on the...
The post KernJC: Automated Vulnerable Environment Generation for Linux Kernel Vulnerabilities appeared first on Penetration Testing Tools.
SBSCAN SBSCAN is a penetration testing tool specifically designed for the Spring framework, capable of scanning specified sites for Spring Boot sensitive information and verifying related Spring vulnerabilities. Most Comprehensive Dictionary for Sensitive Paths:...
The post SBSCAN: penetration testing tool specifically designed for the Spring framework appeared first on Penetration Testing Tools.
Bypass Fuzzer Fuzz 401/403ing endpoints for bypasses This tool performs various checks via headers, path normalization, verbs, etc. to attempt to bypass ACLs or URL validation. It will output the response codes and length...
The post BypassFuzzer: Fuzz 401/403/404 pages for bypasses appeared first on Penetration Testing Tools.
NullGate This project implements a comfortable and modern way to use the NTAPI functions using indirect syscalls, coupled with the FreshyCalls method with a little twist for dynamic syscall number retrieval. It also uses a technique...
The post NullGate: A Modern Approach to Indirect Syscalls with Defender Bypass appeared first on Penetration Testing Tools.
All-in-One malware analysis tool for analyze many file types, from Windows binaries to E-Mail files. You can get: What DLL files are used. Functions and APIs. Sections and segments. URLs, IP addresses and emails....
The post Qu1cksc0pe: All-in-One malware analysis tool appeared first on Penetration Testing Tools.
Crawlector Crawlector (the name Crawlector is a combination of Crawler & Detector) is a threat hunting framework designed for scanning websites for malicious objects. Note-1: The framework was first presented at the No Hat conference in Bergamo, Italy on...
The post Crawlector: threat hunting framework appeared first on Penetration Testing Tools.
CRADLE is an open-source web application designed to empower Cyber Threat Intelligence (CTI) analysts. The platform streamlines threat analysis workflows through collaborative note-taking, visual relationship mapping, and comprehensive report generation. In today’s rapidly evolving...
The post CRADLE: Open-Source CTI Platform for Collaborative Threat Analysis appeared first on Penetration Testing Tools.
Linux Security and Monitoring Scripts These are a collection of security and monitoring scripts you can use to monitor your Linux installation for security-related events or for an investigation. Each script works on its...
The post LSMS: Linux Security and Monitoring Scripts appeared first on Penetration Testing Tools.
Draugr-Template CobaltStrike BOF Template to easily perform a synthetic stack frame in BOF. The spoofer is based on LoudSunRun. For each API call, a gadget is randomly used inside KERNELBASE.DLL. Nowadays, some EDRs analyze...
The post Draugr: CobaltStrike BOF with Synthetic Stackframe appeared first on Penetration Testing Tools.
ZeusCloud is an open-source cloud security platform. Discover, prioritize, and remediate your risks in the cloud. Build an asset inventory of your AWS accounts. Continuously monitor your environments for misconfigurations and attack paths. Customize...
The post ZeusCloud: open source cloud security platform appeared first on Penetration Testing Tools.
SubCat is a powerful subdomain discovery tool that passively aggregates data from a variety of online sources to identify valid subdomains for websites. Designed with a modular and efficient architecture, SubCat is ideal for...
The post subcat: Lightning-fast passive subdomain discovery tool appeared first on Penetration Testing Tools.
StackRox Kubernetes Security Platform The StackRox Kubernetes Security Platform performs a risk analysis of the container environment, delivers visibility and runtime alerts, and provides recommendations to proactively improve security by hardening the environment. StackRox...
The post StackRox Kubernetes Security Platform appeared first on Penetration Testing Tools.
RouterOS configuration analyzer to find security misconfigurations and vulnerabilities. Sara does not bypass authentication, exploit vulnerabilities, or alter RouterOS configurations. It works in read-only mode, requiring no administrative privileges. If you are unsure about the interpretation...
The post Sara: RouterOS Security Inspector appeared first on Penetration Testing Tools.
ulexecve This Python tool is called ulexecve and it stands for userland execve. It helps you execute arbitrary ELF binaries on Linux systems from userland without ever calling the execve() systemcall. In other words: you can execute...
The post ulexecve: Execute dynamic or statically compiled ELF Linux binaries without ever calling execve() appeared first on Penetration Testing Tools.
