Faraday – Open Source Vulnerability Manager Faraday introduces a new concept – IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distribution, indexation, and analysis of the data generated during a security...
The post Faraday: Open Source Vulnerability Manager appeared first on Penetration Testing Tools.
Dependency Check Dependency Check is a Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project’s dependencies. It does this by determining if there is a Common Platform...
The post Dependency Check: detects publicly disclosed vulnerabilities in application dependencies appeared first on Penetration Testing Tools.
Falco Falco is a cloud-native security tool. It provides near real-time threat detection for cloud, container, and Kubernetes workloads by leveraging runtime insights. Falco can monitor events defined via customizable rules from various sources, including the...
The post Falco: A cloud-native security tool appeared first on Penetration Testing Tools.
Cppcheck Cppcheck is a static analysis tool for C/C++ code. It provides a unique code analysis to detect bugs and focuses on detecting undefined behavior and dangerous coding constructs. The goal is to detect only real errors...
The post Cppcheck: A static analysis tool for C/C++ code appeared first on Penetration Testing Tools.
MISP – Malware Information Sharing Platform and Threat Sharing MISP, Malware Information Sharing Platform, and Threat Sharing is an open-source software solution for collecting, storing, distributing, and sharing cybersecurity indicators and threats about cybersecurity...
The post MISP: Malware Information Sharing Platform & Threat Sharing appeared first on Penetration Testing Tools.
OperatorsKit This repository contains a collection of Beacon Object Files (BOFs) that integrate with Cobalt Strike. Kit content The following tools are currently in the OperatorsKit: Name Description AddExclusion Add a new exclusion to...
The post OperatorsKit: Collection of Beacon Object Files (BOF) for Cobalt Strike appeared first on Penetration Testing Tools.
TelecordC2 Telecord is an advanced cross-platform c2 using discord and Telegram API, it allows multi-agent handling with ease using Telegram and discord APIs can be good for exfiltration and network evasion, this project is...
The post TelecordC2: An advanced cross-platform C2 using Discord and Telegram api appeared first on Penetration Testing Tools.
Subdominator – Unleash the Power of Subdomain Enumeration Subdominator is a powerful tool for passive subdomain enumeration during bug hunting and reconnaissance processes. It is designed to help researchers and cybersecurity professionals discover potential...
The post Subdominator: Unleash the Power of Subdomain Enumeration appeared first on Penetration Testing Tools.
VAmPI VAmPI is a vulnerable API made with Flask and it includes vulnerabilities from the OWASP top 10 vulnerabilities for APIs. It was created as I wanted a vulnerable API to evaluate the efficiency...
The post VAmPI: Vulnerable REST API with OWASP top 10 vulnerabilities for security testing appeared first on Penetration Testing Tools.
Gapcast Gapcast is an IEEE 802.11 packet injection and analyzer software. The purpose of gapcast is to accurately detect each router’s clients, analyze, capture, inject packets & perform attacks (like Evil-Twin). Gapcast adds more...
The post gapcast: an IEEE 802.11 packet injection and analyzer software appeared first on Penetration Testing Tools.
i2pd i2pd (I2P Daemon) is a full-featured C++ implementation of I2P client. I2P (Invisible Internet Protocol) is a universal anonymous network layer. All communications over I2P are anonymous and end-to-end encrypted, participants don’t reveal...
The post i2pd: End-to-End encrypted and anonymous Internet appeared first on Penetration Testing Tools.
RemoteKrbRelay Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework Details Now, you have four folders in front of you: Checker – old version of the checker for detecting vulnerable DCOM objects; Checkerv2.0 – new version...
The post RemoteKrbRelay: Advanced Kerberos Relay Framework appeared first on Penetration Testing Tools.
PsMapExec A PowerShell tool heavily inspired by the popular tool CrackMapExec / NetExec. PsMapExec aims to bring the function and feel of these tools to PowerShell with its own arsenal of improvements. PsMapExec is...
The post PsMapExec: assess and compromise an Active Directory environment appeared first on Penetration Testing Tools.
ADSpider Tool for monitoring Active Directory changes in real-time without getting all objects. Instead, it uses replication metadata and Update Sequence Number (USN) to filter the current properties of objects. How to use git...
The post ADSpider: monitor Active Directory changes in real time appeared first on Penetration Testing Tools.
WinObjEx64 WinObjEx64 is an advanced utility that lets you explore the Windows Object Manager namespace. For certain object types, you can double-click on it or use the “Properties…” toolbar button to get more information,...
The post WinObjEx64: Windows Object Explorer 64-bit appeared first on Penetration Testing Tools.
Flow Analyzer Flow Analyzer is designed for helping in low-level understanding and testing of OAuth 2.0 Grants/Flows. OpenID Connect (OIDC) OAuth 2.0 was designed for authorization. OpenID Connect (OIDC) extends the OAuth 2.0 functionality...
The post Flow Analyzer: help in testing and analyzing OAuth 2.0 Flows appeared first on Penetration Testing Tools.
PHPStan – PHP Static Analysis Tool PHPStan focuses on finding errors in your code without actually running it. It catches whole classes of bugs even before you write tests for the code. It moves...
The post PHPStan: PHP Static Analysis Tool appeared first on Penetration Testing Tools.
What is CTFd? CTFd is a Capture The Flag framework focusing on ease of use and customizability. It comes with everything you need to run a CTF and it’s easy to customize with plugins...
The post CTFd: Capture The Flag framework appeared first on Penetration Testing Tools.
dnSpy dnSpy is a tool to reverse engineer .NET assemblies. It includes a decompiler, a debugger, and an assembly editor (and more) and can be easily extended by writing your extension. It uses dnlib to...
The post dnSpy: .NET assembly editor, decompiler, and debugger appeared first on Penetration Testing Tools.
Janusec Application Gateway Janusec Application Gateway is an application security solution that provides WAF (Web Application Firewall), CC attack defense, a unified web administration portal, private key protection, web routing, and scalable load balancing....
The post janusec: Golang based application security solutions appeared first on Penetration Testing Tools.
