GraphStrike GraphStrike is a suite of tools that enables Cobalt Strike’s HTTPS Beacon to use Microsoft Graph API for C2 communications. All Beacon traffic will be transmitted via two files created in the attacker’s SharePoint site,...
The post GraphStrike: Cobalt Strike HTTPS beaconing over Microsoft Graph API appeared first on Penetration Testing Tools.
Daksh SCRA (Source Code Review Assist) Daksh SCRA (Source Code Review Assist) tool is built to enhance the efficiency of the source code review process, providing a well-structured and organized approach for code reviewers....
The post DakshSCRA: Source Code Review Assist appeared first on Penetration Testing Tools.
HBSQLI: Automated Tester For Header-Based Blind SQL Injection HBSQLI is an automated command-line tool for performing Header Based Blind SQL injection attacks on web applications. It automates the process of detecting Header Based Blind...
The post HBSQLI: Automated Tool for Testing Header Based Blind SQL Injection appeared first on Penetration Testing Tools.
Ingram This is a webcam device vulnerability scanning tool, that already supports Hikvision, Dahua, and other devices. Installation Firstly, clone this repo: git clone https://github.com/jorhelp/Ingram.git Then, go to the repo dir, create a virtual...
The post Ingram: webcam device vulnerability scanning tool appeared first on Penetration Testing Tools.
NucleiFuzzer = Nuclei + Paramspider NucleiFuzzer is an advanced automation tool designed to streamline and optimize web application security testing by integrating a suite of powerful URL discovery and vulnerability scanning tools. It combines...
The post NucleiFuzzer: a powerful automation tool for detecting xss, sqli, ssrf, open-redirect vulnerabilities in webapps appeared first on Penetration Testing Tools.
TInjA – the Template INJection Analyzer TInjA is a CLI tool for testing web pages for template injection vulnerabilities. It supports 44 of the most relevant template engines (as of September 2023) for eight different programming languages. Features...
The post TInjA: CLI tool for testing web pages for template injection vulnerabilities appeared first on Penetration Testing Tools.
cyberbro This project aims to provide a simple and efficient way to check the reputation of your observables using multiple services, without having to deploy a complex solution. Features Effortless Input Handling: Paste raw logs, IoCs,...
The post Cyberbro: Simplify IoC Analysis, Get CTI Insights appeared first on Penetration Testing Tools.
KrbRelayEx-RPC Kerberos Relay and Forwarder for (Fake) RPC/DCOM MiTM Server KrbRelayEx-RPC is a tool similar to my KrbRelayEx designed for performing Man-in-the-Middle (MitM) attacks by relaying Kerberos AP-REQ tickets. This version implements a fake RPC/DCOM server:...
The post KrbRelayEx-RPC: Kerberos Relay and Forwarder for (Fake) RPC/DCOM MiTM Server appeared first on Penetration Testing Tools.
YATAS – Yet Another Testing & Auditing Solution The goal of YATAS is to help you create a secure AWS environment without too much hassle. It won’t check for all best practices but only...
The post yatas: audit AWS/GCP infrastructure for misconfiguration or potential security issues appeared first on Penetration Testing Tools.
GPT_Vuln-analyzer This is a Proof Of Concept application that demonstrates how AI can be used to generate accurate results for vulnerability analysis and also allows further utilization of the already super useful ChatGPT made...
The post GPT_Vuln-analyzer: create vulnerability reports via ChatGPT API, Python-Nmap, DNS Recon modules appeared first on Penetration Testing Tools.
JSpector JSpector is a Burp Suite extension that passively crawls JavaScript files and automatically creates issues with URLs and endpoints found on the JS files. Prerequisites Before installing JSpector, you need to have Jython...
The post JSpector: crawl JavaScript (JS) files in passive mode appeared first on Penetration Testing Tools.
LitterBox Your malware’s favorite sandbox – where red teamers come to bury their payloads. A sandbox environment designed specifically for malware development and payload testing. This Web Application enables red teamers to validate evasion...
The post LitterBox: sandbox approach for malware developers and red teamers appeared first on Penetration Testing Tools.
psudohash Psudohash is a password list generator for orchestrating brute force attacks and cracking hashes. It imitates certain password creation patterns commonly used by humans, like substituting a word’s letters with symbols or numbers...
The post psudohash: Generates millions of keyword-based password mutations in seconds appeared first on Penetration Testing Tools.
web-check Get an insight into the inner workings of a given website: uncover potential attack vectors, analyse server architecture, view security configurations, and learn what technologies a site is using. Currently, the dashboard will...
The post web-check: All-in-one OSINT tool for analysing any website appeared first on Penetration Testing Tools.
Callisto An Intelligent Automated Binary Vulnerability Analysis Tool Callisto is an intelligent automated binary vulnerability analysis tool. Its purpose is to autonomously decompile a provided binary and iterate through the pseudo code output looking...
The post Callisto: An Intelligent Binary Vulnerability Analysis Tool appeared first on Penetration Testing Tools.
SMShell PoC for an SMS-based shell. Send commands and receive responses over SMS from mobile broadband-capable computers. This tool came as an inspiration during research on eSIM security implications led by Markus Vervier, presented...
The post SMShell: PoC for a SMS-based shell appeared first on Penetration Testing Tools.
goLAPS Retrieve LAPS passwords from a domain. The tools is inspired in pyLAPS. This project was just a personal excuse to learn Golang. Capabilities It can get all LAPS passwords from a domain controler using...
The post goLAPS: Retrieve LAPS passwords from a domain appeared first on Penetration Testing Tools.
What is ShadowClone? ShadowClone is designed to delegate time-consuming tasks to the cloud by distributing the input data to multiple serverless functions (AWS Lambda, Azure Functions, etc.) and running the tasks in parallel resulting...
The post ShadowClone: Boost Your Pentesting Performance in Seconds appeared first on Penetration Testing Tools.
GCP Scanner This is a GCP resource scanner that can help determine what level of access certain credentials possess on GCP. The scanner is designed to help security engineers evaluate the impact of a...
The post GCP Scanner: A comprehensive scanner for Google Cloud appeared first on Penetration Testing Tools.
RogueSliver A suite of tools to disrupt campaigns using the Sliver C2 framework. This tool, its uses, and how it was created will be covered in depth on ACEResponder.com This tool is for educational purposes...
The post RogueSliver: disrupt campaigns using the Sliver C2 framework appeared first on Penetration Testing Tools.
