More results...
Metlo is an open-source API security platform. Metlo is an open source API security tool you can setup in < 15 minutes that inventories your endpoints, detects bad actors and blocks malicious traffic in real time. There are three ways to get started with Metlo. Metlo Cloud, Metlo Self Hosted, and our Open Source product. […]
Nimbo-C2 is yet another (simple and lightweight) C2 framework. Nimbo-C2 agent supports x64 Windows & Linux. It’s written in Nim, with some usage of .NET on Windows (by dynamically loading the CLR to the process). Nim is powerful, but interacting with Windows is much easier and robust using Powershell, hence this combination is made. The […]
NTLMRecon is a tool for performing light brute-forcing of HTTP servers to identify commonly accessible NTLM authentication endpoints. NTLMRecon is a Golang version of the original NTLMRecon utility written by Sachin Kamath (AKA pwnfoo). NTLMRecon can be leveraged to perform brute forcing against a targeted webserver to identify common application endpoints supporting NTLM authentication. This […]
Fuzztruction is an academic prototype of a fuzzer that does not directly mutate inputs (as most fuzzers do) but instead uses a so-called generator application to produce an input for our fuzzing target. As programs generating data usually produce the correct representation, our fuzzer mutates the generator program (by injecting faults), such that the data […]
FirebaseExploiter is a vulnerability discovery tool that discovers Firebase Database which are open and can be exploitable. Primarily built for mass hunting bug bounties and for penetration testing. Features Usage This will display help for the CLI tool. Here are all the required arguments it supports. Installation FirebaseExploiter was built using go1.19. Make sure you […]
Bearer is a Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks. Bearer CLI is a static application security testing (SAST) tool that scans your source code and analyzes your data flows to discover, filter and prioritize security and privacy risks. Currently supporting JavaScript, TypeScript and Ruby stacks.???? Java support […]
hardCIDR is a Linux Bash script, but also functions under macOS. Your mileage may vary on other distros. The script with no specified options will query ARIN and a pool of BGP route servers. The route server is selected at random at runtime. A Linux Bash script to discover the netblocks, or ranges, (in CIDR […]
PhoneSploit with Metasploit Integration An all-in-one hacking tool written in Python to remotely exploit Android devices using ADB (Android Debug Bridge) and Metasploit-Framework. Complete Automation to get a Meterpreter session in One Click This tool can automatically Create, Install, and Run payload on the target device using Metasploit-Framework and ADB to completely hack the Android […]
KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems. It scans both runtime K8s clusters and CI/CD pipelines for enhanced software supply […]
auditpolCIS is a CIS Benchmark testing of Windows SIEM configuration. This is an application for testing the configuration of Windows Audit Policy settings against the CIS Benchmark recommended settings. A few points: The automated assessment results from AuditpolCIS, as it’s based on CIS Benchmarks, helps in the support of meeting audit requirements for a number […]