PEnetration TEsting Proxy PETEP (PEnetration TEsting Proxy) is an open-source Java application for creating proxies for traffic analysis & modification. The main goal of PETEP is to provide a useful tool for performing penetration tests...
The post PEnetration TEsting Proxy: open-source Java application for traffic analysis & modification appeared first on Penetration Testing Tools.
C2 Tracker Free to use IOC feed for various tools/malware. It started for just C2 tools but has morphed into tracking infostealers and botnets as well. It uses Shodan searches to collect the IPs....
The post C2 Tracker: Live Feed of C2 servers, tools, and botnets appeared first on Penetration Testing Tools.
MELEE: A Tool to Detect Ransomware Infections in MySQL Instances Attackers are abusing MySQL instances for conducting nefarious operations on the Internet. The cybercriminals are targeting exposed MySQL instances and triggering infections at scale...
The post melee: Detect Infections in MySQL Instances appeared first on Penetration Testing Tools.
BadZure BadZure is a PowerShell script that leverages the Microsoft Graph SDK to orchestrate the setup of Azure Active Directory tenants, populating them with diverse entities while also introducing common security misconfigurations to create...
The post BadZure: orchestrate the setup of Azure Active Directory tenants appeared first on Penetration Testing Tools.
AttackGen AttackGen is a cybersecurity incident response testing tool that leverages the power of large language models and the comprehensive MITRE ATT&CK framework. The tool generates tailored incident response scenarios based on user-selected threat...
The post attackgen: A cybersecurity incident response testing tool appeared first on Penetration Testing Tools.
IMDSPOOF IMDSPOOF is a cyber deception tool that spoofs an AWS IMDS service. One way that attackers can escalate privileges or move laterally in a cloud environment is by retrieving AWS Access keys from...
The post IMDSpoof: a cyber deception tool that spoofs an AWS IMDS service appeared first on Penetration Testing Tools.
What is PsMapExec A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec. PsMapExec is...
The post PsMapExec: Active Directory post-exploitation tool appeared first on Penetration Testing Tools.
What is Minder? Minder by Stacklok is an open-source platform that helps development teams and open-source communities build more secure software, and prove to others that what they’ve built is secure. Minder helps project owners...
The post minder: Software Supply Chain Security Platform appeared first on Penetration Testing Tools.
VulFi The VulFi (Vulnerability Finder) tool is a plugin to IDA Pro which can be used to assist during bug hunting in binaries. Its main objective is to provide a single view with all...
The post VulFi: IDA Pro plugin to assist during bug hunting in binaries appeared first on Penetration Testing Tools.
HEDnsExtractor A suite for hunting suspicious targets, exposing domains, and phishing discovery Features Implementing workflows with yaml 🔥 Adds support to work with multiple domains as target 🔥 Regex support VirusTotal Integration Adds support...
The post HEDnsExtractor: A suite for hunting suspicious targets, expose domains and phishing discovery appeared first on Penetration Testing Tools.
SmuggleFuzz SmuggleFuzz is designed to assist in identifying HTTP downgrade attack vectors. Its standout feature is not just the time-based detection or request handling, but the detailed response information it provides. This empowers users...
The post SmuggleFuzz: HTTP/2 based downgrade and smuggle scanner appeared first on Penetration Testing Tools.
PoolParty A collection of fully-undetectable process injection techniques abusing Windows Thread Pools. Presented at Black Hat EU 2023 Briefings under the title – The Pool Party You Will Never Forget: New Process Injection Techniques Using...
The post PoolParty: A set of fully-undetectable process injection techniques appeared first on Penetration Testing Tools.
Logsensor A Powerful Sensor Tool to discover login panels, and POST Form SQLi Scanning Features login panel Scanning for multiple hosts Proxy compatibility (http, https) Login panel scanning is done in multiprocessing Installation git...
The post Logsensor: discover login panels, and POST Form SQLi Scanning appeared first on Penetration Testing Tools.
EvilSlackbot A Slack Attack Framework for conducting Red Team and phishing exercises within Slack workspaces. Background Thousands of organizations utilize Slack to help their employees communicate, collaborate, and interact. Many of these Slack workspaces...
The post EvilSlackbot: A Slack bot phishing framework for Red Teaming exercises appeared first on Penetration Testing Tools.
OpenGFW OpenGFW is a flexible, easy-to-use, open-source implementation of GFW on Linux that’s in many ways more powerful than the real thing. It’s cyber sovereignty you can have on a home router. Features Full IP/TCP...
The post OpenGFW: flexible, open-source implementation of Great Firewall on Linux appeared first on Penetration Testing Tools.
LDAPWordlistHarvester A tool to generate a wordlist from the information present in LDAP, in order to crack non-random passwords of domain accounts. Features The bigger the domain is, the better the wordlist will be....
The post LDAPWordlistHarvester: generate a wordlist from the information present in LDAP appeared first on Penetration Testing Tools.
OpenArk OpenArk is an open-source anti-rootkit (ARK) tool for Windows. Ark is an Anti-Rootkit abbreviated, it aims at reversing/programming helper, and also users can find hidden malwares in the OS. More and more powerful...
The post OpenArk: Next Generation of Anti-Rootkit(ARK) tool for Windows appeared first on Penetration Testing Tools.
Bugsy Bugsy is a command-line interface (CLI) tool that provides automatic security vulnerability remediation for your code. It is the community edition version of Mobb, the first vendor-agnostic automated security vulnerability remediation tool. Bugsy is...
The post bugsy: CLI tool that provides automatic security vulnerability remediation for your code appeared first on Penetration Testing Tools.
JADXecute JADXecute is a plugin for JADX that enhances its functionality by adding Dynamic Code Execution abilities. With JADXecute, you can dynamically run Java code to modify or print components of the jadx-gui output. JADXecute is inspired by IDAPython to help and aims to...
The post JADXecute: JADX-gui scripting plugin for dynamic decompiler manipulation appeared first on Penetration Testing Tools.
CHOMTE.SH CHOMTE.SH is a versatile framework designed for automating reconnaissance tasks in penetration testing. It’s useful for bug bounty hunters and penetration testers in both internal and external network engagements. Its key features include...
The post chomtesh: automate reconnaissance tasks during penetration testing appeared first on Penetration Testing Tools.
