Argus This repo contains the code for our USENIX Security ’23 paper “ARGUS: A Framework for Staged Static Taint Analysis of GitHub Workflows and Actions”. Argus is a comprehensive security analysis tool specifically designed...
The post Argus: A Framework for Staged Static Taint Analysis of GitHub Workflows and Actions appeared first on Penetration Testing Tools.
ParaForge ParaForge is a simple Burp Suite extension to extract the parameters and endpoints from the request to create a custom wordlist for fuzzing and enumeration. This is just a simple extension for easy...
The post ParaForge: Burp Suite extension to extract the parameters and endpoints from the request appeared first on Penetration Testing Tools.
Flopz – Firmware Liberation on Python Flopz is an assembler toolkit written in pure python. Use it to: Create shellcode for embedded systems Dynamically patch large collections of binaries Instrument firmware images, for debugging...
The post Flopz: Firmware Liberation on Python appeared first on Penetration Testing Tools.
FullBypass A tool that bypasses AMSI (AntiMalware Scan Interface) and PowerShell CLM (Constrained Language Mode) and gives you a FullLanguage PowerShell reverse shell. Usage: First, Download the bypass.csproj file into the victim machine (Find...
The post FullBypass: bypasses AMSI (AntiMalware Scan Interface) and PowerShell CLM (Constrained Language Mode) appeared first on Penetration Testing Tools.
CloudRecon CloudRecon is a suite of tools for red teamers and bug hunters to find ephemeral and development assets in their campaigns and hunts. Often, target organizations stand up cloud infrastructure that is not...
The post CloudRecon: a suite of tools for red teamers and bug hunters appeared first on Penetration Testing Tools.
Session Hijacking Visual Exploitation Session Hijacking Visual Exploitation is a tool that allows for the hijacking of user sessions by injecting malicious JavaScript code. Installation Prerequisites To run Session Hijacking Visual Exploitation, you will...
The post Exploiting Sessions: Visual JavaScript Hijack Tool appeared first on Penetration Testing Tools.
NovaLdr NovaLdr is a Threadless Module Stomping written in Rust, designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve...
The post NovaLdr: Threadless Module Stomping In Rust appeared first on Penetration Testing Tools.
CrimsonEDR CrimsonEDR is an open-source project engineered to identify specific malware patterns, offering a tool for honing skills in circumventing Endpoint Detection and Response (EDR). By leveraging diverse detection methods, it empowers users to...
The post Bypass EDR Detection with CrimsonEDR appeared first on Penetration Testing Tools.
DotDumper An automatic unpacker and logger for DotNet Framework targeting files! This tool has been unveiled at Black Hat USA 2022. The automatic detection and classification of any given file in a reliable manner is...
The post DotDumper: automatic unpacker and logger for DotNet Framework targeting files appeared first on Penetration Testing Tools.
UAC-BOF-Bonanza This repository serves as a collection of public UAC bypass techniques that have been weaponized as BOFs. A single module that integrates all techniques has been provided to use the BOFs via the...
The post UAC-BOF-Bonanza: Collection of UAC Bypass Techniques Weaponized as BOFs appeared first on Penetration Testing Tools.
Uscrapper Introducing Uscrapper 2.0, A powerful OSINT web scrapper that allows users to extract various personal information from a website. It leverages web scraping techniques and regular expressions to extract email addresses, social media...
The post Uscrapper: powerful OSINT webscraper for personal data collection appeared first on Penetration Testing Tools.
InflativeLoading Background Converting an exe to shellcode is one of my goals, in this way, some security tools like Mimikatz can be used with more flexibility. Though some tools like Donut already achieved it, I still...
The post InflativeLoading: Dynamically convert a native EXE to PIC shellcode appeared first on Penetration Testing Tools.
IOCTLance Presented at CODE BLUE 2023, this project titled Enhanced Vulnerability Hunting in WDM Drivers with Symbolic Execution and Taint Analysis introduces IOCTLance, a tool that enhances its capacity to detect various vulnerability types in Windows Driver...
The post ioctlance: detect various vulnerability types in Windows Driver Model (WDM) drivers appeared first on Penetration Testing Tools.
The Ars0n Framework The Ars0n Framework is designed to provide aspiring Application Security Engineers with all the tools they need to leverage Bug Bounty hunting as a means to learn valuable, real-world AppSec concepts...
The post The Ars0n Framework: A Modern, Agile Framework for Bug Bounty Hunting on Kali Linux appeared first on Penetration Testing Tools.
ADOKit Azure DevOps Services Attack Toolkit – ADOKit is a toolkit that can be used to attack Azure DevOps Services by taking advantage of the available REST API. The tool allows the user to...
The post ADOKit: Azure DevOps Services Attack Toolkit appeared first on Penetration Testing Tools.
D3m0n1z3dShell Demonized Shell is an Advanced Tool for persistence in Linux. Demonized Features Auto Generate SSH keypair for all users APT Persistence Crontab Persistence Systemd User level Systemd Root Level Bashrc Persistence Privileged user...
The post D3m0n1z3dShell: Advanced Tool for persistence in Linux appeared first on Penetration Testing Tools.
Sucosh Scanny “Sucosh” is an automated Source Code vulnerability scanner(SAST) and assessment framework for Python(Flask-Django) & NodeJs capable of performing code review in Web Application Developing or Source Code Analysis processes. It can detect...
The post SucoshScanny: automated Source Code vulnerability scanner and assessment framework appeared first on Penetration Testing Tools.
avred AntiVirus REDucer for AntiVirus REDteaming. Avred is being used to identify which parts of a file are identified by an Antivirus and tries to show as much possible information and context about each...
The post avred: AntiVirus REDucer for AntiVirus REDteaming appeared first on Penetration Testing Tools.
Docker Remote API Scanner and Exploit This repository contains a Docker Remote API Scanner and Exploit tool designed for educational and research purposes. It enables users to perform security assessments and experiments related to...
The post DockerExploit: Docker Remote API Scanner and Exploit appeared first on Penetration Testing Tools.
CLZero A project for fuzzing HTTP/1.1 CL.0 Request Smuggling Attack Vectors. Inspired by the tool Smuggler all attack gadgets adapted from Smuggler and https://portswigger.net/research/how-to-turn-security-research-into-profit CL.0 Identification method The first request will be the “base” request. This is...
The post CLZero: fuzzing HTTP/1.1 CL.0 Request Smuggling Attack Vectors appeared first on Penetration Testing Tools.
