The Ars0n Framework The Ars0n Framework is designed to provide aspiring Application Security Engineers with all the tools they need to leverage Bug Bounty hunting as a means to learn valuable, real-world AppSec concepts...
The post The Ars0n Framework: A Modern, Agile Framework for Bug Bounty Hunting on Kali Linux appeared first on Penetration Testing Tools.
ADOKit Azure DevOps Services Attack Toolkit – ADOKit is a toolkit that can be used to attack Azure DevOps Services by taking advantage of the available REST API. The tool allows the user to...
The post ADOKit: Azure DevOps Services Attack Toolkit appeared first on Penetration Testing Tools.
D3m0n1z3dShell Demonized Shell is an Advanced Tool for persistence in Linux. Demonized Features Auto Generate SSH keypair for all users APT Persistence Crontab Persistence Systemd User level Systemd Root Level Bashrc Persistence Privileged user...
The post D3m0n1z3dShell: Advanced Tool for persistence in Linux appeared first on Penetration Testing Tools.
Sucosh Scanny “Sucosh” is an automated Source Code vulnerability scanner(SAST) and assessment framework for Python(Flask-Django) & NodeJs capable of performing code review in Web Application Developing or Source Code Analysis processes. It can detect...
The post SucoshScanny: automated Source Code vulnerability scanner and assessment framework appeared first on Penetration Testing Tools.
avred AntiVirus REDucer for AntiVirus REDteaming. Avred is being used to identify which parts of a file are identified by an Antivirus and tries to show as much possible information and context about each...
The post avred: AntiVirus REDucer for AntiVirus REDteaming appeared first on Penetration Testing Tools.
Docker Remote API Scanner and Exploit This repository contains a Docker Remote API Scanner and Exploit tool designed for educational and research purposes. It enables users to perform security assessments and experiments related to...
The post DockerExploit: Docker Remote API Scanner and Exploit appeared first on Penetration Testing Tools.
CLZero A project for fuzzing HTTP/1.1 CL.0 Request Smuggling Attack Vectors. Inspired by the tool Smuggler all attack gadgets adapted from Smuggler and https://portswigger.net/research/how-to-turn-security-research-into-profit CL.0 Identification method The first request will be the “base” request. This is...
The post CLZero: fuzzing HTTP/1.1 CL.0 Request Smuggling Attack Vectors appeared first on Penetration Testing Tools.
skytrack skytrack is a command-line-based plane spotting and aircraft OSINT reconnaissance tool made using Python. It can gather aircraft information using various data sources, generate a PDF report for a specified aircraft, and convert...
The post skytrack: A planespotting and aircraft OSINT tool appeared first on Penetration Testing Tools.
BugChecker BugChecker is a SoftICE-like kernel and user debugger for Windows 11 (and Windows XP as well: it supports Windows versions from XP to 11, both x86 and x64). BugChecker doesn’t require a second machine...
The post BugChecker: kernel and user debugger for Windows 11 appeared first on Penetration Testing Tools.
r4ven The tool hosts a fake website that uses an iframe to display a legit website and, if the target allows it, it will fetch the Gps location (latitude and longitude) of the target,...
The post r4ven: Track the IP address and GPS location of the user’s smartphone or PC and capture a picture of the target appeared first on Penetration Testing Tools.
Maldev Academy – RemoteTLSCallbackInjection This method utilizes TLS callbacks to execute a payload without spawning any threads in a remote process. This method is inspired by Threadless Injection as RemoteTLSCallbackInjection does not invoke any API calls...
The post RemoteTLSCallbackInjection: execute a payload without spawning any threads in a remote process appeared first on Penetration Testing Tools.
Best EDR Of The Market (BEOTM) BestEDROfTheMarket is a naive user-mode EDR (Endpoint Detection and Response) project, designed to serve as a testing ground for understanding and bypassing EDR’s user-mode detection methods that are...
The post BestEdrOfTheMarket: Little AV/EDR bypassing lab for training & learning purposes appeared first on Penetration Testing Tools.
AntiSquat AntiSquat leverages AI techniques such as natural language processing (NLP), large language models (ChatGPT) and more to empower detection of typosquatting and phishing domains. What sets AntiSquat apart Large Language Model / ChatGPT...
The post antisquat: An AI-Powered Phishing Domain Finder appeared first on Penetration Testing Tools.
SOAPHound SOAPHound is a .NET data collector tool, which collects Active Directory data via the Active Directory Web Services (ADWS) protocol. SOAPHound is an alternative to several open-source security tools that are commonly used...
The post SOAPHound: enumerate Active Directory environments via ADWS protocol appeared first on Penetration Testing Tools.
AngryOxide AngryOxide was developed as a way to learn Rust, netlink, kernel sockets, and WiFi exploitation all at once. The overall goal of this tool is to provide a single-interface survey capability with advanced...
The post AngryOxide: 802.11 Attack Tool appeared first on Penetration Testing Tools.
Cookie-Monster Steal browser cookies for Edge, Chrome, and Firefox through a BOF or exe! Cookie-Monster will extract the WebKit master key, locate a browser process with a handle to the Cookies and Login Data...
The post Cookie-Monster: BOF to steal browser cookies & credentials appeared first on Penetration Testing Tools.
LOLSpoof LOLSpoof is an interactive shell program that automatically spoofs the command line arguments of the spawned process. Just call your incriminate-looking command line LOLBin (e.g. powershell -w hidden -enc ZwBlAHQALQBwAHIAbwBjAGUA….) and LOLSpoof will...
The post LOLSpoof: An interactive shell to spoof some LOLBins command line appeared first on Penetration Testing Tools.
Frameless BITB A new approach to Browser In The Browser (BITB) without the use of iframes, allows the bypass of traditional framebusters implemented by login pages like Microsoft. This POC code is built for...
The post Bypassing Microsoft Login Pages: Frameless BITB’s Innovative Approach appeared first on Penetration Testing Tools.
FindFunc: Advanced Filtering/Finding of Functions in IDA PRO FindFunc is an IDA PRO plugin to find code functions that contain a certain assembly or byte pattern, reference a certain name or string, or conform...
The post FindFunc: IDA PRO plugin to find code functions appeared first on Penetration Testing Tools.
AD-AssessmentKit These tools are ideal for network administrators and cybersecurity professionals seeking to assess and enhance the security posture of AD environments and network infrastructures. AD-SecurityAudit.sh It focuses on initial reconnaissance and vulnerability identification...
The post AD-AssessmentKit: comprehensive security audits and network mapping of AD environments appeared first on Penetration Testing Tools.
