EDRSilencer Inspired by the closed-source FireBlock tool FireBlock from MdSec NightHawk, I created my version. This tool was created to block the outbound traffic of running EDR processes using Windows Filtering Platform (WFP) APIs....
The post EDRSilencer: uses WFP to block EDR agents from reporting security events to the server appeared first on Penetration Testing Tools.
Web Application Firewall (WAF) Comparison Project This project repository contains testing datasets and tools to compare WAF efficacy in the two most important categories: Security Coverage (True Positive Rate) – measures the WAF’s ability...
The post Web Application Firewall (WAF) Comparison Project appeared first on Penetration Testing Tools.
pmkidcracker This program is a tool written in Python to recover the pre-shared key of a WPA2 WiFi network without any de-authentication or requiring any clients to be on the network. It targets the...
The post pmkidcracker: crack WPA2 passphrase with PMKID value without clients or de-authentication appeared first on Penetration Testing Tools.
WebCopilot WebCopilot is an automation tool designed to enumerate subdomains of the target and detect vulnerabilities using different open-source tools. The script first enumerates all the subdomains of the given target domain using assetfinder,...
The post webcopilot: enumerate subdomains of the target and detect vulnerabilities appeared first on Penetration Testing Tools.
IMDShift AWS workloads that rely on the metadata endpoint are vulnerable to Server-Side Request Forgery (SSRF) attacks. IMDShift automates the migration process of all workloads to IMDSv2 with extensive capabilities, which implements enhanced security...
The post IMDShift: Prevent SSRF attacks on AWS EC2 appeared first on Penetration Testing Tools.
SSH-Snake: Automated SSH-Based Network Traversal SSH-Snake is a powerful tool designed to perform automatic network traversal using SSH private keys discovered on systems, to create a comprehensive map of a network and its dependencies,...
The post SSH-Snake: Automated SSH-Based Network Traversal appeared first on Penetration Testing Tools.
OSINTBuddy Welcome to the OSINTBuddy project where you can connect, combine, and get insights from unstructured and public data as results that can be explored step-by-step. An easy-to-use plugin system allows any Python developer...
The post osintbuddy: Node graphs, OSINT data mining, and plugins appeared first on Penetration Testing Tools.
BucketLoot BucketLoot is an automated S3-compatible Bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning...
The post BucketLoot: an automated S3-compatible bucket inspector appeared first on Penetration Testing Tools.
CloudPrivs CloudPrivs is a tool that leverages the existing power of SDKs like Boto3 to brute force privileges of all cloud services to determine what privileges exist for a given set of credentials. This...
The post CloudPrivs: Determine privileges from cloud credentials appeared first on Penetration Testing Tools.
EmploLeaks This is a tool designed for Open Source Intelligence (OSINT) purposes, which helps to gather information about employees of a company. 🚀 How it Works The tool starts by searching through LinkedIn to...
The post emploleaks: OSINT tool that helps detect members of a company with leaked credentials appeared first on Penetration Testing Tools.
ebpfmon ebpfmon is a tool for monitoring eBPF programs. It is designed to be used with bpftool from the Linux kernel. ebpfmon is a TUI (terminal UI) application written in Go that allows you to do real-time...
The post ebpfmon: tool for monitoring eBPF programs appeared first on Penetration Testing Tools.
airgorah Airgorah is a WiFi auditing software that can discover the clients connected to an access point, perform deauthentication attacks against specific clients or all the clients connected to it, capture WPA handshakes, and crack...
The post airgorah: A WiFi auditing software that can perform deauth attacks and passwords cracking appeared first on Penetration Testing Tools.
OFRAK OFRAK (Open Firmware Reverse Analysis Konsole) is a binary analysis and modification platform. OFRAK combines the ability to: Identify and Unpack many binary formats Analyze unpacked binaries with field-tested reverse engineering tools Modify and Repack binaries with powerful patching strategies...
The post Open Firmware Reverse Analysis Konsole: binary analysis and modification platform appeared first on Penetration Testing Tools.
EscalateGPT A powerful Python tool that leverages the power of OpenAI to analyze AWS IAM misconfigurations. Features 🛠️ EscalateGPT is a Python tool to identify IAM policy issues and enhance Tenable Cloud Security 💻 EscalateGPT retrieves...
The post EscalateGPT: leverages the power of OpenAI to analyze AWS IAM misconfigurations appeared first on Penetration Testing Tools.
sharem SHAREM is intended to be the ultimate Windows shellcode tool, with support to emulate over 12,000 WinAPIs, virtually all user-mode Windows syscalls, and SHAREM provides numerous new features. SHAREM was released on September...
The post sharem: ultimate Windows shellcode tool appeared first on Penetration Testing Tools.
Process Stomping A variation of ProcessOverwriting to execute shellcode on an executable’s section What is it Process Stomping, is a variation of hasherezade’s Process Overwriting and it has the advantage of writing a shellcode payload on...
The post Process Stomping: execute shellcode on an executable’s section appeared first on Penetration Testing Tools.
PurpleOps PurpleOps is a free, open-source web app to track Purple Team assessments. Create assessments aligned with MITRE ATT&CK, leveraging data from sources like Atomic Red Team and SIGMA. Centralise blue and red team...
The post PurpleOps: open-source self-hosted purple team management web application appeared first on Penetration Testing Tools.
What is BinAbsInspector? BinAbsInspector (Binary Abstract Inspector) is a static analyzer for automated reverse engineering and scanning vulnerabilities in binaries, which is a long-term research project incubated at Keenlab. It is based on abstract interpretation...
The post BinAbsInspector: Vulnerability Scanner for Binaries appeared first on Penetration Testing Tools.
Invoke-SessionHunter Retrieve and display information about active user sessions on remote computers. No admin privileges are required. The tool leverages the remote registry service to query the HKEY_USERS registry hive on the remote computers....
The post Invoke-SessionHunter: Retrieve & display information about active user sessions on remote computers appeared first on Penetration Testing Tools.
shortscan Shortscan is designed to quickly determine which files with short filenames exist on an IIS webserver. Once a short filename has been identified the tool will try to automatically identify the full filename....
The post shortscan: An IIS short filename enumeration tool appeared first on Penetration Testing Tools.
