Stifle Nearly a year ago, Jonas Knudsen (@Jonas_B_K) over at SpecterOps published a blog titled “ADCS ESC14 Abuse Technique”, covering a previously known technique for leveraging Active Directory Certificate Services (ADCS) for multiple types...
The post Stifle: .NET Post-Exploitation Utility for Abusing Explicit Certificate Mappings in ADCS appeared first on Penetration Testing Tools.
SRUM-DUMP2 SRUM Dump extracts information from the System Resource Utilization Management Database and creates an Excel spreadsheet. The SRUM is one of the best sources for applications that have run on your system in...
The post SRUM Dump: extracts information from the System Resource Utilization Management Database appeared first on Penetration Testing Tools.
Nebula Nebula is an AI-powered assistant specifically designed for the field of ethical hacking. It provides a unique capability for users to input commands using natural language processing, facilitating a seamless transition from intent...
The post nebula: AI-Powered Ethical Hacking Assistant appeared first on Penetration Testing Tools.
OdinLdr Cobaltstrike UDRL for beacon and post-ex tools. Use NtApi call with synthetic stackframe to confuse EDR based on stackframe detection. Beacon Use BeaconUserData structure to give memory information to beacon and allocate memory...
The post OdinLdr: Cobaltstrike Reflective Loader with Synthetic Stackframe appeared first on Penetration Testing Tools.
pcfg_cracker This project uses machine learning to identify password creation habits of users. A PCFG model is generated by training on a list of disclosed plaintext/cracked passwords. In the context of this project, the...
The post pcfg_cracker: perform research into how humans generate passwords appeared first on Penetration Testing Tools.
Introduction “Forensic Image Analysis is the application of image science and domain expertise to interpret the content of an image and/or the image itself in legal matters. Major subdisciplines of Forensic Image Analysis with...
The post sherloq: open-source digital image forensic toolset appeared first on Penetration Testing Tools.
OWASP OFFAT OWASP OFFAT (OFFensive Api Tester) is created to automatically test API for common vulnerabilities after generating tests from the openapi specification file. It provides the feature to automatically fuzz inputs and use...
The post OFFAT: OFFensive Api Tester appeared first on Penetration Testing Tools.
Invoke-ADEnum Active Directory Enumeration Invoke-ADEnum is an Active Directory enumeration tool designed to automate the process of gathering information from an Active Directory environment, leveraging the capabilities of PowerView. With Invoke-ADEnum, you can quickly...
The post Invoke-ADEnum: Automate Active Directory Enumeration using PowerView appeared first on Penetration Testing Tools.
PortexAnalyzerGUI Graphical interface for PortEx, a Portable Executable and Malware Analysis Library PortEx is a Java library for static malware analysis of Portable Executable files. Its focus is on PE malformation robustness, and anomaly...
The post PortexAnalyzerGUI: Portable Executable and Malware Analysis Library appeared first on Penetration Testing Tools.
Sunder Windows rootkit modeled after Lazarus Group’s FudModule rootkit. Reference this version of Sunder for an example of the appid.sys driver exploit, which was utilized by Lazarus Group FudModule rootkit. Sunder’s vulnerable driver in this GitHub repository...
The post Sunder: Windows rootkit designed to work with BYOVD exploits appeared first on Penetration Testing Tools.
HFish It is a cross-platform honeypot platform developed based on golang, which has been meticulously built for enterprise security Multi-function: Not just support HTTP(S) Pot,It also supports SSH、SFTP、Redis、Mysql、FTP、Telnet、Deep etc. Expansibility: Provide API Interface,Users can expand honeypot module at...
The post HFish: cross platform honeypot platform appeared first on Penetration Testing Tools.
AutoPentest-DRL is an automated penetration testing framework based on Deep Reinforcement Learning (DRL) techniques. The framework determines the most appropriate attack path for a given network and can be used to execute a simulated...
The post AutoPentest-DRL: Automated Penetration Testing Using Deep Reinforcement Learning appeared first on Penetration Testing Tools.
CryptoTester A utility for playing with cryptography, geared toward ransomware analysis. Hex Views All hex views used in CryptoTester offer a few enhanced capabilities. Null bytes are colored a lighter gray Bytes representing ASCII...
The post CryptoTester: utility for playing with cryptography, geared toward ransomware analysis appeared first on Penetration Testing Tools.
WAF-A-MoLE A guided mutation-based fuzzer for ML-based Web Application Firewalls, inspired by AFL and based on the FuzzingBook by Andreas Zeller et al. Given an input SQL injection query, it tries to produce a semantic invariant query that is able...
The post WAF-A-MoLE: guided mutation-based fuzzer for ML-based Web Application Firewalls appeared first on Penetration Testing Tools.
GitAlerts GitHub repositories created under any organization can be controlled by the GitHub administrators. However, any repository created under an organization’s user account is not controllable unless the organization has adopted the GitHub enterprise-managed...
The post git-alerts: detect and monitor GitHub org users’ public repositories for secrets and sensitive files appeared first on Penetration Testing Tools.
HashDB IDA Plugin Malware string hash lookup plugin for IDA Pro. This plugin connects to the OALABS HashDB Lookup Service. Adding New Hash Algorithms The hash algorithm database is open source and new algorithms can...
The post hashdb-ida: Malware string hash lookup plugin for IDA Pro appeared first on Penetration Testing Tools.
Baitroute A web honeypot project that serves realistic, vulnerable-looking endpoints to detect vulnerability scans and mislead attackers by providing false positive results. It can be imported as a library into your project and is...
The post Baitroute: The Web Honeypot That Turns the Tables on Attackers appeared first on Penetration Testing Tools.
APKDeepLens APKDeepLens is a Python-based tool designed to scan Android applications (APK files) for security vulnerabilities. It specifically targets the OWASP Top 10 mobile vulnerabilities, providing an easy and efficient way for developers, penetration...
The post APKDeepLens: scan Android applications for security vulnerabilities appeared first on Penetration Testing Tools.
Mobile Audit MobileAudit – SAST and Malware Analysis for Android Mobile APKs Django Web application for performing Static Analysis and detecting malware in Android APKs. In each of the scans, it would have the following...
The post mobile Audit v3.0 releases: performs SAST and Malware Analysis for Android APKs appeared first on Penetration Testing Tools.
SQLMap Command Generator is a web-based application designed to assist penetration testers and security enthusiasts in generating SQLMap commands with various options for testing SQL injection vulnerabilities. It provides an easy-to-use interface where users...
The post Web-Based SQLMap: Generate Commands, Test SQL Injections appeared first on Penetration Testing Tools.
