VAC kernel-mode bypass Fully working VAC kernel-mode bypass, it makes use of either SSDT hooks or Infinityhook to intercept VAC syscalls and ultimately spoof the results in order to bypass the memory integrity checks....
The post VAC kernel-mode bypass: Fully working kernel-mode VAC bypass appeared first on Penetration Testing Tools.
domain-protect scan Amazon Route53 across an AWS Organization for domain records vulnerable to takeover scan Cloudflare for vulnerable DNS records take over vulnerable subdomains yourself before attackers and bug bounty researchers automatically create known issues in Bugcrowd or HackerOne...
The post domain-protect: prevent subdomain takeover appeared first on Penetration Testing Tools.
CatSniffer CatSniffer (😼) is an original multiprotocol, and multiband board made for sniffing, communicating, and attacking IoT (Internet of Things) devices. It was designed as a highly portable USB stick that integrates the new...
The post CatSniffer: original multiprotocol, and multiband board made for sniffing, communicating, and attacking IoT devices appeared first on Penetration Testing Tools.
EmbedPayloadInPng Embed a payload within a PNG file by splitting the payload across multiple IDAT sections. Each section is encrypted individually using its own 16-byte key with the RC4 encryption algorithm. Implementation This repository consists...
The post EmbedPayloadInPng: Embed a payload inside a PNG file appeared first on Penetration Testing Tools.
Popeye – A Kubernetes Cluster Sanitizer Popeye is a utility that scans live Kubernetes cluster and reports potential issues with deployed resources and configurations. It sanitizes your cluster based on what’s deployed and not...
The post popeye: Kubernetes cluster resource sanitizer appeared first on Penetration Testing Tools.
Bypass Url Parser A tool that tests MANY urls bypasses to reach a 40X protected page. If you wonder why this code is nothing but a dirty curl wrapper, here’s why: Most of the python requests...
The post Bypass Url Parser: tests many url bypasses to reach a 40X protected page appeared first on Penetration Testing Tools.
Penelope Penelope is a shell handler designed to be easy to use and intended to replace netcat when exploiting RCE vulnerabilities. It is compatible with Linux and macOS and requires Python 3.6 or higher....
The post Penelope: A Shell Handler appeared first on Penetration Testing Tools.
bomber bomber is an application that scans SBoMs for security vulnerabilities. Overview So you’ve asked a vendor for an Software Bill of Materials (SBOM) for one of their products, and they provided one to...
The post bomber: Scans Software Bill of Materials (SBOM) for security vulnerabilities appeared first on Penetration Testing Tools.
gost – GO Simple Tunnel Features Listening on multiple ports Multi-level forward proxies – proxy chain Standard HTTP/HTTPS/HTTP2/SOCKS4(A)/SOCKS5 proxy protocols support Probing resistance support for web proxy TLS encryption via negotiation support for SOCKS5...
The post gost: GO Simple Tunnel appeared first on Penetration Testing Tools.
DNS Reaper DNS Reaper is yet another subdomain takeover tool, but with an emphasis on accuracy, speed, and the number of signatures in our arsenal! We can scan around 50 subdomains per second, testing...
The post dnsReaper: subdomain takeover tool for attackers, bug bounty hunters and the blue team appeared first on Penetration Testing Tools.
Secure Stager This project demonstrates an x64 position-independent stager that verifies the stage it downloads prior to executing it. This offers a safeguard against man-in-the-middle attacks for those who are concerned about such things....
The post Secure Stager: An x64 position-independent shellcode stager appeared first on Penetration Testing Tools.
FISSURE – The RF Framework Frequency Independent SDR-based Signal Understanding and Reverse Engineering FISSURE is an open-source RF and reverses engineering framework designed for all skill levels with hooks for signal detection and classification,...
The post FISSURE: Frequency Independent SDR-based Signal Understanding and Reverse Engineering appeared first on Penetration Testing Tools.
vulnhuntr Vulnhuntr leverages the power of LLMs to automatically create and analyze entire code call chains starting from remote user input and ending at server output for detection of complex, multi-step, security-bypassing vulnerabilities that...
The post vulnhuntr: A tool to identify remotely exploitable vulnerabilities appeared first on Penetration Testing Tools.
kubeaudit kubeaudit is a command-line tool and a Go package to audit Kubernetes clusters for various different security concerns, such as: run as non-root use a read-only root filesystem drop scary capabilities, don’t add new...
The post kubeaudit: audit Kubernetes clusters for various different security concerns appeared first on Penetration Testing Tools.
GraphQL Cop – Security Audit Utility for GraphQL GraphQL Cop is a small Python utility to run common security tests against GraphQL APIs. GraphQL Cop is perfect for running CI/CD checks in GraphQL. It...
The post GraphQL Cop: Security Audit Utility for GraphQL appeared first on Penetration Testing Tools.
Ghost Ghost is a shellcode loader project designed to bypass multiple detection capabilities that are usually implemented by an EDR Detection 1 – kernel callbacks kernel callbacks are implemented by an EDR to harness...
The post Ghost: Evasive shellcode loader appeared first on Penetration Testing Tools.
ADcheck Assess the security of your Active Directory with few or all privileges. This tool offers functionalities similar to PingCastle, ORADAD, or even PurpleKnight (with some bonuses). ADcheck is developed in pure Python to bypass operating system...
The post ADcheck: Assess the security of your Active Directory appeared first on Penetration Testing Tools.
diskover diskover is an open-source file system indexer that uses Elasticsearch to index and manage data across heterogeneous storage systems. Using diskover, you are able to more effectively search and organize files, and system...
The post diskover: File system crawler, storage search engine and analytics appeared first on Penetration Testing Tools.
Scrapling: Lightning-Fast, Adaptive Web Scraping for Python Scrapling is a high-performance, intelligent web scraping library for Python that automatically adapts to website changes while significantly outperforming popular alternatives. Whether you’re a beginner or an...
The post Scrapling: Fast, Adaptive Web Scraping for Python appeared first on Penetration Testing Tools.
kubesec Security risk analysis for Kubernetes resources Download Kubesec is available as a: Docker container image at docker.io/kubesec/kubesec:v2 Linux/MacOS/Win binary (get the latest release) Kubernetes Admission Controller Kubectl plugin Or install the latest commit from...
The post kubesec: Security risk analysis for Kubernetes resources appeared first on Penetration Testing Tools.
