Bearer Bearer is a static application security testing (SAST) tool that scans your source code and analyzes your data flows to discover, filter and prioritize security risks and vulnerabilities leading to sensitive data exposures (PII, PHI, PD). We...
The post Bearer: finds risks and vulnerabilities in your code appeared first on Penetration Testing Tools.
PyCript The Pycript extension for Burp Suite is a valuable tool for penetration testing and security professionals. It enables easy encryption and decryption of requests during testing, which can help evade detection and bypass...
The post PyCript: Burp Suite extension that allows for bypassing client-side encryption appeared first on Penetration Testing Tools.
Mageni Mageni is an open source vulnerability management platform. Mageni provides a faster, enjoyable, and leaner vulnerability management experience for modern cybersecurity programs. Real-life problems that Mageni solves for you Assets Discovery Services Discovery...
The post mageni: open source vulnerability management platform appeared first on Penetration Testing Tools.
Nosey Parker: Find secrets in textual data Nosey Parker is a command-line tool that finds secrets and sensitive information in textual data. It is useful both for offensive and defensive security testing. Key features:...
The post noseyparker: finds secrets and sensitive information in textual data and Git history appeared first on Penetration Testing Tools.
Caido Caido aims to help security professionals and enthusiasts audit web applications with efficiency and ease. Feature Sitemap The Sitemap feature allows you to visualize the structure of any website that is proxied through...
The post Caido: audit web applications with efficiency and ease appeared first on Penetration Testing Tools.
Reverse SSH Want to use SSH for reverse shells? Now you can. Manage and connect to reverse shells with native SSH syntax Dynamic, local and remote forwarding Native SCP and SFTP implementations for retrieving files from your targets...
The post Reverse SSH: SSH based reverse shell appeared first on Penetration Testing Tools.
Grimoire Grimoire is a “REPL for detection engineering” that allows you to generate datasets of cloud audit logs for common attack techniques. It currently supports AWS. How it works First, Grimoire detonates an attack....
The post grimoire: Generate datasets of cloud audit logs for common attacks appeared first on Penetration Testing Tools.
Artemis A modular web reconnaissance tool and vulnerability scanner based on Karton. Features Artemis includes: subdomain scan using crt.sh, Shodan integration, brute-forcing of interesting paths (e.g. .env), brute-forcing of easy WordPress/MySQL/PostgreSQL/FTP passwords, email...
The post Artemis: modular web reconnaissance tool and vulnerability scanner appeared first on Penetration Testing Tools.
Polaris Securing workloads in Kubernetes is an important part of overall cluster security. The overall goal should be to ensure that containers are running with as minimal privileges as possible. This includes avoiding privilege...
The post Polaris: open source policy engine for Kubernetes appeared first on Penetration Testing Tools.
MaLDAPtive MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation, and detection. Its foundation is a 100% custom-built C# LDAP parser that handles tokenization and syntax tree parsing along with numerous custom properties...
The post Invoke-Maldaptive: LDAP Obfuscation, Deobfuscation & Detection appeared first on Penetration Testing Tools.
DFIR Toolkit CLI tools for forensic investigation of Windows artifacts Overview of timelining tools Install cargo install dfir-toolkit Tool cleanhive merges logfiles into a hive file xx evtx2bodyfile Example evtxanalyze Analyze evtx...
The post DFIR Toolkit: CLI tools for forensic investigation of Windows artifacts appeared first on Penetration Testing Tools.
JNDI-Injection-Exploit-Plus JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and providing background services by starting the RMI, LDAP, and HTTP servers. Using this tool allows you to get JNDI links, you can insert these...
The post JNDI-Injection-Exploit-Plus: generating workable JNDI links and providing background services appeared first on Penetration Testing Tools.
Shwmae Shwmae (shuh-my) is a Windows Hello abuse tool that was released during DEF CON 32 as part of the Abusing Windows Hello Without a Severed Hand Talk. The purpose of the tool is...
The post Shwmae: A Windows Hello abuse tool appeared first on Penetration Testing Tools.
WAF Bypass Tool WAF bypass Tool is an open-source tool to analyze the security of any WAF for False Positives and False Negatives using predefined and customizable payloads. Check your WAF before an attacker...
The post WAF Bypass Tool: open source tool to analyze the security of any WAF appeared first on Penetration Testing Tools.
sshamble SSHamble is a research tool for SSH implementations that includes: Interesting attacks against authentication Post-session authentication attacks Pre-authentication state transitions Authentication timing analysis Post-session enumeration SSHamble simulates potential attack scenarios, including unauthorized remote access...
The post sshamble: A research tool for SSH implementations appeared first on Penetration Testing Tools.
Noir Noir is an attack surface detector from source code. Key Features Automatically identify language and framework from source code. Find API endpoints and web pages through code analysis. Load results quickly through...
The post noir: attack surface detector from source code appeared first on Penetration Testing Tools.
Octoscan Octoscan is a static vulnerability scanner for GitHub action workflows. Usage download remote workflows Octoscan can be run against a local git repository or you can download all the workflows with the dl action: analyze...
The post octoscan: A static vulnerability scanner for GitHub action workflows appeared first on Penetration Testing Tools.
AHWT – another hardening tool for Windows operating systems The program is a script generator with a collection of parameters and recommendations from CIS Benchmarks and DoD STIGs with some adjustments. All parameters are...
The post AHWT: Hardening tool for Windows operating systems appeared first on Penetration Testing Tools.
HyperDbg Debugger HyperDbg debugger is an open-source, hypervisor-assisted user-mode, and kernel-mode Windows debugger with a focus on using modern hardware technologies. It is a debugger designed for analyzing, fuzzing, and reversing. HyperDbg is designed...
The post HyperDbg: open-source, hypervisor-assisted user-mode, and kernel-mode Windows debugger appeared first on Penetration Testing Tools.
openappsec open-appsec (openappsec.io) builds on machine learning to provide preemptive web app & API threat protection against OWASP-Top-10 and zero-day attacks. It can be deployed as an add-on to Kubernetes Ingress, NGINX, Envoy (soon), and API Gateways....
The post openappsec: machine learning security engine to prevents threats against Web Application & APIs appeared first on Penetration Testing Tools.
