GraphStrike GraphStrike is a suite of tools that enables Cobalt Strike’s HTTPS Beacon to use Microsoft Graph API for C2 communications. All Beacon traffic will be transmitted via two files created in the attacker’s SharePoint site,...
Damn Vulnerable RESTaurant An intentionally vulnerable API service designed for learning and training purposes dedicated to developers, ethical hackers, and security engineers. The idea of the project is to provide an environment that can...
Ligolo-mp Ligolo-mp is a more specialized version of Ligolo-ng, with client-server architecture, enabling pentesters to play with multiple concurrent tunnels collaboratively. Also, with a sprinkle of less important bells and whistles. Features Everything that you...
Genzai Genzai helps you identify IoT or Internet of Things related dashboards across a single or set of targets provided as input and scan them for default password issues and potential vulnerabilities based on...
C2 Cloud The C2 Cloud is a robust web-based C2 framework, designed to simplify the life of penetration testers. It allows easy access to compromised backdoors, just like accessing an EC2 instance in the...
secator secator is a task and workflow runner used for security assessments. It supports dozens of well-known security tools and it is designed to improve productivity for pentesters and security researchers. Feature A curated...
Arjun Arjun can find query parameters for URL endpoints. If you don’t get what that means, it’s okay, read along. Web applications use parameters (or queries) to accept user input, consider the following example...
drozer drozer is a security testing framework for Android. drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Android Runtime,...
Google has released an important security update for its Chrome browser (version 123.0.6312.86/.87), addressing seven security vulnerabilities, including four rated as “High” and one “Critical” flaw. Critical Vulnerability and Large Payout CVE-2024-2883: Use after...
Emora Emora allows you to search for accounts by username across social networks. Inspired by tools like Sherlock, Emora provides a user-friendly graphical interface to ease the usage and navigation through the results. Features Intuitive...
NoArgs: Manipulating and Hiding Process Arguments NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into Windows APIs to dynamically manipulate the Windows...
OSTE-Meta-Scanner This project aims to simplify the field of Dynamic Application Security Testing. The OSTE meta scanner is a comprehensive web vulnerability scanner that combines multiple DAST scanners, including Nikto Scanner, OWASP ZAP, Nuclei,...
Bob the Smuggler “Bob the Smuggler” is a tool that leverages HTML Smuggling Attack and allows you to create HTML files with embedded 7z/zip archives. The tool would compress your binary (EXE/DLL) into 7z/zip...
OWASP OFFAT OWASP OFFAT (OFFensive Api Tester) is created to automatically test API for common vulnerabilities after generating tests from the openapi specification file. It provides the feature to automatically fuzz inputs and use...
GitAlerts GitHub repositories created under any organization can be controlled by the GitHub administrators. However, any repository created under an organization’s user account is not controllable unless the organization has adopted the GitHub enterprise-managed...