Security Training Share
VulnWhisperer is a vulnerability data and reports aggregator. It will pull all the reports and create a file with a unique filename which is then fed into logstash. Logstash extracts data from the filename...
sslscan tests SSL/TLS enabled services to discover supported cipher suites. This is a fork of ioerror’s version of sslscan. Changes are as follows: Highlight SSLv2 and SSLv3 ciphers in output. Highlight CBC ciphers on SSLv3 (POODLE)....
Enumdb is a brute force and post exploitation tool for MySQL and MSSQL databases. When provided a list of usernames and/or passwords, it will cycle through each targeted host looking for valid credentials. By...
enumerid Enumerid is an impacket based Relative Identifier (RID) enumeration utility. It was initially created to solve a common problem that attackers face after getting an initial compromise- getting oriented within the network. Historically this means...
gitleaks – Check git repos for secrets and keys Changelog v1.12.1 Features Show program usage when no arguments are provided Exit program after the -h or –help options are used v1.0.0 Performance Prior to...
The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices. It consists of various modules that aid penetration testing operations: exploits – modules that take advantage of identified vulnerabilities creds – modules...
Wirespy Automate Man In The Middle Attacks (MITMAs) over WiFi. Wirespy allows attackers to set up quick honeypots to carry out MITMAs. Monitoring and logging functionalities are implemented in order to keep records of...
ExchangeRelayX An NTLM relay tool to the EWS endpoint for on-premise exchange servers. Provides an OWA for hackers. Version 1.0.0. This tool is a PoC to demonstrate the ability of an attacker to perform...
The OWASP Zed Attack Proxy (ZAP) is easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security...
Shodan client for JavaScript API 👀 The content of the result is the same provided by the HTTP API. You can check them in the API documentation. version Library version. async host(ip, key, opts) Returns all...
Weevely is a web shell designed for remote server administration and penetration testing that can be extended over the network at runtime with more than 30 modules. It executes remote code via an obfuscated...
snyk Snyk helps you find, fix and monitor known vulnerabilities in Node.js npm, Ruby and Java dependencies, both on an ad hoc basis and as part of your CI (Build) system. Features Find known vulnerabilities...
Bashark Bashark aids pentesters and security researchers during the post-exploitation phase of security audits. Features Single Bash script Lightweight and fast Multi-platform: Unix, OSX, Solaris etc. No external dependencies Immune to heuristic and behavioral...
PyLazyS3 A Python port of the original lazys3 tool to enumerate AWS S3 buckets using different permutations, originally created by @NahamSec. It utilizes the asyncio and aiohttp libraries to handle multiple high concurrency requests with great efficiency. Installation git clone https://github.com/Den1al/PyLazyS3.git...
