GPOddity The GPOddity project aims at automating GPO attack vectors through NTLM relaying (and more). For more details regarding the attack and a demonstration of how to use the tool, see the associated article...
DavRelayUp A quick and dirty port of KrbRelayUp with modifications to allow for NTLM relay from webdav to LDAP in order to streamline the abuse of the following attack primitive: (Optional) New machine account creation (New-MachineAccount)...
checkov Checkov is a static code analysis tool for infrastructure-as-code. It scans cloud infrastructure provisioned using Terraform, Cloudformation, or kubernetes and detects security and compliance misconfigurations. Checkov is written in Python and provides a...
Web Information Gathering / Web Vulnerability Analysis
by do son · Published April 10, 2023 · Last modified September 29, 2023
Firefly Firefly is an advanced black-box fuzzer and not just a standard asset discovery tool. Firefly provides the advantage of testing a target with a large number of built-in checks to detect behaviors in...
go-exploit: Go Exploit Framework go-exploit is an exploit development framework for Go. The framework helps exploit developers create small, self-contained, portable, and consistent exploits. Many proof-of-concept exploits rely on interpreted languages with complicated packaging...
kubeclarity KubeClarity is a tool for the detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems. It scans both runtime K8s clusters and CI/CD pipelines for enhanced...
by do son · Published September 14, 2021 · Last modified September 28, 2023
DongTai DongTai IAST is an open-source passive interactive security testing (IAST) product. It uses dynamic hooks and taint tracking algorithms to achieve universal vulnerability detection and multiples request associated with vulnerability detection (including but not limited to...
Vulnerability Analysis / Web Vulnerability Analysis
by do son · Published May 4, 2022 · Last modified September 28, 2023
What is afrog afrog is an excellent performance, fast and stable, PoC customizable vulnerability scanning (hole digging) tool. PoC involves CVE, CNVD, default password, information leakage, fingerprint identification, unauthorized access, arbitrary file reading, command...
by do son · Published November 1, 2021 · Last modified September 28, 2023
Forbidden Bypass 4xx HTTP response status codes. Script uses multithreading, and is based on brute-forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code...
Vulnerability Analysis / Web Vulnerability Analysis
by do son · Published August 21, 2023 · Last modified September 28, 2023
Noir Noir is an attack surface detector from source code. Key Features Automatically identify language and framework from source code. Find API endpoints and web pages through code analysis. Load results quickly through interactions...
