go-secdump: remotely dump secrets from the Windows registry
go-secdump Package go-secdump is a tool built to remotely extract hashes from the SAM registry hive as well as LSA secrets and cached hashes from the SECURITY hive without any...
Category: Penetration Testing
DVAC: An intentionally vulnerable Android Application
The Damne Vulnerable Android Components – DVAC Damn Vulnerable Android Components (DVAC) is an educational Android application intentionally designed to expose and demonstrate vulnerabilities related to various Android components such...
proctools: extracting information and dumping sensitive strings from Windows processes
proctools Small toolkit for extracting information and dumping sensitive strings from Windows processes. Made to accompany another project that’s in the works. procsearch – find sensitive strings in the target...
apidetector: Efficiently scan for exposed Swagger endpoints across web domains and subdomains
APIDetector APIDetector is a powerful and efficient tool designed for testing exposed Swagger endpoints in various subdomains with unique smart capabilities to detect false positives. It’s particularly useful for security...
pphack: The Most Advanced Client-Side Prototype Pollution Scanner
pphack pphack is a CLI tool for scanning websites for client-side prototype pollution vulnerabilities. Feature Fast (concurrent workers) Default payload covers a lot of cases Payload and Javascript customization Proxy-friendly...
ThievingFox: gather credentials from various password managers and Windows utilities
ThievingFox ThievingFox is a collection of post-exploitation tools to gather credentials from various password managers and Windows utilities. Each module leverages a specific method of injecting into the target process...
SmuggleFuzz: HTTP/2 based downgrade and smuggle scanner
SmuggleFuzz SmuggleFuzz is designed to assist in identifying HTTP downgrade attack vectors. Its standout feature is not just the time-based detection or request handling, but the detailed response information it...
GraphStrike: Cobalt Strike HTTPS beaconing over Microsoft Graph API
GraphStrike GraphStrike is a suite of tools that enables Cobalt Strike’s HTTPS Beacon to use Microsoft Graph API for C2 communications. All Beacon traffic will be transmitted via two files created in...
Damn Vulnerable RESTaurant: An intentionally vulnerable Web API game for learning and training
Damn Vulnerable RESTaurant An intentionally vulnerable API service designed for learning and training purposes dedicated to developers, ethical hackers, and security engineers. The idea of the project is to provide...
ligolo-mp: Multiplayer pivoting solution
Ligolo-mp Ligolo-mp is a more specialized version of Ligolo-ng, with client-server architecture, enabling pentesters to play with multiple concurrent tunnels collaboratively. Also, with a sprinkle of less important bells and whistles....
C2 Cloud: robust web-based C2 framework
C2 Cloud The C2 Cloud is a robust web-based C2 framework, designed to simplify the life of penetration testers. It allows easy access to compromised backdoors, just like accessing an...
secator: The pentester’s swiss knife
secator secator is a task and workflow runner used for security assessments. It supports dozens of well-known security tools and it is designed to improve productivity for pentesters and security...
Arjun: HTTP parameter discovery suite
Arjun Arjun can find query parameters for URL endpoints. If you don’t get what that means, it’s okay, read along. Web applications use parameters (or queries) to accept user input,...
drozer: A security testing framework for Android
drozer drozer is a security testing framework for Android. drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting...
Google Chrome Update Patches High-Risk Vulnerabilities
Google has released an important security update for its Chrome browser (version 123.0.6312.86/.87), addressing seven security vulnerabilities, including four rated as “High” and one “Critical” flaw. Critical Vulnerability and Large...
