KnowsMore KnowsMore is a Swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes, BloodHound, NTDS, and DCSync). Main features Import NTLM Hashes from .ntds output txt file (generated by CrackMapExec or secretsdump.py)...
MetaHub MetaHub is an open-source security tool for context-based security vulnerability management. It can automate the process of contextualizing and prioritizing security findings based on your environment and your needs, YOUR context. It focuses on...
Empire Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers. The Empire server is written in Python 3 and is modular to allow operator flexibility....
Starkiller Starkiller is a Frontend for Powershell Empire. It is an Electron application written in VueJS. Multi-user GUI application for interfacing with the Empire C2 server from any computer. Starkiller represents a huge step forward...
Programming / Vulnerability Analysis / Web Vulnerability Analysis
by do son · Published January 31, 2023 · Last modified December 4, 2023
Bearer Bearer is a static application security testing (SAST) tool that scans your source code and analyzes your data flows to discover, filter and prioritize security risks and vulnerabilities leading to sensitive data exposures (PII, PHI, PD). We...
Web Information Gathering / Web Vulnerability Analysis
by do son · Published May 7, 2023 · Last modified December 4, 2023
cloudtoolkit Cloud Penetration Testing Toolkit Capability overview Providers Payload Supported Alibaba Cloud backdoor-user: Backdoored user can be used to obtain persistence in the Cloud environment. bucket-dump: Quickly enumerate buckets to look for loot. cloudlist:...
CLZero A project for fuzzing HTTP/1.1 CL.0 Request Smuggling Attack Vectors. Inspired by the tool Smuggler all attack gadgets adapted from Smuggler and https://portswigger.net/research/how-to-turn-security-research-into-profit CL.0 Identification method The first request will be the “base” request. This is...
BloodHound.py BloodHound.py is a Python-based ingestor for BloodHound, based on Impacket. This version of BloodHound.py is only compatible with BloodHound 4.2 and 4.3. For BloodHound CE, check out the bloodhound-ce branch Limitations BloodHound.py currently has the following limitations:...
Web Information Gathering / Web Vulnerability Analysis
by do son · Published December 2, 2016 · Last modified December 3, 2023
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and...
peetch peetch is a collection of tools aimed at experimenting with different aspects of eBPF to bypass TLS protocol protections. Currently, peetch includes two subcommands. The first called dump aims to sniff network traffic...
