checkov Checkov is a static code analysis tool for infrastructure-as-code. It scans cloud infrastructure provisioned using Terraform, Cloudformation, or kubernetes and detects security and compliance misconfigurations. Checkov is written in Python and provides a...
awsEnum awsEnum is a python script that enumerates AWS services through the provided credential. It is coded and published to be used in particular circumstances: Engaging in penetration testing activity. Carry on a Bug...
The Rogue Toolkit is an extensible toolkit aimed at providing penetration testers with an easy-to-use platform to deploy software-defined Access Points (AP) for the purpose of conducting penetration testing and red team engagements. By...
What is TCA Tencent Cloud Code Analysis (TCA for short, code-named CodeDog inside the company early) is a code comprehensive analysis platform, which includes three components: server, web, and client. It supports the integration...
SQLRecon Description A C# MS-SQL toolkit designed for offensive reconnaissance and post-exploitation. Mandatory Arguments The mandatory arguments consist of an authentication type (either Windows, Local or Azure), connection parameters and a module. -a – Authentication...
SniperPhish SniperPhish is a phishing toolkit for pentester or security professionals to enhance user awareness by simulating real-world phishing attacks. SniperPhish helps to combine both phishing emails and phishing websites you created to centrally...
Global Socket Moving data from here to there. Securely, Fast, and through NAT/Firewalls. Global Socket allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely. Features: Uses the Global Socket...
murphysec MurphySec CLI is used for detecting vulnerable dependencies from the command-line, and also can be integrated into your CI/CD pipeline. Features Analyze dependencies being used by your project, including direct and indirect dependencies Detect...
Archery is an opensource vulnerability assessment and management tool which helps developers and pentesters to perform scans and manage vulnerabilities. Archery uses popular opensource tools to perform comprehensive scanning for web applications and networks....
HaE – Highlighter and Extractor HaE is used to highlight HTTP requests and extract information from HTTP response messages or request messages. The plugin can custom regular expressions to match HTTP response messages. You can decide for...