codetotal CodeTotal analyzes any snippet, file, or repository to detect possible security flaws such as secret in code, open source vulnerability, code security, vulnerability, insecure infrastructure as code, and...
WebApp PenTest
CloudRecon CloudRecon is a suite of tools for red teamers and bug hunters to find ephemeral and...
EasyEASM Easy EASM is just that… the easiest to set up tool to give your organization visibility...
Logsensor A Powerful Sensor Tool to discover login panels, and POST Form SQLi Scanning Features login panel...
Bugsy Bugsy is a command-line interface (CLI) tool that provides automatic security vulnerability remediation for your code....
Nekuda – IDN-Squatting Detector Domain Lookalikes A domain lookalike is a domain name that is similar to...
WebCopilot WebCopilot is an automation tool designed to enumerate subdomains of the target and detect vulnerabilities using...
CHOMTE.SH CHOMTE.SH is a versatile framework designed for automating reconnaissance tasks in penetration testing. It’s useful for...
navgix navgix is a multi-threaded golang tool that will check for nginx alias traversal vulnerabilities. Techniques Currently,...
Argus This repo contains the code for our USENIX Security ’23 paper “ARGUS: A Framework for Staged...
BucketLoot BucketLoot is an automated S3-compatible Bucket inspector that can help users extract assets, flag secret exposures...
CVE-2023-44487 Basic vulnerability scanning to see if web servers may be vulnerable to CVE-2023-44487. This tool checks...
OSINTBuddy Welcome to the OSINTBuddy project where you can connect, combine, and get insights from unstructured and...
CloudPrivs CloudPrivs is a tool that leverages the existing power of SDKs like Boto3 to brute force...
ParaForge ParaForge is a simple Burp Suite extension to extract the parameters and endpoints from the request...