Information Security
Kubeletmein This is a simple penetration testing tool which takes advantage of public cloud provider approaches to provide kubelet credentials to nodes in a Kubernetes cluster in order to gain privileged access to the...
What is Horusec? Horusec is an open-source tool that performs a static code analysis to identify security flaws during the development process. Currently, the languages for analysis are C#, Java, Kotlin, Python, Ruby, Golang,...
HubbleStack (Hubble for short) is a modular, open-source, security & compliance auditing framework which is built in python, using SaltStack as a library. It provides on-demand profile-based auditing, real-time security event notifications, alerting and...
The JSON Web Token Toolkit jwt_tool.py is a toolkit for validating, forging and cracking JWTs (JSON Web Tokens). Its functionality includes: Checking the validity of a token Testing for the RS/HS256 public key mismatch vulnerability Testing for...
Grawler Grawler is the best tool ever, made for automating google dorks it’s a tool written in PHP which comes with a web interface that automates the task of using google dorks, scrapes the...
enlightn Think of Enlightn as your performance and security consultant. Enlightn will “review” your code and server configurations, and give you actionable recommendations on improving performance, security, and reliability! The Enlightn OSS (open source...
DefectDojo is an open-source application vulnerability correlation and security orchestration application. It allows you to manage your application security program, maintain product and application information, schedule scans, triage vulnerabilities, and push findings into defect...
ReconFTW ReconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities. Features 🔥 Google Dorks (degoogle_hunter) Multiple subdomain...
Vailyn Vailyn is a multi-phased vulnerability analysis and exploitation tool for path traversal/directory climbing vulnerabilities. It is built to make it as performant as possible and to offer a wide arsenal of filter evasion...
BurpParamFlagger A Burp extension adding a passive scan check to flag parameters whose name or value may indicate a possible insertion point for SSRF or LFI. Note: I believe that Burp Pro is required...
Suggested Reading