Security Training Share
ASTo – Apparatus Software Tool An IoT network security analysis tool and visualizer ASTo is security analysis tool for IoT networks. It is developed to support the Apparatus security framework. ASTo is based on electron and cytoscape.js....
Commix (short for [comm]and [i]njection e[x]ploiter) is an automated tool written by Anastasios Stasinopoulos (@ancst) that can be used from web developers, penetration testers or even security researchers in order to test web-based applications...
cloudflare-resolver A security tool that aims at doing the following Check if domains or ips are part of the CloudFlare network Scan domains for know vulnerabilities that allow finding ip Dictionary scan subdomains to...
Raccoon Raccoon is a tool made for reconnaissance and information gathering with an emphasis on simplicity. It will do everything from fetching DNS records, retrieving WHOIS information, obtaining TLS data, detecting WAF presence and...
RetDec is a retargetable machine-code decompiler based on LLVM. The decompiler is not limited to any particular target architecture, operating system, or executable file format: Supported file formats: ELF, PE, Mach-O, COFF, AR (archive), Intel HEX,...
Mimikatz is an open source gadget written in C, launched in April 2014. It is very powerful, support from the Windows system memory to extract clear text password, hash, PIN code and Kerberos credentials,...
Fridump Fridump (v0.1) is an open source memory dumping tool, primarily aimed to penetration testers and developers. Fridump is using the Frida framework to dump accessible memory addresses from any platform supported. It can...
Omnibus An Omnibus is defined as a volume containing several novels or other items previously published separately and that is exactly what the InQuest Omnibus project intends to be for Open Source Intelligence collection, research, and...
phpcs-security-audit v2 phpcs-security-audit is a set of PHP_CodeSniffer rules that find vulnerabilities and weaknesses related to security in PHP code. It currently has core PHP rules as well as Drupal 7 specific rules. The tool also...
BloodHound.py BloodHound.py is a Python-based ingestor for BloodHound, based on Impacket. This tool is currently in Beta and should not be considered feature-complete or fully stable. Limitations BloodHound.py currently has the following limitations: Currently only single...
Enumdb is brute force and post exploitation tool for MySQL and MSSQL databases. When provided a list of usernames and/or passwords, it will cycle through each looking for valid credentials. By default enumdb will...
CatMyPhish Search for a categorized domain that can be used during the red teaming engagement. Perfect to setup whitelisted domain for your Cobalt Strike beacon C&C. It relies on expireddomains.net to obtain a list...
toriptables2 Tor Iptables script is an anonymizer that sets up iptables and tor to route all services and traffic including DNS through the Tor network. Download git clone https://github.com/ruped24/toriptables2.git Use toriptables2.py -h To test: Check...
airgeddon This is a multi-use bash script for Linux systems to audit wireless networks. Features Interface mode switcher (Monitor-Managed) keeping selection even on interface name changing DoS over wireless networks using different methods Assisted...
