Security Operations

A tool to dump a Git repository from a website

A collection of three tools for extracting, dumping, and scanning exposed .git repositories on websites to identify sensitive information and security vulnerabilities.

A command-line tool for capturing automated screenshots of websites and mobile applications with support for multiple browsers and device emulations.

A DNS rebinding attack framework for security researchers and penetration testers.

A malicious DNS server that executes DNS Rebinding attacks on-demand to bypass same-origin policy restrictions and access internal network resources.

A Python library that simplifies testing and exploiting race conditions in web applications using concurrent HTTP requests.

A simple Python script to test for a hypothetical JWT vulnerability

An open-source binary debugger for Windows with a comprehensive plugin system for malware analysis and reverse engineering.

A command line utility for searching and downloading exploits from multiple exploit databases including Exploit-DB and Packet Storm.

A comprehensive malware-analysis tool that utilizes external AV scanners to identify malicious elements in binary files.

mXtract is a Linux-based tool for memory analysis and dumping with regex pattern search capabilities.

A tool that generates .NET serialized gadgets for triggering assembly load and execution through BinaryFormatter deserialization in JavaScript, VBScript, and VBA scripts.

A comprehensive resource for threat hunting in Active Directory environments, covering tracking command-line/PowerShell activity, Kerberoasting detection, auditing attacker activity, and monitoring enterprise command-line activity.

Dorothy is a tool to test monitoring and detection capabilities for Okta environments, with modules mapped to MITRE ATT&CK® tactics.

VMCloak is a tool for creating and preparing Virtual Machines for Cuckoo Sandbox.

Yar is a reconnaissance tool for scanning organizations, users, and repositories to identify vulnerabilities and security risks during security assessments.

A collection of YARA rules for Windows, Linux, and Other threats.

Interactive malware hunting service with live access to the heart of an incident.

Tool for live forensics acquisition on Windows systems, collecting artefacts for early compromise detection.

InternalBlue is a Bluetooth experimentation framework that enables low-level firmware interaction with Broadcom chips for security research and attack prototype development.

C3 is a framework by WithSecureLabs for rapid prototyping of custom command and control channels that integrates with existing offensive security toolkits.

An open-source OSINT honeypot that monitors threat actor reconnaissance attempts and generates early-warning intelligence for blue teams during the pre-attack phase.

A malware/botnet analysis framework with a focus on network analysis and process comparison.

netsniff-ng is a free Linux networking toolkit with zero-copy mechanisms for network development, analysis, and auditing.