This penetration testing tool allows an auditor to intercept SSH connections by patching the OpenSSH source code to act as a proxy, logging plaintext passwords and sessions to disk. Note: Only run in a VM or container due to potential security vulnerabilities introduced by ad-hoc edits to critical regions of the OpenSSH sources.
FEATURES
ALTERNATIVES
DueDLLigence is an open-source tool for identifying and analyzing DLL hijacking vulnerabilities in Windows applications, providing automated analysis and remediation guidance.
A wargaming network for penetration testers to practice their skills in a realistic environment.
A collection of tests for Local File Inclusion (LFI) vulnerabilities using Burp Suite.
Full-featured C2 framework for stealthy communication and control on web servers.
A C2 profile generator for Cobalt Strike designed to enhance evasion.
A list of useful payloads and bypasses for Web Application Security.
PINNED

InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.

Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.

Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.