8,962 tools
CloudGoat is a vulnerable-by-design AWS deployment tool that creates intentionally insecure cloud environments for hands-on cybersecurity training through capture-the-flag scenarios.
CloudGoat is a vulnerable-by-design AWS deployment tool that creates intentionally insecure cloud environments for hands-on cybersecurity training through capture-the-flag scenarios.
A security testing framework for assessing container environment security across AWS and GCP cloud platforms.
A security testing framework for assessing container environment security across AWS and GCP cloud platforms.
A script to enumerate Google Storage buckets and determine access and privilege escalation
A script to enumerate Google Storage buckets and determine access and privilege escalation
Documentation of an AWS IAM privilege escalation technique that exploits the iam:CreatePolicyVersion permission to gain elevated access through policy manipulation.
Documentation of an AWS IAM privilege escalation technique that exploits the iam:CreatePolicyVersion permission to gain elevated access through policy manipulation.
Distributed low interaction honeypot with Agent/Master design supporting various protocol handlers.
Distributed low interaction honeypot with Agent/Master design supporting various protocol handlers.
A fast and flexible HTTP enumerator for content discovery and credential bruteforcing
A fast and flexible HTTP enumerator for content discovery and credential bruteforcing
Check for known vulnerabilities in your Node.js installation.
Check for known vulnerabilities in your Node.js installation.
Modular framework for web services penetration testing with support for various attacks.
Modular framework for web services penetration testing with support for various attacks.
A Hadoop library for reading and querying PCAP files
A Hadoop library for reading and querying PCAP files
QRadio is a tool/framework designed to consolidate cyber threats intelligence sources.
QRadio is a tool/framework designed to consolidate cyber threats intelligence sources.
A tool for signature analysis of RTF files to detect potentially unique parts and malicious documents.
A tool for signature analysis of RTF files to detect potentially unique parts and malicious documents.
OSTrICa is an open source plugin-based framework that collects and visualizes threat intelligence data from various sources to help cybersecurity professionals correlate IoCs and enhance their defensive capabilities.
OSTrICa is an open source plugin-based framework that collects and visualizes threat intelligence data from various sources to help cybersecurity professionals correlate IoCs and enhance their defensive capabilities.
A collection of tips and tricks for container and container orchestration hacking and security testing.
A collection of tips and tricks for container and container orchestration hacking and security testing.
PowerUp aims to be a clearinghouse of common Windows privilege escalation vectors that rely on misconfigurations.
PowerUp aims to be a clearinghouse of common Windows privilege escalation vectors that rely on misconfigurations.
PowerSploit is a PowerShell-based penetration testing framework containing modules for code execution, injection techniques, persistence, and various offensive security operations.
PowerSploit is a PowerShell-based penetration testing framework containing modules for code execution, injection techniques, persistence, and various offensive security operations.
CimSweep is a suite of CIM/WMI-based tools for incident response and hunting operations on Windows systems without the need to deploy an agent.
CimSweep is a suite of CIM/WMI-based tools for incident response and hunting operations on Windows systems without the need to deploy an agent.
Python script to parse the NTFS USN Change Journal.
Python script to parse the NTFS USN Change Journal.
A Python-based Burp Suite extension that integrates Yara scanning capabilities for detecting patterns and signatures in web application traffic using custom Yara rules.
A Python-based Burp Suite extension that integrates Yara scanning capabilities for detecting patterns and signatures in web application traffic using custom Yara rules.
PlumHound is a reporting engine that converts BloodHoundAD's Neo4J queries into operational security reports for analyzing Active Directory vulnerabilities and attack paths.
PlumHound is a reporting engine that converts BloodHoundAD's Neo4J queries into operational security reports for analyzing Active Directory vulnerabilities and attack paths.
A logging proxy tool created in response to the 'MongoDB Apocalypse', with Docker support.
A logging proxy tool created in response to the 'MongoDB Apocalypse', with Docker support.
Browse and analyze iPhone/iPad backups with detailed file properties and various viewers.
Browse and analyze iPhone/iPad backups with detailed file properties and various viewers.