Katana A next-generation crawling and spidering framework Feature Fast And fully configurable web crawling Standard and Headless mode support JavaScript parsing / crawling Customizable automatic form filling Scope control – Preconfigured field / Regex Customizable output – Preconfigured fields INPUT – STDIN, URL and LIST...
The post katana: next-generation crawling and spidering framework appeared first on Penetration Testing Tools.
FlowMate Have you ever wondered how to consider all input-to-output correlations of a web application during a pentest? With FlowMate, you no longer have to. FlowMate is our BurpSuite extension designed to introduce taint analysis to web...
The post FlowMate: BurpSuite extension that brings taint analysis to web applications appeared first on Penetration Testing Tools.
CaptainCredz is a modular and discreet password-spraying tool, with advanced features such as a cache mechanism and a fine-grained timing control. To start using captaincredz, the following lines may be useful: Extending CaptainCredz Writing...
The post CaptainCredz: modular and discreet password-spraying tool appeared first on Penetration Testing Tools.
Tarian Protect your applications running on Kubernetes from malicious attacks by pre-registering your trusted processes and trusted file signatures. Tarian will detect unknown processes and changes to the registered files, then it will send...
The post Tarian: Protect your applications running on Kubernetes from malicious attacks appeared first on Penetration Testing Tools.
Pinkerton Pinkerton is a Python tool created to crawl JavaScript files and search for secrets. Features Works with ProxyChains Fast scan Low RAM and CPU usage Open-Source Add more secrets regex pattern Improve the...
The post Pinkerton: JavaScript file crawler and secret finder appeared first on Penetration Testing Tools.
LEMON is a Linux and Android memory dump tool that utilizes eBPF to capture the entire physical memory of a system and save it in LiME format, compatible with forensic tools such as Volatility...
The post lemon: eBPF Memory Dump Tool appeared first on Penetration Testing Tools.
kanha Kanha is a tool that can help you perform, a variety of attacks based on the target domain. With just kanha, you can do, Fuzzing, Reverse dns lookup, common http response, subdomain takeover detection and many more. The project...
The post kanha: A web-app pentesting suite written in Rust appeared first on Penetration Testing Tools.
With the rise of AI infrastructures, the rise of attacks on such vulnerable infrastructure is inevitable. Insecure AI infrastructure can expose organizations to significant risks, including data breaches and manipulation of AI-driven decisions. Often,...
The post AIGoat: A deliberately Vulnerable AI Infrastructure appeared first on Penetration Testing Tools.
dummy Generator of static files for testing file upload functionality. When generating a png, as in the following screenshot, you can generate a png of a specified size. Motivation I often test the file...
The post dummy: Generator of static files for testing file upload appeared first on Penetration Testing Tools.
Adaptix is an extensible post-exploitation and adversarial emulation framework made for penetration testers. The Adaptix server is written in Golang and to allow operator flexibility. The GUI Client is written in C++ QT, allowing...
The post AdaptixC2: post-exploitation and adversarial emulation framework appeared first on Penetration Testing Tools.
Aftermath Aftermath is a Swift-based, open-source incident response framework. Aftermath can be leveraged by defenders in order to collect and subsequently analyze the data from the compromised host. Aftermath can be deployed from an...
The post aftermath: Swift-based, open-source macOS incident response framework appeared first on Penetration Testing Tools.
xpid It’s nmap but for pids. xpid gives a user the ability to “investigate” for process details on a Linux system. For example, a sleeping thread will have a directory /proc/[pid] that can be navigated to,...
The post xpid: Linux Process Discovery appeared first on Penetration Testing Tools.
MLOps Attack Toolkit – MLOKit is a toolkit that can be used to attack MLOps platforms by taking advantage of the available REST API. This tool allows the user to specify an attack module,...
The post MLOKit: MLOps Attack Toolkit appeared first on Penetration Testing Tools.
Spyndicapped Spy of your users with Microsoft UIA! MS UIA (Microsoft User Interface Automation) is a special framework designed to automate the use of the Windows GUI. With its help you can read any text...
The post Spyndicapped: COM ViewLogger — new malware keylogging technique appeared first on Penetration Testing Tools.
RPCMon A GUI tool for scanning RPC communication through Event Tracing for Windows (ETW). The tool was published as part of research on RPC communication between the host and a Windows container. Overview RPCMon...
The post RPCMon: RPC Monitor tool based on Event Tracing for Windows appeared first on Penetration Testing Tools.
Locksmith A tiny tool to identify and remediate common misconfigurations in Active Directory Certificate Services. Mode 0 (Default) – Identify Issues and Output to Console PS> .\Invoke-Locksmith.ps1 Running Invoke-Locksmith.ps1 with no parameters or -Mode 0 will...
The post Locksmith: identify & remediate common misconfigurations in AD Certificate Services appeared first on Penetration Testing Tools.
Linux Evidence Acquisition Framework (LEAF) Linux Evidence Acquisition Framework (LEAF) acquires artifacts and evidence from Linux EXT4 systems, accepting user input to customize the functionality of the tool for easier scalability. Offering several modules...
The post LEAF: Linux Evidence Acquisition Framework appeared first on Penetration Testing Tools.
Troll-A Troll-A is a command line tool for extracting secrets such as passwords, API keys, and tokens from WARC (Web ARChive) files. Troll-A is an easy-to-use, comprehensive, and fast solution for finding secrets in web archives. Features...
The post troll-a: extracting secrets such as passwords, API keys, and tokens from Web ARChive files appeared first on Penetration Testing Tools.
Zircolite is a standalone tool written in Python 3 that allows you to use SIGMA rules on: MS Windows EVTX (EVTX, XML, and JSONL formats) Auditd logs Sysmon for Linux EVTXtract CSV and XML logs...
The post Zircolite: fast SIGMA-based detection tool for EVTX or JSON Logs appeared first on Penetration Testing Tools.
WELA (Windows Event Log Analyzer) Yamato Security’s WELA(Windows Event Log Analyzer) aims to be the Swiss Army knife for Windows event logs. Currently, WELA’s greatest functionality is creating an easy-to-analyze logon timeline in order...
The post WELA: Windows Event Log Analyzer appeared first on Penetration Testing Tools.
