A tool specifically designed for Kubernetes environments aims to efficiently and automatically discover hidden vulnerable APIs within clusters. It reveals and demonstrates a common error through a workshop format, which could lead to API...
The post KubeAPI-Inspector: Discover the secrets hidden in apis appeared first on Penetration Testing Tools.
BlackStone Project BlackStone project or “BlackStone Project” is a tool created in order to automate the work of drafting and submitting a report on audits of ethical hacking or pentesting. In this tool we...
The post BlackStone: Pentesting Reporting Tool appeared first on Penetration Testing Tools.
DetentionDodger is a tool designed to find users whose credentials have been leaked/compromised and the impact they have on the target. Install Local Installation To install, the only thing needed, is to install the...
The post DetentionDodger: Unmasking Leaked Credentials & Their Organizational Impact appeared first on Penetration Testing Tools.
WindowSpy WindowSpy is a Cobalt Strike Beacon Object File meant for targeted user surveillance. The goal of this project was to trigger surveillance capabilities only on certain targets, e.g. browser login pages, confidential documents,...
The post WindowSpy: Cobalt Strike Beacon Object File meant for targeted user surveillance appeared first on Penetration Testing Tools.
In recent years, attacks targeting the Web Application Platform have been increasing rapidly. sisakulint is a static and fast SAST for GitHub Actions. This great tool can automatically validate yaml files according to the guidelines...
The post Boost Your GitHub Actions Security with sisakulint: Fast SAST for YAML appeared first on Penetration Testing Tools.
KubeStalk KubeStalk is a tool to discover Kubernetes and related infrastructure-based attack surfaces from a black-box perspective. This tool is a community version of the tool used to probe for unsecured Kubernetes clusters around...
The post kubestalk: discovers Kubernetes and related infrastructure based attack surface appeared first on Penetration Testing Tools.
SupplyShield is an open-source application security orchestration framework designed to secure your software supply chain from vulnerabilities, malicious dependencies, and unapproved base images. It provides a comprehensive solution to automate the detection, prioritization, and...
The post SupplyShield: Fortify Your Software Supply Chain appeared first on Penetration Testing Tools.
sh4d0wup Have you ever wondered if the update you downloaded is the same one everybody else gets or did you get a different one that was made just for you? Shadow updates are updates that...
The post sh4d0wup: Signing-key abuse and update exploitation framework appeared first on Penetration Testing Tools.
An AI-powered, self-hosted GitHub bot designed to detect and mitigate supply chain attacks in pull requests. SadGuard combines intelligent code analysis with executable behavior monitoring to secure your software pipeline. SadGuard was inspired by...
The post SadGuard: Dynamic Code Analysis + Supply Chain Detection Attack appeared first on Penetration Testing Tools.
Introducing Varunastra, an innovative tool designed to enhance the security of Docker environments. Named after The Varunastra (वरुणास्त्र), it is the water weapon according to the Indian scriptures, incepted by Varuna, god of hydrosphere....
The post Varunastra: Securing the Depths of Docker appeared first on Penetration Testing Tools.
Metlo Metlo is an open-source API security platform Create an Inventory of all your API Endpoints. Proactively test your APIs before they go into production. Detect API attacks in real-time. Features Endpoint Discovery –...
The post metlo: open-source API security platform appeared first on Penetration Testing Tools.
Subdominator Meet Subdominator, your new favorite CLI tool for detecting subdomain takeovers. It’s designed to be fast, accurate, and dependable, offering a significant improvement over other available tools. Benchmark ? A benchmark was run across...
The post Subdominator: CLI tool for detecting subdomain takeovers appeared first on Penetration Testing Tools.
The ABAP Code Scanner is a powerful tool designed to analyze ABAP (Advanced Business Application Programming) code for potential security vulnerabilities, code quality issues, and best practice violations. This provides a flexible and extensible...
The post RedRays ABAP Code Analyzer: Open-Source Security Scanner for SAP ABAP appeared first on Penetration Testing Tools.
xeol A scanner for end-of-life (EOL) packages in container images, filesystems, and SBOMs What is EOL software? End of Life (EOL) means the vendor has decided the software in question has reached the end...
The post xeol: scanner for end-of-life software in container images, filesystems, and SBOMs appeared first on Penetration Testing Tools.
kntrl is an eBPF based runtime agent that monitors and prevents anomalous behaviour defined by you on your pipeline. kntrl achieves this by monitoring kernel calls, and denying access as soon as your defined...
The post kntrl: Real-time eBPF Runtime Security for Your CI/CD Pipelines appeared first on Penetration Testing Tools.
Linux kernel vulnerability reproduction is a critical task in system security. To reproduce a kernel vulnerability, the vulnerable environment and the Proof of Concept (PoC) program are needed. Most existing research focuses on the...
The post KernJC: Automated Vulnerable Environment Generation for Linux Kernel Vulnerabilities appeared first on Penetration Testing Tools.
SBSCAN SBSCAN is a penetration testing tool specifically designed for the Spring framework, capable of scanning specified sites for Spring Boot sensitive information and verifying related Spring vulnerabilities. Most Comprehensive Dictionary for Sensitive Paths:...
The post SBSCAN: penetration testing tool specifically designed for the Spring framework appeared first on Penetration Testing Tools.
Bypass Fuzzer Fuzz 401/403ing endpoints for bypasses This tool performs various checks via headers, path normalization, verbs, etc. to attempt to bypass ACLs or URL validation. It will output the response codes and length...
The post BypassFuzzer: Fuzz 401/403/404 pages for bypasses appeared first on Penetration Testing Tools.
NullGate This project implements a comfortable and modern way to use the NTAPI functions using indirect syscalls, coupled with the FreshyCalls method with a little twist for dynamic syscall number retrieval. It also uses a technique...
The post NullGate: A Modern Approach to Indirect Syscalls with Defender Bypass appeared first on Penetration Testing Tools.
All-in-One malware analysis tool for analyze many file types, from Windows binaries to E-Mail files. You can get: What DLL files are used. Functions and APIs. Sections and segments. URLs, IP addresses and emails....
The post Qu1cksc0pe: All-in-One malware analysis tool appeared first on Penetration Testing Tools.
