IMDShift AWS workloads that rely on the metadata endpoint are vulnerable to Server-Side Request Forgery (SSRF) attacks. IMDShift automates the migration process of all workloads to IMDSv2 with extensive capabilities, which implements enhanced security...
The post IMDShift: Prevent SSRF attacks on AWS EC2 appeared first on Penetration Testing Tools.
SSH-Snake: Automated SSH-Based Network Traversal SSH-Snake is a powerful tool designed to perform automatic network traversal using SSH private keys discovered on systems, to create a comprehensive map of a network and its dependencies,...
The post SSH-Snake: Automated SSH-Based Network Traversal appeared first on Penetration Testing Tools.
OSINTBuddy Welcome to the OSINTBuddy project where you can connect, combine, and get insights from unstructured and public data as results that can be explored step-by-step. An easy-to-use plugin system allows any Python developer...
The post osintbuddy: Node graphs, OSINT data mining, and plugins appeared first on Penetration Testing Tools.
BucketLoot BucketLoot is an automated S3-compatible Bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning...
The post BucketLoot: an automated S3-compatible bucket inspector appeared first on Penetration Testing Tools.
CloudPrivs CloudPrivs is a tool that leverages the existing power of SDKs like Boto3 to brute force privileges of all cloud services to determine what privileges exist for a given set of credentials. This...
The post CloudPrivs: Determine privileges from cloud credentials appeared first on Penetration Testing Tools.
EmploLeaks This is a tool designed for Open Source Intelligence (OSINT) purposes, which helps to gather information about employees of a company. 🚀 How it Works The tool starts by searching through LinkedIn to...
The post emploleaks: OSINT tool that helps detect members of a company with leaked credentials appeared first on Penetration Testing Tools.
ebpfmon ebpfmon is a tool for monitoring eBPF programs. It is designed to be used with bpftool from the Linux kernel. ebpfmon is a TUI (terminal UI) application written in Go that allows you to do real-time...
The post ebpfmon: tool for monitoring eBPF programs appeared first on Penetration Testing Tools.
airgorah Airgorah is a WiFi auditing software that can discover the clients connected to an access point, perform deauthentication attacks against specific clients or all the clients connected to it, capture WPA handshakes, and crack...
The post airgorah: A WiFi auditing software that can perform deauth attacks and passwords cracking appeared first on Penetration Testing Tools.
OFRAK OFRAK (Open Firmware Reverse Analysis Konsole) is a binary analysis and modification platform. OFRAK combines the ability to: Identify and Unpack many binary formats Analyze unpacked binaries with field-tested reverse engineering tools Modify and Repack binaries with powerful patching strategies...
The post Open Firmware Reverse Analysis Konsole: binary analysis and modification platform appeared first on Penetration Testing Tools.
EscalateGPT A powerful Python tool that leverages the power of OpenAI to analyze AWS IAM misconfigurations. Features 🛠️ EscalateGPT is a Python tool to identify IAM policy issues and enhance Tenable Cloud Security 💻 EscalateGPT retrieves...
The post EscalateGPT: leverages the power of OpenAI to analyze AWS IAM misconfigurations appeared first on Penetration Testing Tools.
sharem SHAREM is intended to be the ultimate Windows shellcode tool, with support to emulate over 12,000 WinAPIs, virtually all user-mode Windows syscalls, and SHAREM provides numerous new features. SHAREM was released on September...
The post sharem: ultimate Windows shellcode tool appeared first on Penetration Testing Tools.
Process Stomping A variation of ProcessOverwriting to execute shellcode on an executable’s section What is it Process Stomping, is a variation of hasherezade’s Process Overwriting and it has the advantage of writing a shellcode payload on...
The post Process Stomping: execute shellcode on an executable’s section appeared first on Penetration Testing Tools.
PurpleOps PurpleOps is a free, open-source web app to track Purple Team assessments. Create assessments aligned with MITRE ATT&CK, leveraging data from sources like Atomic Red Team and SIGMA. Centralise blue and red team...
The post PurpleOps: open-source self-hosted purple team management web application appeared first on Penetration Testing Tools.
What is BinAbsInspector? BinAbsInspector (Binary Abstract Inspector) is a static analyzer for automated reverse engineering and scanning vulnerabilities in binaries, which is a long-term research project incubated at Keenlab. It is based on abstract interpretation...
The post BinAbsInspector: Vulnerability Scanner for Binaries appeared first on Penetration Testing Tools.
Invoke-SessionHunter Retrieve and display information about active user sessions on remote computers. No admin privileges are required. The tool leverages the remote registry service to query the HKEY_USERS registry hive on the remote computers....
The post Invoke-SessionHunter: Retrieve & display information about active user sessions on remote computers appeared first on Penetration Testing Tools.
shortscan Shortscan is designed to quickly determine which files with short filenames exist on an IIS webserver. Once a short filename has been identified the tool will try to automatically identify the full filename....
The post shortscan: An IIS short filename enumeration tool appeared first on Penetration Testing Tools.
Perform malware scan analysis of on-prem servers using AWS services Challenges with on-premises malware detection It can be difficult for security teams to continuously monitor all on-premises servers due to budget and resource constraints....
The post drs-malware-scan: Perform file-based malware scan on your on-prem servers with AWS appeared first on Penetration Testing Tools.
Amnesiac Amnesiac is a post-exploitation framework designed to assist with lateral movement within active directory environments. Amnesiac is being developed to bridge a gap on Windows OS, where post-exploitation frameworks are not readily available...
The post Amnesiac: lateral movement within active directory environments appeared first on Penetration Testing Tools.
DIAL Workloads on the cloud provide equal opportunities for hackers as much as they do for internal teams. Cloud-native companies are open to attacks from both outside forces and from within. With the ever-growing...
The post DIAL: centralised security misconfiguration detection framework appeared first on Penetration Testing Tools.
reFlutter This framework helps with Flutter apps reverse engineering using the patched version of the Flutter library which is already compiled and ready for app repacking. This library has a snapshot deserialization process modified...
The post reFlutter: Flutter Reverse Engineering Framework appeared first on Penetration Testing Tools.
