kubeaudit kubeaudit is a command-line tool and a Go package to audit Kubernetes clusters for various different security concerns, such as: run as non-root use a read-only root filesystem drop scary capabilities, don’t add new...
The post kubeaudit: audit Kubernetes clusters for various different security concerns appeared first on Penetration Testing Tools.
GraphQL Cop – Security Audit Utility for GraphQL GraphQL Cop is a small Python utility to run common security tests against GraphQL APIs. GraphQL Cop is perfect for running CI/CD checks in GraphQL. It...
The post GraphQL Cop: Security Audit Utility for GraphQL appeared first on Penetration Testing Tools.
Ghost Ghost is a shellcode loader project designed to bypass multiple detection capabilities that are usually implemented by an EDR Detection 1 – kernel callbacks kernel callbacks are implemented by an EDR to harness...
The post Ghost: Evasive shellcode loader appeared first on Penetration Testing Tools.
ADcheck Assess the security of your Active Directory with few or all privileges. This tool offers functionalities similar to PingCastle, ORADAD, or even PurpleKnight (with some bonuses). ADcheck is developed in pure Python to bypass operating system...
The post ADcheck: Assess the security of your Active Directory appeared first on Penetration Testing Tools.
diskover diskover is an open-source file system indexer that uses Elasticsearch to index and manage data across heterogeneous storage systems. Using diskover, you are able to more effectively search and organize files, and system...
The post diskover: File system crawler, storage search engine and analytics appeared first on Penetration Testing Tools.
Scrapling: Lightning-Fast, Adaptive Web Scraping for Python Scrapling is a high-performance, intelligent web scraping library for Python that automatically adapts to website changes while significantly outperforming popular alternatives. Whether you’re a beginner or an...
The post Scrapling: Fast, Adaptive Web Scraping for Python appeared first on Penetration Testing Tools.
kubesec Security risk analysis for Kubernetes resources Download Kubesec is available as a: Docker container image at docker.io/kubesec/kubesec:v2 Linux/MacOS/Win binary (get the latest release) Kubernetes Admission Controller Kubectl plugin Or install the latest commit from...
The post kubesec: Security risk analysis for Kubernetes resources appeared first on Penetration Testing Tools.
Empire Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers. The Empire server is written in Python 3 and is modular to allow operator flexibility....
The post Empire: PowerShell & Python post-exploitation agent appeared first on Penetration Testing Tools.
VOIDMAW This is a new bypass technique for memory scanners. It is useful in hiding problematic code that will be flagged by the antivirus vendors. This is basically an improved version of Voidgate, but without...
The post Voidmaw: A new bypass technique for memory scanners appeared first on Penetration Testing Tools.
cwe_checker cwe_checker is a suite of tools to detect common bug classes such as use of dangerous functions and simple integer overflows. These bug classes are formally known as Common Weakness Enumerations (CWEs). Its main goal is...
The post cwe_checker: finds vulnerable patterns in binary executables appeared first on Penetration Testing Tools.
Sooty The SOC Analysts all-in-one CLI tool to automate and speed up workflow. Feature Sanitise URL’s to be safe to send in emails Perform reverse DNS and DNS lookups Perform reputation checks from:...
The post Sooty: SOC Analysts all-in-one CLI tool to automate and speed up workflow appeared first on Penetration Testing Tools.
MSI Analyzer This Python script for Linux can analyze Microsoft Windows *.msi Installer files and point out potential vulnerabilities. It was developed by Michael Baer (@derbaer0) in the SEC Consult Vulnerability Lab. Currently, it...
The post MSI Analyzer: Scanning tool for identifying local privilege escalation issues in vulnerable MSI installers appeared first on Penetration Testing Tools.
Volatility 3: The volatile memory extraction framework Volatility is the world’s most widely used framework for extracting digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system...
The post volatility 3: The volatile memory extraction framework appeared first on Penetration Testing Tools.
OWASP Nettacker project is created to automate information gathering, vulnerability scanning, and eventually generating a report for networks, including services, bugs, vulnerabilities, misconfigurations, and other information. This software will utilize TCP SYN, ACK, ICMP,...
The post OWASP Nettacker: Automated Penetration Testing Framework appeared first on Penetration Testing Tools.
Maestro Maestro is a post-exploitation tool designed to interact with Intune/EntraID from a C2 agent on a user’s workstation without requiring knowledge of the user’s password or Azure authentication flows, token manipulation, and web-based...
The post Maestro: Abusing Intune for Lateral Movement over C2 appeared first on Penetration Testing Tools.
FalconHound FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is designed to be used in conjunction with an SIEM...
The post FalconHound: blue team multi-tool appeared first on Penetration Testing Tools.
emp3r0r Linux/Windows post-exploitation framework made by Linux user features beautiful terminal UI, use tmux for window management multi-tasking, you don’t need to wait for any commands to finish basic API provided through Unix socket...
The post emp3r0r: Linux/Windows post exploitation framework appeared first on Penetration Testing Tools.
pwnlook Pwnlook is an offensive post exploitation tool that will give you complete control over the Outlook desktop application and therefore to the emails configured in it. What it does: List mailboxes List folders...
The post pwnlook: an offensive post exploitation tool appeared first on Penetration Testing Tools.
Pandora This is a red team tool that assists in gathering credentials from different password managers. They are separated into three categories, Windows 10 desktop applications, browsers, and browser plugins. This may work on...
The post pandora: A red team tool to extract credentials from password managers appeared first on Penetration Testing Tools.
Wapiti works as a “black-box” vulnerability scanner, that means it won’t study the source code of web applications but will work like a fuzzer, scanning the pages of the deployed web application, extracting links...
The post Wapiti: web-application vulnerability scanner appeared first on Penetration Testing Tools.
