psudohash Psudohash is a password list generator for orchestrating brute force attacks and cracking hashes. It imitates certain password creation patterns commonly used by humans, like substituting a word’s letters with symbols or numbers...
The post psudohash: Generates millions of keyword-based password mutations in seconds appeared first on Penetration Testing Tools.
web-check Get an insight into the inner workings of a given website: uncover potential attack vectors, analyse server architecture, view security configurations, and learn what technologies a site is using. Currently, the dashboard will...
The post web-check: All-in-one OSINT tool for analysing any website appeared first on Penetration Testing Tools.
Callisto An Intelligent Automated Binary Vulnerability Analysis Tool Callisto is an intelligent automated binary vulnerability analysis tool. Its purpose is to autonomously decompile a provided binary and iterate through the pseudo code output looking...
The post Callisto: An Intelligent Binary Vulnerability Analysis Tool appeared first on Penetration Testing Tools.
SMShell PoC for an SMS-based shell. Send commands and receive responses over SMS from mobile broadband-capable computers. This tool came as an inspiration during research on eSIM security implications led by Markus Vervier, presented...
The post SMShell: PoC for a SMS-based shell appeared first on Penetration Testing Tools.
goLAPS Retrieve LAPS passwords from a domain. The tools is inspired in pyLAPS. This project was just a personal excuse to learn Golang. Capabilities It can get all LAPS passwords from a domain controler using...
The post goLAPS: Retrieve LAPS passwords from a domain appeared first on Penetration Testing Tools.
What is ShadowClone? ShadowClone is designed to delegate time-consuming tasks to the cloud by distributing the input data to multiple serverless functions (AWS Lambda, Azure Functions, etc.) and running the tasks in parallel resulting...
The post ShadowClone: Boost Your Pentesting Performance in Seconds appeared first on Penetration Testing Tools.
GCP Scanner This is a GCP resource scanner that can help determine what level of access certain credentials possess on GCP. The scanner is designed to help security engineers evaluate the impact of a...
The post GCP Scanner: A comprehensive scanner for Google Cloud appeared first on Penetration Testing Tools.
RogueSliver A suite of tools to disrupt campaigns using the Sliver C2 framework. This tool, its uses, and how it was created will be covered in depth on ACEResponder.com This tool is for educational purposes...
The post RogueSliver: disrupt campaigns using the Sliver C2 framework appeared first on Penetration Testing Tools.
webpalm WebPalm is a command-line tool that enables users to traverse a website and generate a tree of all its web pages and their links. It uses a recursive approach to enter each link...
The post webpalm: powerful command-line tool for website mapping and web scraping appeared first on Penetration Testing Tools.
What is Akto? Akto is an instant, open source API security platform that takes only 60 secs to get started. Akto is used by security teams to maintain a continuous inventory of APIs, test...
The post akto v1.31.9 releases: instant, open source API security platform appeared first on Penetration Testing Tools.
go-recon This project started as some Golang scripts to automatically perform tedious processes while performing external recon, between another bunch of things. Over the time I reworked the scripts and finally decided to create...
The post go-recon: External recon toolkit appeared first on Penetration Testing Tools.
ClientInspector Are you in control? – or are some of your core infrastructure processes like patching, antivirus, and bitlocker enablement drifting? Or would you like to do advanced inventory, where you can look up your warranty state against...
The post ClientInspectorV2: Unleashing the power of Azure LogAnalytics, Azure Data Collection Rules, Log Ingestion API appeared first on Penetration Testing Tools.
Poastal – the Email OSINT tool Poastal is an email OSINT tool that provides valuable information on any email address. With Poastal, you can easily input an email address and it will quickly answer several...
The post poastal: the Email OSINT tool appeared first on Penetration Testing Tools.
Sirius Scan Sirius is the first truly open-source general purpose vulnerability scanner. Today, the information security community remains the best and most expedient source for cybersecurity intelligence. The community itself regularly outperforms commercial vendors....
The post Sirius Scan: open-source general purpose vulnerability scanner appeared first on Penetration Testing Tools.
GPOddity The GPOddity project aims at automating GPO attack vectors through NTLM relaying (and more). For more details regarding the attack and a demonstration of how to use the tool, see the associated article...
The post GPOddity: automating GPO attack vectors through NTLM relaying appeared first on Penetration Testing Tools.
DavRelayUp A quick and dirty port of KrbRelayUp with modifications to allow for NTLM relay from webdav to LDAP in order to streamline the abuse of the following attack primitive: (Optional) New machine account creation (New-MachineAccount)...
The post DavRelayUp: A universal no-fix local privilege escalation in domain-joined windows workstations appeared first on Penetration Testing Tools.
eBPFShield Welcome to eBPFShield, a powerful and intuitive security tool for monitoring and protecting your servers. Featuring both IP-Intelligence and DNS monitoring capabilities, eBPFShield utilizes the power of ebpf and python to provide real-time monitoring and actionable insights...
The post eBPFShield: powerful IP-intelligence and DNS monitoring tool appeared first on Penetration Testing Tools.
Cloud edge Lookup an IP to find the cloud provider and other details based on the provider’s published JSON data Cloud edge is a recon tool focused on exploring cloud service providers. It can...
The post Cloud edge: Lookup an IP to find the cloud provider and other details appeared first on Penetration Testing Tools.
Red Canary Mac Monitor Red Canary Mac Monitor is an advanced, stand-alone system monitoring tool tailor-made for macOS security research, malware triage, and system troubleshooting. Harnessing Apple Endpoint Security (ES), it collects and enriches system...
The post Red Canary Mac Monitor: advanced, stand-alone system monitoring tool tailor-made for macOS security research appeared first on Penetration Testing Tools.
DeepSecrets – a better tool for secret scanning Yet another tool – why? Existing tools don’t really “understand” code. Instead, they mostly parse texts. DeepSecrets expands classic regex-search approaches with semantic analysis, dangerous variable...
The post deepsecrets: a better tool for secret scanning appeared first on Penetration Testing Tools.
