tools/security

Antivirus engine designed for detecting Trojans, viruses, malware and other malicious threats

Cloud agnostic IAM permissions enumerator

Cloud enumeration tool

Tool for situational awareness of cloud penetration tests

Cloud bucket scanner

Tool for listing assets from multiple cloud providers

Decrypt password stored in cmos used to access BIOS SETUP

Cloud-native, graph-based asset inventory

Open source, cloud-native security and policy project

Tool to automatically coerce a Windows server

Automated Command Injection Exploitation Tool

Container Signing CLI with support for ephemeral keys and Sigstore signing

Offline dictionary attack against WPA/WPA2 networks

CLI client for Coze, a cryptographic JSON messaging specification

GraphQL password brute-force and fuzzing utility

Used to break the encryption on old Microsoft Excel and Microsoft Word files

Tool to detect potentially hard-coded credentials

Tool to search a collection of default credentials

Extract credentials and other useful info from network captures

CRLF injection (HTTP Response Splitting) scanner

Tool to scan for CRLF vulnerability

Brute forcing tool that can be used during penetration tests

CrowdSec is a free, open-source and collaborative IPS

Wordlist generator

Free client-side encryption for your cloud files

Encrypted container manager for Linux using cryptsetup

CVE Binary Checker Tool

Tool to create CycloneDX Software Bill of Materials (SBOM) from Go modules

Tool for analysing parameter and XSS scanning

Tests WebDAV servers by uploading test files, and then optionally testing for command execution or…

Tool to track WiFi devices by signal strength

"secrets" decoding for FRITZ!OS devices

Phishing tool for red teams and pentesters

Secrets scanner that understands code

A small human-editable language to emit DER or BER encodings of ASN.1 structures and malformed var…

Random Number Generator test suite

Tool to brute force paths on web servers

Asset discovery and identification tools

Tool to scan memory for secrets

Tool to enumerate DNS information

Spy on the DNS queries your computer is making

DNS Enumeration script

Fast and multi-purpose DNS toolkit

Executes the given command as another user

Shim for the sudo command that utilizes doas

Alternative for S/KEY's 'key' command

Tool to bypass 40X response codes

Fork of the Bruteforce Exploit Detector Tool (BED)

Tool to automate the work with Google dorks

Display and debug ASN.1 data

Duo Security Unix login integration

Sensitive data detection tool capable of scanning source code repositories for passwords, key file…

AWS post-exploitation tool

Create and manipulate ECC NISTP256 keypairs

Tiny collection of programs used for ECDSA (keygen, sign, verify)

Ethereum smart contract fuzzer

Enterprise-class stacked cryptographic filesystem

Helper script to create/mount/unemount encrypted directories using eCryptfs without needing root p…

Tools for manipulating UEFI secure boot platforms

Belgian electronic identity card (eID) middleware

Modern and friendly alternative to GnuPG

Encrypted personal archives

Well known password manager

Tool for enumerating information from Windows and Samba systems

Windows/Samba enumeration tool

Tool to list all public repositories for (valid) GitHub usernames

SMB network scanner

Tor hidden service name generator

WinRM shell for hacking/pentesting

Parser for the Windows XML Event Log (EVTX) format

IoT security testing and exploitation framework

Archive of public exploits and corresponding vulnerable software

Tool to analyse binaries for missing security features

Tool to send result from tools to the Faraday Platform

Command Line Interface for Faraday

Zip password cracker, similar to fzc, zipcrack and others

Fast, simple, recursive content discovery tool

Tool for web fuzzing

DNS reconnaissance tool for locating non-contiguous IP space

Standalone utility for service discovery on open ports

Tool to extract passwords from profiles of Mozilla Firefox and derivates

GTK2 port from Figaro's Password Manager originally developed by John Conneely, with some new enha…

D-Bus daemon that offers libfprint functionality over the D-Bus interprocess communication bus

Fprintd built with libfprint-tod to support Touch OEM Drivers

Payload toolkit for bypassing EDRs

Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers (clien…

Intranet comprehensive scanning tool

Root-CA for code signing certs - issuing certificates based on an OIDC email address

GUI Firewall Management Application

Single Packet Authorization (and Port Knocking) server/client

Tool to fetch URLs from HTML attributes

Extendable Pentesting Framework for the Automotive Domain

Tool to fetch known URLs

Script for generating HOTP/TOTP keys (and QR code)

Simple yet robust commandline random password generator

Shamir's secret-sharing method in the Galois Field GF(2**8)

Tool to find and fix various types of hardcoded secrets and infrastructure-as-code misconfiguratio…

Tool for detecting and exploiting SQL injection security flaws

Extensible GitHub dorking tool

Software reverse engineering (SRE) suite of tools