APTRS – Automated Penetration Testing Reporting System

APTRS (Automated Penetration Testing Reporting System) is an automated reporting tool in Python and Django. The tool allows Penetration testers to create a report directly without using the Traditional Docx file. It also provides an approach to keeping track of the projects and vulnerabilities. Documentation Documentation Prerequisites Python 3.8 and above (https://www.python.org/downloads/release/python-3810/) wkhtmltopdf 0.12.6 andRead More

HTTPLoot – An Automated Tool Which Can Simultaneously Crawl, Fill Forms, Trigger Error/Debug Pages And "Loot" Secrets Out Of The Client-Facing Code Of Sites

An automated tool which can simultaneously crawl, fill forms, trigger error/debug pages and “loot” secrets out of the client-facing code of sites. Usage To use the tool, you can grab any one of the pre-built binaries from the Releases section of the repository. If you want to build the source code yourself, you will needRead More

Collect-MemoryDump – Automated Creation Of Windows Memory Snapshots For DFIR

Collect-MemoryDump – Automated Creation of Windows Memory Snapshots for DFIR Collect-MemoryDump.ps1 is PowerShell script utilized to collect a Memory Snapshot from a live Windows system (in a forensically sound manner). Features: Checks for Hostname and Physical Memory Size before starting memory acquisition Checks if you have enough free disk space to save memory dump fileRead More

GraphCrawler – GraphQL Automated Security Testing Toolkit

Graph Crawler is the most powerful automated testing toolkit for any GraphQL endpoint. NEW: Can search for endpoints for you using Escape Technology’s powerful Graphinder tool. Just point it towards a domain and add the ‘-e’ option and Graphinder will do subdomain enumeration + search popular directories for GraphQL endpoints. After all this GraphCrawler willRead More

CVE-Tracker – With The Help Of This Automated Script, You Will Never Lose Track Of Recently Released CVEs

With the help of this automated script, you will never lose track of newly released CVEs. What does this powershell script do is exactly running the Microsoft Edge at system startup, navigate to 2 URLs ,and then put the browser in to full screen mode. As ethical hackers, it’s vital that we keep track ofRead More

Spring4Shell-Scan – A Fully Automated, Reliable, And Accurate Scanner For Finding Spring4Shell And Spring Cloud RCE Vulnerabilities

A fully automated, reliable, and accurate scanner for finding Spring4Shell and Spring Cloud RCE vulnerabilities Features Support for lists of URLs. Fuzzing for more than 10 new Spring4Shell payloads (previously seen tools uses only 1-2 variants). Fuzzing for HTTP GET and POST methods. Automatic validation of the vulnerability upon discovery. Randomized and non-intrusive payloads. WAFRead More

Authz0 – An Automated Authorization Test Tool. Unauthorized Access Can Be Identified Based On URLs And RolesAnd Credentials

Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials. URLs and Roles are managed as YAML-based templates, which can be automatically created and added through authz0. You can also test based on multiple authentication headers and cookies with a template file created/generated once.  KeyRead More

DRAKVUF Sandbox – Automated Hypervisor-Level Malware Analysis System

DRAKVUF Sandbox is an automated black-box malware analysis system with DRAKVUF engine under the hood, which does not require an agent on guest OS. This project provides you with a friendly web interface that allows you to upload suspicious files to be analyzed. Once the sandboxing job is finished, you can explore the analysis resultRead More

SSRFire – An Automated SSRF Finder. Just Give The Domain Name And Your Server And Chill! Also Has Options To Find XSS And Open Redirects

An automated SSRF finder. Just give the domain name and your server and chill! 😉 It also has options to find XSS and open redirects. Syntax ./ssrfire.sh -d domain.com -s yourserver.com -f custom_file.txt -c cookies domain.com —> The domain for which you want to test yourserver.com —> Your server which detects SSRF. Eg. Burp collaboratorRead More

Wifi-Framework – Wi-Fi Framework For Creating Proof-Of-Concepts, Automated Experiments, Test Suites, Fuzzers, And More…

We present a framework to more easily perform Wi-Fi experiments. It can be used to create fuzzers, implement new attacks, create proof-of-concepts to test for vulnerabilities, automate experiments, implement test suites, and so on. The main advantage of the framework is that it allows you to reuse Wi-Fi functionality of Linux to more easily implementRead More