Pybatfish – Python Client For Batfish (Network Configuration Analysis Tool)

Pybatfish is a Python client for Batfish.  What is Batfish? Batfish is a network validation tool that provides correctness guarantees for security, reliability, and compliance by analyzing the configuration of network devices. It builds complete models of network behavior from device configurations and finds violations of network policies (built-in, user-defined, and best-practices). A primary useRead More

CAPEv2 – Malware Configuration And Payload Extraction

CAPE is a malware sandbox. It was derived from Cuckoo with the goal of adding automated malware unpacking and config extraction – hence its name is an acronym: ‘Config And Payload Extraction’. Automated unpacking allows classification based on Yara signatures to complement network (Suricata) and behavior (API) signatures. There is a free community instance onlineRead More

Kube-Applier – Enables Automated Deployment And Declarative Configuration For Your Kubernetes Cluster

kube-applier is a service that enables continuous deployment of Kubernetes objects by applying declarative configuration files from a Git repository to a Kubernetes cluster. kube-applier runs as a Pod in your cluster and watches the Git repo to ensure that the cluster objects are up-to-date with their associated spec files (JSON or YAML) in theRead More

CobaltStrikeParser – Python parser for CobaltStrike Beacon’s configuration

Python parser for CobaltStrike Beacon’s configuration Description Use parse_beacon_config.py for stageless beacons, memory dumps or C2 urls with metasploit compatibility mode (default true). Many stageless beacons are PEs where the beacon code itself is stored in the .data section and xored with 4-byte key. The script tries to find the xor key and data heuristically,Read More

MOSE – Post Exploitation Tool For Configuration Management Servers.

MOSE is a post exploitation tool that enables security professionals with little or no experience with configuration management (CM) technologies to leverage them to compromise environments. CM tools, such as Puppet, Chef, Salt, and Ansible are used to provision systems in a uniform manner based on their function in a network. Upon successfully compromising aRead More

CobaltStrikeScan – Scan Files Or Process Memory For CobaltStrike Beacons And Parse Their Configuration

Scan files or process memory for Cobalt Strike beacons and parse their configuration. CobaltStrikeScan scans Windows process memory for evidence of DLL injection (classic or reflective injection) and performs a YARA scan on the target process’ memory for Cobalt Strike v3 and v4 beacon signatures. Alternatively, CobaltStrikeScan can perform the same YARA scan on aRead More

DockerENT – The Only Open-Source Tool To Analyze Vulnerabilities And Configuration Issues With Running Docker Container(S) And Docker Networks

DockerENT is activE ruNtime application security scanning Tool (RAST tool) and framework which is pluggable and written in python. It comes with a CLI application and clean Web Interface written with StreamLit.DockerENT has been designed keeping in mind that during deployments there weak configurations which may get sticky in production deployments as well and canRead More

Exegol – Exegol Is A Kali Light Base With A Few Useful Additional Tools And Some Basic Configuration

Exegol is a fully configured kali light base with a few useful additional tools (~50), a few useful resources (scripts and binaries for privesc, credential theft etc.) and some configuration (oh-my-zsh, history, aliases, colourized output for some tools). It can be used in pentest engagements and BugBounty. Exegol’s original fate was to be a ready-to-hackRead More

X