Uncover – Quickly Discover Exposed Hosts On The Internet Using Multiple Search Engine

uncover is a go wrapper using APIs of well known search engines to quickly discover exposed hosts on the internet. It is built with automation in mind, so you can query it and utilize the results with your current pipeline tools. Currently, it supports shodan, censys, and fofa search engine. Features Simple and Handy utilityRead More

Get-RBCD-Threaded – Tool To Discover Resource-Based Constrained Delegation Attack Paths In Active Directory Environments

Tool to discover Resource-Based Constrained Delegation attack paths in Active Directory Environments Based almost entirely on wonderful blog posts “Wagging the Dog: Abusing Resource-Based Constrained Delegation to Attack Active Directory” by Elad Shamir and “A Case Study in Wagging the Dog: Computer Takeover” by harmj0y. Read these two blog posts if you actually want toRead More

Attack-Surface-Framework – Tool To Discover External And Internal Network Attack Surface

ASF aims to protect organizations acting as an attack surface watchdog, provided an “Object” which might be a: Domain, IP address or CIDR (Internal or External), ASF will discover assets/subdomains, enumerate their ports and services, track deltas and serve as a continuous and flexible attacking and alerting framework leveraging an additional layer of support againstRead More

Kodex – A Privacy And Security Engineering Toolkit: Discover, Understand, Pseudonymize, Anonymize, Encrypt And Securely Share Sensitive And Personal Data: Privacy And Security As Code

Kodex (Community Edition – CE) is an open-source toolkit for privacy and security engineering. It helps you to automate data security and data protection measures in your data engineering workflows. It offers the following functionality: Read data items from a variety of sources such as files, databases or message queues. Protect these data items usingRead More

Pathprober – Probe And Discover HTTP Pathname Using Brute-Force Methodology And Filtered By Specific Word Or 2 Words At Once

Probe and discover HTTP pathname using brute-force methodology and filtered by specific word or 2 words at once. Purpose Brute-forcing website directories or HTTP pathname and validate using HTTP response code is not relevant anymore. This tool will help you to perform a penetration test, because it could validate the directories using specific-word or 2Read More

SkyArk – Helps To Discover, Assess And Secure The Most Privileged Entities In Azure And AWS

SkyArk is a cloud security project with two main scanning modules: AzureStealth – Scans Azure environments AWStealth – Scan AWS environments These two scanning modules will discover the most privileged entities in the target AWS and Azure. The Main Goal – Discover The Most Privileged Cloud UsersSkyArk currently focuses on mitigating the new threat ofRead More

Netenum – A Tool To Passively Discover Active Hosts On A Network

Network reconnaisance tool that sniffs for active hosts IntroductionNetenum passively monitors the ARP traffic on the network. It extracts basic data about each active host, such as IP address, MAC address and manufacturer. The main objective of this tool is to find active machines without generating too much noise.Features Provides basic information about the network,Read More

SkyWrapper – Tool That Helps To Discover Suspicious Creation Forms And Uses Of Temporary Tokens In AWS

SkyWrapper is an open-source project which analyzes behaviors of temporary tokens created in a given AWS account. The tool is aiming to find suspicious creation forms and uses of temporary tokens to detect malicious activity in the account. The tool analyzes the AWS account, and creating an excel sheet includes all the currently living temporaryRead More

Pulsar – Network Footprint Scanner Platform – Discover Domains And Run Your Custom Checks Periodically

Pulsar is an automated network footprint scanner for Red Teams, Pentesters and Bounty Hunters. Its focused on discovery of organization public facing assets with minimal knowledge about its infrastructure. Along with network data visualization, it attempts to give a basic vulnerability score to find infrastructure weak points and their relation to other resources. It canRead More

X