Bantam – A PHP Backdoor Management And Generation tool/C2 Featuring End To End Encrypted Payload Streaming Designed To Bypass WAF, IDS, SIEM Systems

An advanced PHP backdoor management tool, with a lightweight server footprint, multi-threaded communication, and an advanced payload generation and obfuscation tool. Features end to end encryption with request unique encryption keys, and payload streaming designed to bypass WAF, IDS, SIEM systems. It incorporates several payload randomization and obfuscation techniques to help prevent detection when encryptionRead More

Confused – Tool To Check For Dependency Confusion Vulnerabilities In Multiple Package Management Systems

A tool for checking for lingering free namespaces for private package names referenced in dependency configuration for Python (pypi) requirements.txt, JavaScript (npm) package.json, PHP (composer) composer.json or MVN (maven) pom.xml. What is this all about? On 9th of February 2021, a security researcher Alex Birsan published an article that touched different resolve order flaws inRead More

OpenCSPM – Open Cloud Security Posture Management Engine

Open Cloud Security Posture Management, OpenCSPM, is an open-source platform for gaining deeper insight into your cloud configuration and metadata to help understand and reduce risk over time. Who is OpenCSPM for? Security teams running infrastructure in cloud environments looking to gain visibility into security risk across the entire account and track the resolution ofRead More

MOSE – Post Exploitation Tool For Configuration Management Servers.

MOSE is a post exploitation tool that enables security professionals with little or no experience with configuration management (CM) technologies to leverage them to compromise environments. CM tools, such as Puppet, Chef, Salt, and Ansible are used to provision systems in a uniform manner based on their function in a network. Upon successfully compromising aRead More

Bulwark – An Organizational Asset And Vulnerability Management Tool, With Jira Integration, Designed For Generating Application Security Reports

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports. Jira Integration Note Please keep in mind, this project is in early development. Launch with Docker Install Docker Create a .env file and supply the following properties: MYSQL_DATABASE=”bulwark”MYSQL_PASSWORD=”bulwark”MYSQL_ROOT_PASSWORD=”bulwark”MYSQL_USER=”root”MYSQL_DB_CHECK=”mysql”DB_PASSWORD=”bulwark”DB_URL=”172.16.16.3″DB_ROOT=”root”DB_USERNAME=”bulwark”DB_PORT=3306DB_NAME=”bulwark”DB_TYPE=”mysql”NODE_ENV=”production”DEV_URL=”http://localhost:4200″PROD_URL=”http://localhost:5000″JWT_KEY=”changeme”JWT_REFRESH_KEY=”changeme”CRYPTO_SECRET=”changeme”CRYPTO_SALT=”changeme” Build and start Bulwark containers: docker-compose up -d Start/Stop Bulwark containers:Read More

Faraday v3.12 – Collaborative Penetration Test and Vulnerability Management Platform

 There are better ways than managing vulnerabilities with spreadsheets, especially when you are working with several tools. We know it’s easy to lose trail of your efforts. In faraday you can keep track of your scanners and your team in one place, This update is focused on improving your everyday tasks in managing information. TheRead More

Permission Manager – A Project That Brings Sanity To Kubernetes RBAC And Users Management, Web UI FTW

Welcome to the Permission Manager!Permission Manager is an application developed by SIGHUP that enables a super-easy and user-friendly RBAC management for Kubernetes. If you are looking for a simple and intuitive way of managing your users within a Kubernetes cluster, this is the right place.With Permission Manager, you can create users, assign namespaces/permissions, and distributeRead More

Vault – A Tool For Secrets Management, Encryption As A Service, And Privileged Access Management

Please note: We take Vault’s security and our users’ trust very seriously. If you believe you have found a security issue in Vault, please responsibly disclose by contacting us at [email protected] Website: https://www.vaultproject.io IRC: #vault-tool on Freenode Announcement list: Google Groups Discussion list: Google Groups Documentation: https://www.vaultproject.io/docs/ Tutorials: HashiCorp’s Learn Platform Certification Exam: Vault AssociateRead More

Faraday v3.11 – Collaborative Penetration Test and Vulnerability Management Platform

This new release brings strong improvements to your security team’s daily performance, allowing them to operate quicker and smarter by increasing accessibility and stabilizing usual functionality. Major enhancements are focused on providing global visualization of findings, improvements on our API allowing better 3rd party integrations, and outstanding tailoring of the results with our new methodsRead More

Faraday presents the latest version of their Security Platform for Vulnerability Management Automation

Miami, February 19, 2020 – Faraday is opening 2020 by strengthening their releases using the featured cybersecurity worldwide events calendar, starting next week with BSides and RSAC in San Francisco. As a Blackhat Global Partner, the company will also participate as a sponsor in all BH’s global events. By means of automation technology and workflowRead More

X