ODBParser – OSINT Tool To Search, Parse And Dump Only The Open Elasticsearch And MongoDB Directories That Have The Data You Care About Exposing

ODBParser is a tool to search for PII being exposed in open databases. ONLY to be used to identify exposed PII and warn server owners of irresponsible database maintenance OR to query databases you have permission to access! PLEASE USE RESPONSIBLY What is this? Wrote this as wanted to create one-stop OSINT tool for searching,Read More

TIGMINT – OSINT (Open Source Intelligence) GUI Software Framework

An OSINT (Open Source Intelligence) software framework with an objective of making cyber investigations more convinient by implementing abstraction mechanisms to hide the background technical complexity also bundling different analysis techniques for social media Intelligence together providing a simple intuitive web interface for the user to work with. Preview Modules   Our Team Documentation AccountRead More

Zuthaka – An Open Source Application Designed To Assist Red-Teaming Efforts, By Simplifying The Task Of Managing Different APTs And Other Post-Exploitation Tools

A collaborative free open-source Command & Control integration framework that allows developers to concentrate on the core function and goal of their C2. Explore the docs ยป About the project Problem Statement The current C2s ecosystem has rapidly grown in order to adapt to modern red team operations and diverse needs (further information on C2Read More

LoGiC.NET – A More Advanced Free And Open .NET Obfuscator Using Dnlib

LoGiC.NET is a free and open-source .NET obfuscator that uses dnlib for folks that want to see how obfuscation works with more complex obfuscations than Goldfuscator for example. Before obfuscation After obfuscation Dependencies dnlib v3.3.2 : Restore NuGet packages and it’ll work (if it doesn’t already). SharpConfigParser : https://github.com/AnErrupTion/LoGiC.NET/raw/master/SharpConfigParser.dll Current Features Renames methods, parameters, properties,Read More

Security Scorecards – Security Health Metrics For Open Source

Security Health Metrics For Open Source Motivation A short motivational video clip to inspire us: https://youtu.be/rDMMYT3vkTk “You passed! All D’s … and an A!” Goals Automate analysis and trust decisions on the security posture of open source projects. Use this data to proactively improve the security posture of the critical projects the world depends on.Read More

Vulnerablecode – A Free And Open Vulnerabilities Database And The Packages They Impact And The Tools To Aggregate And Correlate These Vulnerabilities

VulnerableCode is a free and open database of FOSS software package vulnerabilities and the tools to create and keep the data current. It is made by the FOSS community to improve and secure the open source software ecosystem. Why? The existing solutions are commercial proprietary vulnerability databases, which in itself does not make sense becauseRead More

OWASP ASST (Automated Software Security Toolkit) – A Novel Open Source Web Security Scanner

OWASP ASST (Automated Software Security Toolkit) | A Novel Open Source Web Security Scanner. Note: AWSS is the older name of ASST Introduction Web applications have become an integral part of everyday life, but many of these applications are deployed with critical vulnerabilities that can be fatally exploited. As the technology used to develop theseRead More

OpenWifiPass – An Open Source Implementation Of Apple’s Wi-Fi Password Sharing Protocol In Python

An open source implementation of the grantor role in Apple’s Wi-Fi Password Sharing protocol. Disclaimer OpenWifiPass is experimental software and is the result of reverse engineering efforts by the Open Wireless Link project. The code serves solely documentary and educational purposes. It is untested and incomplete. For example, the code does not verify the identityRead More

RAT-el – An Open Source Penetration Test Tool That Allows You To Take Control Of A Windows Machine

RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software. Please do not upload to virustotalRead More

Horusec – An Open Source Tool That Improves Identification Of Vulnerabilities In Your Project With Just One Command

Horusec is an open source tool that performs static code analysis to identify security flaws during the development process. Currently, the languages for analysis are: C#, Java, Kotlin, Python, Ruby, Golang, Terraform, Javascript, Typescript, Kubernetes, PHP, C, HTML, JSON, Dart. The tool has options to search for key leaks and security flaws in all filesRead More