pocsploit is a lightweight, flexible and novel open source poc verification framework Pain points of the POC framework in the market There are too many params, I don’t know how to get started, but only some of them are commonly used. YAML poc framework(like nuclei & xray) is not flexible enough. the conversion cost isRead More
Reposaur is the open source compliance tool for development platforms. Audit, verify and report on your data and configurations easily with pre-defined and/or custom policies. Supports GitHub. GitLab, BitBucket and Gitea support soon. Getting Started Have you ever felt like you don’t know what’s happening in your GitHub/GitLab/BitBucket repositories? Between 100s or 1000s of themRead More
Octopus is an open source, pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S. The main purpose of creating Octopus is for use before any red team operation, where rather than starting the engagement with your full operational arsenal and infrastructure, you can use Octopus first to attack theRead More
Sub3 Suite is a research-grade suite of tools for Subdomain Enumeration, OSINT Information gathering & Attack Surface Mapping. Supports both manual and automated analysis on variety of target types with many available features & tools. For more information checkout the documentation Screenshots Preface If you’re just getting started with subdomain enumeration, osint information gathering &Read More
Factual-rules-generator is an open source project which aims to generate YARA rules about installed software from a running operating system. The goal of the software is to be able to use a set of rules against collected or acquired digital forensic evidences and find installed software in a timely fashion. The software can be usedRead More
Check the Spanish Version Dome is a fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports. This tool is recommended for bug bounty hunters and pentester in their reconnaissance phase. the more surface area exposed the faster a rock with break down If you wantRead More
Open source self-hosted cyber security learning platform About The Project HaccTheHub is an open source project that provides cyber security The HaccTheHub system consists of 3 main parts: Docker: containing all of the boxes creating the environment in which we’ll be learning on. The backend: controlling Docker and responsible for starting/destroying indivisual box in theRead More
Chain Reactor is an open-source tool for testing detection and response coverage on Linux machines. The tool generates executables that simulate sequences of actions like process creation and network connection. Chain Reactor assumes no prior engineering experience; the tool consumes JSON, so customizing its behavior is as simple as editing a file. Get started ForRead More
An automated SSRF finder. Just give the domain name and your server and chill! 😉 It also has options to find XSS and open redirects. Syntax ./ssrfire.sh -d domain.com -s yourserver.com -f custom_file.txt -c cookies domain.com —> The domain for which you want to test yourserver.com —> Your server which detects SSRF. Eg. Burp collaboratorRead More
Enhance your Kubernetes service mesh security !! mesh-kridik is an open-source security checker that performs various security checks on a Kubernetes cluster with istio service mesh and outputs a security report. The security checks tests are the full implementation of istio security best practices The security checks performed on a Kubernetes cluster with istio serviceRead More
