Appshark – Static Taint Analysis Platform To Scan Vulnerabilities In An Android App

Appshark is a static taint analysis platform to scan vulnerabilities in an Android app. Prerequisites Appshark requires a specific version of JDK — JDK 11. After testing, it does not work on other LTS versions, JDK 8 and JDK 16, due to the dependency compatibility issue. Building/Compiling AppShark We assume that you are working inRead More

Matano – The Open-Source Security Lake Platform For AWS

Matano is an open source security lake platform for AWS. It lets you ingest petabytes of security and log data from various sources, store and query them in an open Apache Iceberg data lake, and create Python detections as code for realtime alerting. Matano is fully serverless and designed specifically for AWS and focuses onRead More

EvilnoVNC – Ready To Go Phishing Platform

EvilnoVNC is a Ready to go Phishing Platform. Unlike other phishing techniques, EvilnoVNC allows 2FA bypassing by using a real browser over a noVNC connection. In addition, this tool allows us to see in real time all of the victim’s actions, access to their downloaded files and the entire browser profile, including cookies, saved passwords,Read More

Kam1n0 – Assembly Analysis Platform

Kam1n0 v2.x is a scalable assembly management and analysis platform. It allows a user to first index a (large) collection of binaries into different repositories and provide different analytic services such as clone search and classification. It supports multi-tenancy access and management of assembly repositories by using the concept of Application. An application instance containsRead More

Faraday Community – Open Source Penetration Testing and Vulnerability Management Platform

Faraday was built from within the security community, to make vulnerability management easier and enhance our work. What IDEs are to programming, Faraday is to pentesting. Offensive security had two difficult tasks: designing smart ways of getting new information, and keeping track of findings to improve further work. This new update brings: New scanning, reportingRead More

Packj – Large-Scale Security Analysis Platform To Detect Malicious/Risky Open-Source Packages

Packj (pronounced package) is a command line (CLI) tool to vet open-source software packages for “risky” attributes that make them vulnerable to supply chain attacks. This is the tool behind our large-scale security analysis platform Packj.dev that continuously vets packages and provides free reports. How to use Packj accepts two input args: name of theRead More

Cervantes – Collaborative Platform For Pentesters Or Red Teams Who Want To Save Time To Manage Their Projects, Clients, Vulnerabilities And Reports In One Place

Cervantes is an opensource collaborative platform for pentesters or red teams who want to save time to manage their projects, clients, vulnerabilities and reports in one place. Features OpenSource Multiplatform Multilanguage Team Collaboration BuiltIn dashbaords and analytics Manage your clients and Offensive Security projects One click reports creation And more Runtime requirements Docker Docker composeRead More

Frida-Ios-Hook – A Tool That Helps You Easy Trace Classes, Functions, And Modify The Return Values Of Methods On iOS Platform

[*] A tool that helps you can easy using frida. It support script for trace classes, functions, and modify the return values of methods on iOS platform.  For Android platform: frida-android-hook  For Intercept Api was encrypted on iOS application: frida-ios-interceprt-api Env OS Support OS Supported Noted MacOS ✅ main Linux ✅ sub WindowsRead More

FirmWire -b Full-System Baseband Firmware Emulation Platform For Fuzzing, Debugging, And Root-Cause Analysis Of Smartphone Baseband Firmwares

FirmWire is a full-system baseband firmware analysis platform that supports Samsung and MediaTek. It enables fuzzing, root-cause analysis, and debugging of baseband firmware images. See the FirmWire documentation to get started! Experiments & Missing Parts? Upon a vendor’s request, the current public release of FirmWire is a preview version omitting some of the functionality describedRead More

IOSSecuritySuite – iOS Platform Security And Anti-Tampering Swift Library

 iOS Security Suite is an advanced and easy-to-use platform security & anti-tampering library written in pure Swift! If you are developing for iOS and you want to protect your app according to the OWASP MASVS standard, chapter v8, then this library could save you a lot of time.  What ISS detects: Jailbreak (evenRead More

X