RedTeam-Physical-Tools – Red Team Toolkit – A Curated List Of Tools That Are Commonly Used In The Field For Physical Security, Red Teaming, And Tactical Covert Entry

Commonly used tools for Red Teaming Engagements, Physical Security Assessments, and Tactical Covert Entry. In this list I decided to share most of the tools I utilize in authorized engagements, along with my personal ranking of their value based on their usage and for you to consider if they should be in your toolkit, includingRead More

Xepor – Web Routing Framework For Reverse Engineers And Security Researchers, Brings The Best Of Mitmproxy And Flask

Xepor (pronounced /ˈzɛfə/, zephyr), a web routing framework for reverse engineers and security researchers. It provides a Flask-like API for hackers to intercept and modify HTTP request and/or HTTP response in a human-friendly coding style. This project is meant to be used with mitmproxy. User write scripts with xepor, and run the script inside mitmproxyRead More

NodeSecurityShield – A Developer And Security Engineer Friendly Package For Securing NodeJS Applications

A Developer and Security Engineer friendly package for Securing NodeJS Applications. Inspired by the log4J vulnerability (CVE-2021-44228) which can be exploited because an application can make arbitrary network calls. We felt there is an need for an application to declare what privileges it can have so that exploitation of such vulnerabilities becomes harder. To achieveRead More

BWASP – BoB Web Application Security Project

The BoB Web Application Security Project (BWASP) is an open-source, analysis tool to support for Web Vulnerability Manual Analysis hackers. The BWASP tool basically provides predicted information through vulnerability analysis without proceeding with an attack. BWASP supports performing automated analysis and manual analysis. The BWASP Project supports: Find Attack vector automatically. (e.g. SQL Injection, Cross-siteRead More

Graphql-Threat-Matrix – GraphQL Threat Framework Used By Security Professionals To Research Security Gaps In GraphQL Implementations

Why graphql-threat-matrix? graphql-threat-matrix was built for bug bounty hunters, security researchers and hackers to assist with uncovering vulnerabilities across multiple GraphQL implementations. The differences in how GraphQL implementations interpret and conform to the GraphQL specification may lead to security gaps and unique attack vectors. By analyzing and comparing the factors that drive the security risksRead More

IOSSecuritySuite – iOS Platform Security And Anti-Tampering Swift Library

 iOS Security Suite is an advanced and easy-to-use platform security & anti-tampering library written in pure Swift! If you are developing for iOS and you want to protect your app according to the OWASP MASVS standard, chapter v8, then this library could save you a lot of time.  What ISS detects: Jailbreak (evenRead More

365Inspect – A PowerShell Script That Automates The Security Assessment Of Microsoft Office 365 Environments

Further the state of O365 security by authoring a PowerShell script that automates the security assessment of Microsoft Office 365 environments. Setup 365Inspect requires the administrative PowerShell modules for Microsoft Online, Azure AD (We recommend installing the AzureADPreview module), Exchange administration, Microsoft Graph, Microsoft Intune, Microsoft Teams, and Sharepoint administration. The 365Inspect.ps1 PowerShell script willRead More

Slyther – AWS Security Tool

Slyther is AWS Security tool to check read/write/delete access for S3 buckets   Requirements aws-cli Installation pip3 install -r requirements.txt Usage example python3 slyther.py -b flaws.cloud Release History 0.0.3 Added option to check if aws-cli is installed or not 0.0.2 Added option to check list of buckets 0.0.1 Initial release Created by – @iamavu DownloadRead More

Ostorlab – A Security Scanning Platform That Enables Running Complex Security Scanning Tasks Involving Multiple Tools In An Easy, Scalable And Distributed Way

The Sales Pitch If this is the first time you are visiting the Ostorlab Github page, here is the sales pitch. Security testing requires often chaining tools together, taking the output from one, mangling it, filtering it and then pushing it to another tool. Several tools have tried to make the process less painful withRead More

Codecat v0.56 – An Open-Source Tool To Help You Find/Track User Input Sinks And Security Bugs Using Static Code Analysis

CodeCat is an open-source tool to help you find/track user input sinks and security bugs using static code analysis. These points follow regex rules.  Current rules for C,C++,GO,Python,javascript,Swift,PHP,Ruby,ASP,Kotlin,Dart and Java.(you can create your rules) video How too install, step by step: Go to CodeCat directory, install backend and frontend libs: $ apt install python3-pip$ cdRead More

X