Authz0 – An Automated Authorization Test Tool. Unauthorized Access Can Be Identified Based On URLs And RolesAnd Credentials

Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials. URLs and Roles are managed as YAML-based templates, which can be automatically created and added through authz0. You can also test based on multiple authentication headers and cookies with a template file created/generated once.  KeyRead More

Shellcodetester – An Application To Test Windows And Linux Shellcodes

This tools test generated ShellCodes. Usage Exemple ShellCode Tester Linux Instalation git clone shellcodetester/Linuxmake Usage Without break-point: shellcodetester [file.asm] With break-point (INT3). The break-point will be inserted before our generated shellcode: shellcodetester [file.asm] –break-point Download Shellcodetester

Wifi-Framework – Wi-Fi Framework For Creating Proof-Of-Concepts, Automated Experiments, Test Suites, Fuzzers, And More…

We present a framework to more easily perform Wi-Fi experiments. It can be used to create fuzzers, implement new attacks, create proof-of-concepts to test for vulnerabilities, automate experiments, implement test suites, and so on. The main advantage of the framework is that it allows you to reuse Wi-Fi functionality of Linux to more easily implementRead More

Haptyc – Test Generation Framework

Haptyc is a python library which was built to add payload position support and Sniper/Clusterbomb/Batteringram/Pitchfork attack types into Turbo Intruder. While Haptyc accomplishes these goals fairly well it also introduces a simpler way to express test sequences in general. While this library was meant to target Turbo Intruder it has no hard dependencies on TurboRead More

MailRipV2 – Improved SMTP Checker / SMTP Cracker With Proxy-Support, Inbox Test And Many More Features

Your SMTP checker / SMTP cracker for mailpass combolists including features like: proxy-support (SOCKS4 / SOCKS5) with automatic proxy-scraper and checker, e-mail delivery / inbox check and DNS lookup for unknown SMTP-hosts. Made for easy usage and always working! Overview Legal Notices You are ONLY allowed to use the following code for educational purposes! Mail.RipRead More

Dorothy – Tool To Test Security Monitoring And Detection For Okta Environments

Created by David French (@threatpunter) at Elastic Security Dorothy is a tool to help security teams test their monitoring and detection capabilities for their Okta environment. Dorothy has several modules to simulate actions that an attacker might take while operating in an Okta environment and actions that security teams should be able to audit. TheRead More

Corsair_Scan – A Security Tool To Test Cross-Origin Resource Sharing (CORS)

Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS) misconfigurations. CORS is a mechanism that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served. If this is not properly configured, unauthorised domains can access to those resources. What isRead More

Adfsbrute – A Script To Test Credentials Against Active Directory Federation Services (ADFS), Allowing Password Spraying Or Bruteforce Attacks

A script to test credentials against Active Directory Federation Services (ADFS), calculating the ADFS url of an organization and allowing password spraying or bruteforce attacks. The main idea is carrying out password spraying attacks with a random and high delay between each test and using a list of proxies or Tor to make the detectionRead More

Gotestwaf – Go Test WAF Is A Tool To Test Your WAF Detection Capabilities Against Different Types Of Attacks And By-Pass Techniques

An open-source Go project to test different web application firewalls (WAF) for detection logic and bypasses. How it works It is a 3-steps requests generation process that multiply amount of payloads to encoders and placeholders. Let’s say you defined 2 payloads, 3 encoders (Base64, JSON, and URLencode) and 1 placeholder (HTTP GET variable). In thisRead More