Njsscan is a static application testing (SAST) tool that can find insecure code patterns in your node.js applications using simple pattern…
Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly, but it's flexible) in a bunch of horrible…
Macrome an Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can…
FakeLogonScreen is a utility to fake the Windows logon screen in order to obtain the user's password. The password entered…
Shellcodetester is a tool that tests generated ShellCodes. Usage Example ShellCode Tester Linux Installation git clone https://github.com/helviojunior/shellcodetester.git cd shellcodetester/Linux make…
Flare-qdb is a command-line and scriptable Python-based tool for evaluating and manipulating native program state. It uses Vivisect to set a breakpoint…
Autotimeliner tool will automagically extract forensic timeline from volatile memory dumps. Requirements Python 3Volatilitymactime (from SleuthKit) (Developed and tested on…
Droopescan is a plugin-based scanner that aids security researchers in identifying issues with several CMS. Usage of droopescan for attacking…
Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints Requirements : Triton, ROPGadget…
truffleHog previously functioned by running entropy checks on git diffs. This functionality still exists, but high signal regex checks have…