.webp "How To Install/Run – Streamlining OSINT Workflows For Enhanced Capabilities")
NoSQLMap : Automated NoSQL Database Enumeration & Web Application Exploitation Tool
NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases and web applications using NoSQL in order to disclose or clone data from the database. A NoSQL (originally referring to "non SQL", "non relational" or "not only SQL") database provides a mechanism for storage...
Airflowscan : Checklist & Tools For Increasing Security Of Apache Airflow
Airflowscan is a checklist and tools for increasing security of Apache Airflow. The purpose of this project is provide tools to increase security of Apache Airflow installations. This projects provides the following tools: Configuration file with hardened settingsSecurity checklist for hardening default installationsStatic analysis tool to check Airflow configuration files for insecure settings.JSON schema document used for validation by the...
Docker Security Playground : A Microservices-Based Framework For The Study Of Network Security & Penetration Test Techniques
Docker Security Playground is an application that allows you to: Create network and network security scenarios, in order to understand network protocols, rules, and security issues by installing DSP in your PC.Learn penetration testing techniques by simulating vulnerability labs scenariosManage a set of docker-compose project . Main goal of DSP is to learn in penetration testing and network security, but its flexibility...
DrMITM : A Program Designed To Globally Log All Traffic Of A Website
DrMITM is a program designed to globally log all traffic. It sends a request to website and returns the IP of the website just in case the server of the website is designed to rely on the website IP for requests. The request that goes to the website also ends up being sent to the...
Sampler : A Tool For Shell Commands Execution, Visualization & Alerting
Sampler is a tool for shell commands execution, visualization and alerting. Configured with a simple YAML file. One can sample any dynamic process right from the terminal - observe changes in the database, monitor MQ in-flight messages, trigger a deployment script and get notification when it's done. If there is a way to get a metric using shell command -...
Findomain : Fastest & Cross-Platform Subdomain Enumerator
Findomain is a fastest and cross-platform subdomain enumerator. It comparison gives you a idea why you should use findomain instead of another tools. The domain used for the test was microsoft.com in the following BlackArch virtual machine: Host: KVM/QEMU (Standard PC (i440FX + PIIX, 1996) pc-i440fx-3.1)Kernel: 5.2.6-arch1-1-ARCHCPU: Intel (Skylake, IBRS) (4) @ 2.904GHzMemory: 139MiB / 3943MiB The tool used to...
Goop : Google Search Scraper
Goop can perform google searches without being blocked by the CAPTCHA or hitting any rate limits. How it works? Facebook provides a debugger tool for its scraper. Interestingly, Google doesn't limit the requests made by this debugger (whitelisted?) and hence it can be used to scrap the google search results without being blocked by the CAPTCHA. Since facebook is involved, a facebook session Cookie must be...
ThreatHunting : A Splunk App Mapped To MITRE ATT&CK
ThreatHunting is a Splunk application containing several dashboards and over 120 reports that will facilitate initial hunting indicators to investigate. You obviously need to be ingesting Sysmon data into Splunk, a good configuration can be found here Note: This application is not a magic bullet, it will require tuning and real investigative work to be truly effective in your environment. Try to become...
HackerTarget : Tools And Network Intelligence To Help Organisations With Attack Surface Discovery
HackerTarget is tools and network intelligence to help organisations with attack surface discovery. Use open source tools and network intelligence to help organisations with attack surface discovery and identification of security vulnerabilities. Identification of an organisations vulnerabilities is an impossible task without tactical intelligence on the network footprint. By combining open source intelligence with the worlds best open...
Seccomp Tools : Provide Powerful Tools For Seccomp Analysis
Seccomp provide powerful tools for seccomp analysis. This project is targeted to (but not limited to) analyze seccomp sandbox in CTF pwn challenges. Some features might be CTF-specific, but still useful for analyzing seccomp in real-case. Features Dump - Automatically dumps seccomp-bpf from execution file(s).Disasm - Converts bpf to human readable format. Simple decompile.Display syscall names and arguments when possible.Colorful! Asm - Write...
.webp "SharpExclusionFinder – Streamlining Windows Defender Exclusion Checks With Advanced Scanning Capabilities")
