frida-wshook is an analysis and instrumentation tool which uses frida.re to hook common functions often used by malicious script files which are...
MalwLess is an open source tool that allows you to simulate system compromise or attack behaviours without running processes or PoCs. The...
testssl.sh is a free command line tool which checks a server’s service on any port for the support of TLS/SSL ciphers, protocols...
Slither is a Solidity static analysis framework written in Python 3. It runs a suite of vulnerability detectors, prints visual information about...
The interactive web server. HTTPLabs let you inspect HTTP requests and forge responses. Install Golang go get github.com/gchaincl/httplab go install github.com/gchaincl/httplab/cmd/httplab Archlinux...
Just a simple (poorly written) Python script that aimlessly “browses” the internet by starting at pre-defined rootURLs and randomly “clicking” links on...
WPScan is a free, for non-commercial use, black box WordPress vulnerability scanner written for security professionals and blog maintainers to test the...
What is SSRF vulnerability? Server Side Request Forgery (SSRF) is a type of vulnerability class where attacker sends crafted request from a...
Domain Hijacking is a well-known security issue that can be carried in many different ways. In addition to social engineering or unauthorized...
Often during the penetration test engagement the security analyst faces the problem of identifying privilege escalation attack vectors on tested Linux machine(s)....
XVNA is an extreme vulnerable node application coded in Nodejs(Expressjs)/MongoDB that helps security enthusiasts to learn application security. it’s not counseled to...
OWASP JoomScan (short for [Joom]la Vulnerability [Scan]ner) is an opensource project in perl programming language to detect Joomla CMS vulnerabilities and analysis them. WHY OWASP JOOMSCAN ? If...
Modern applications leverage the availability of existing components for use as building blocks in application development. By using existing components, organizations can...
This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715...
Wapiti allows you to audit the security of your websites or web applications. It performs “black-box” scans (it does not study the...
A simple shell script to tell if your Linux installation is vulnerable against the 3 “speculative execution” CVEs: CVE-2017-5753 bounds check bypass...
Speculative optimizations execute code in a non-secure manner leaving data traces in microarchitecture such as cache. Refer to the paper by Lipp...
WhatWaf is an advanced firewall detection tool who’s goal is to give you the idea of “There’s a WAF?”. WhatWaf works by...
makin is to make initial malware assessment little bit easier, It helps to reveal a debugger detection techniques used by a sample. Supports...
Droidefense (originally named atom: analysis through observation machine)* is the codename for android apps/malware analysis/reversing tool. It was built focused on security...
Transform your Shellcode to Assembly (ARM, ARM64, MIPS, PPC, X86) Replace in shellcodetoasm.py with your shellcode. shellcode = '' Installation git clone https://github.com/blacknbunny/ShellcodeToAssembly.git...