Jaeles v0.4 – The Swiss Army Knife For Automated Web Application Testing

Jaeles is a powerful, flexible and easily extensible framework written in Go for building your own Web Application Scanner. InstallationDownload precompiled version here.If you have a Go environment, make sure you have Go >= 1.13 with Go Modules enable and run the following command. GO111MODULE=on go get -u Please visit the Official Documention for […]


Dufflebag – Search Exposed EBS Volumes For Secrets

Dufflebag is a tool that searches through public Elastic Block Storage (EBS) snapshots for secrets that may have been accidentally left in. You may be surprised by all the passwords and secrets just laying around!The tool is organized as an Elastic Beanstalk (“EB”, not to be confused with EBS) application, and definitely won’t work if […]


Qiling – Advanced Binary Emulation Framework

Qiling is an advanced binary emulation framework, with the following features: Cross platform: Windows, MacOS, Linux, BSD Cross architecture: X86, X86_64, Arm, Arm64, Mips Multiple file formats: PE, MachO, ELF Emulate & sandbox machine code in a isolated environment Provide high level API to setup & configure the sandbox Fine-grain instrumentation: allow hooks at various […]


Nfstream – A Flexible Network Data Analysis Framework

nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common […]


WhatTheHack – A Collection Of Challenge Based Hack-A-Thons Including Student Guide, Proctor Guide, Lecture Presentations, Sample/Instructional Code And Templates

WhatTheHack is a collection of challenge based hack-a-thons including student guide, proctor guide, lecture presentations, sample/instructional code and templates. What, Why and How “What the Hack” is a challenge based hackathon format Challenges describe high-level tasks and goals to be accomplished Challenges are not step-by-step labs Attendees work in teams of 3 to 5 people […]


Injectus – CRLF And Open Redirect Fuzzer

Simple python tool that goes through a list of URLs trying CRLF and open redirect payloads. ▪ ▐ ▄ ▐▄▄▄▄▄▄ . ▄▄· ▄▄▄▄▄▄• ▄▌.▄▄ · ██ •█▌▐█ ·██▀▄.▀·▐█ ▌▪•██ █▪██▌▐█ ▀. ▐█·▐█▐▐▌▪▄ ██▐▀▀▪▄██ ▄▄ ▐█.▪█▌▐█▌▄▀▀▀█▄ ▐█▌██▐█▌▐▌▐█▌▐█▄▄▌▐███▌ ▐█▌·▐█▄█▌▐█▄▪▐█ ▀▀▀▀ ██▪ ▀▀▀• ▀▀▀ ·▀▀▀ ▀▀▀ ▀▀▀ ▀▀▀▀ ~ BOUNTYSTRIKE ~usage: Injectus [-h] [-f FILE] [-u URL] [-r] […]


PCFG Cracker – Probabilistic Context Free Grammar (PCFG) Password Guess Generator

PCFG = Probabilistic Context Free GrammarPCFG = Pretty Cool Fuzzy GuesserIn short: A collection of tools to perform research into how humans generate passwords. These can be used to crack password hashes, but also create synthetic passwords (honeywords), or help develop better password strength algorithms Documentation Academic Papers:Original 2009 IEEE Security and Privacy paper on […]


DVNA – Damn Vulnerable NodeJS Application

Damn Vulnerable NodeJS Application (DVNA) is a simple NodeJS application to demonstrate OWASP Top 10 Vulnerabilities and guide on fixing and avoiding these vulnerabilities. The fixes branch will contain fixes for the vulnerabilities. Fixes for vunerabilities OWASP Top 10 2017 vulnerabilities at fixes-2017 branch.The application is powered by commonly used libraries such as express, passport, […]


GDA Android Reversing Tool – A New Decompiler Written Entirely In C++, So It Does Not Rely On The Java Platform, Which Is Succinct, Portable And Fast, And Supports APK, DEX, ODEX, Oat

Here, a new Dalvik bytecode decompiler, GDA(this project started in 2013 and released its first version 1.0 in 2015 at 9090) , is proposed and implemented in C++ to provide more sophisticated, fast and convenient decompilation support. GDA is completely self-independent and very stable. It supports APK, DEX, ODEX, oat files, and run without […]


Project-Black – Pentest/BugBounty Progress Control With Scanning Modules

Scope control, scope scanner and progress tracker for easier working on a bug bounty or pentest project. What is this tool for?The tools encourages more methodical work on pentest/bugbounty, tracking the progress and general scans information.It can launch masscan nmap dirsearch amass patator against the scope you work on and store the data in a […]