laravelN00b – Automated Scan .env Files And Checking Debug Mode In Victim Host

Incorrect configuration allows you to access .env files or reading env variables. LaravelN00b automated scan .env files and checking debug mode in victim host. Scan rationale Scan host. Resolve IP adress and check .env file in IP Adress Checking debug mode Laravel ( Read .env variables ) Installation1 – Install with installer.shchmod +x – […]


Andriller – Software Utility With A Collection Of Forensic Tools For Smartphones

Andriller – is software utility with a collection of forensic tools for smartphones. It performs read-only, forensically sound, non-destructive acquisition from Android devices. It has features, such as powerful Lockscreen cracking for Pattern, PIN code, or Password; custom decoders for Apps data from Android (some Apple iOS & Windows) databases for decoding communications. Extraction and […]


LAVA – Large-scale Automated Vulnerability Addition

Evaluating and improving bug-finding tools is currently difficult due to a shortage of ground truth corpora (i.e., software that has known bugs with triggering inputs). LAVA attempts to solve this problem by automatically injecting bugs into software. Every LAVA bug is accompanied by an input that triggers it whereas normal inputs are extremely unlikely to […]


Heapinspect – Inspect Heap In Python

HeapInspect is designed to make heap much more prettier.Now this tool is a plugin of nadbg. Try it! Features Free of gdb and other requirement Multi glibc support 2.19, 2.23-2.27 (currently tested) both 32bit and 64bit Nice UI to show heap HeapShower (detailed) PrettyPrinter (colorful, summary) Heapdiff (working) Corruption detect & exploit analysis (working) Also […]


CHAPS – Configuration Hardening Assessment PowerShell Script

CHAPS is a PowerShell script for checking system security settings where additional software and assessment tools, such as Microsoft Policy Analyzer, cannot be installed. The purpose of this script is to run it on a server or workstation to collect configuration information about that system. The information collected can then be used to provide recommendations […]


Karonte – A Static Analysis Tool To Detect Multi-Binary Vulnerabilities In Embedded Firmware

Karonte is a static analysis tool to detect multi-binary vulnerabilities in embedded firmware. Research paperWe present our approach and the findings of this work in the following research paper:KARONTE: Detecting Insecure Multi-binary Interactions in Embedded Firmware [PDF]Nilo Redini, Aravind Machiry, Ruoyu Wang, Chad Spensky, Andrea Continella, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna. To appear in […]


IotShark – Monitoring And Analyzing IoT Traffic

IoTShark is a IOT monitoring service that allows users to monitor their IOT devices for trends in data sent/received. Ordinarily, setting up a man in the middle attack with proper configurations can take up quite a bit of time, and may seem dauntingly impossible for those with little to no experience in computer security or […]


LNAV – Log File Navigator

The log file navigator, lnav, is an enhanced log file viewer that takes advantage of any semantic information that can be gleaned from the files being viewed, such as timestamps and log levels. Using this extra semantic information, lnav can do things like interleaving messages from different files, generate histograms of messages over time, and […]


TuxResponse – Linux Incident Response

TuxResponse is incident response script for linux systems written in bash. It can automate incident response activities on Linux systems and enable you to triage systems quickly, while not compromising with the results. Usually corporate systems would have some kind of monitoring and control, but there are exceptions due to shadow IT and non-standard images […]


Stowaway – Multi-hop Proxy Tool For Pentesters

Stowaway is Multi-hop proxy tool for security researchers and pentestersUsers can easily proxy their network traffic to intranet nodes (multi-layer)PS: The files under demo folder are Stowaway’s beta version,it’s still functional, you can check the detail by file under the demo folder This tool is limited to security research and teaching, and the user […]