Pentesting

StegCrackerPython

A steganography brute-force utility that uncovers hidden data inside files by trying passwords from a wordlist.

rshijackRust

A TCP connection hijacking tool written in Rust, enabling packet injection into established connections.

drefJavaScript

A framework for exploiting DNS rebinding vulnerabilities to bypass Same-Origin Policy and attack internal networks from browsers.

Juice Shop CTFTypeScript

A CLI tool to export OWASP Juice Shop security challenges into CTFd, RootTheBox, or FBCTF compatible formats.

Git-ScannerShell

A bug hunting tool that scans websites for exposed .git repositories and dumps their contents for security analysis.

V0ltPython

A Python toolkit for security Capture The Flag (CTF) challenges, providing utilities for crypto, shellcodes, and network connections.

GraphCrawler - The all-in-one GraphQL Security toolkitPython

An automated security testing toolkit for GraphQL endpoints that discovers, analyzes, and scores vulnerabilities.

WebHashCatJavaScript

A web interface for Hashcat that enables distributed password cracking sessions across multiple servers with real-time results.

French Wordlists

A collection of French and English wordlists specifically curated for cracking French passwords.

AaiaPython

Visualizes AWS IAM and Organizations as a graph using Neo4j to identify security anomalies and privilege escalation paths.

Reverse-Shell-ManagerPython

A terminal-based manager for handling multiple reverse shell sessions and clients during penetration testing.

PETEPJava

An open-source Java proxy for penetration testing, enabling traffic analysis and modification of TCP/UDP application protocols.

cefdebugC

A minimal command-line utility for connecting to and exploiting exposed CEF/Electron debuggers during security assessments.

GraphcatPython

A Python script that generates graphs and charts from password cracking results (hashcat/john potfiles) for security analysis.

GraphQLerPython

A dependency-aware GraphQL API fuzzing tool that automatically generates and executes security tests based on schema introspection.

Cloud BusterPython

A pentest tool that checks Cloudflare-protected sites for origin IP leaks and misconfigurations.

goctopusGo

A fast GraphQL discovery and fingerprinting toolbox for security testing and reconnaissance.

Cognito ScannerPython

A Python script that implements security testing attacks against AWS Cognito, including account oracle and privilege escalation.

CakeFuzzerPython

An automated IAST fuzzer for discovering vulnerabilities in CakePHP web applications with minimal false positives.

RSF

A standardized methodology for performing security assessments in robotics across physical, network, firmware, and application layers.

twisted-honeypotsShell

A Python-based honeypot suite for SSH, FTP, and Telnet that captures credentials to build attack dictionaries.