AI Summary: DeepCE is a lightweight tool designed for Docker container enumeration, privilege escalation, and container escapes, written in pure shell script to maximize compatibility. It performs a variety of enumerations, including container-specific data collection and host system scanning, and offers multiple exploits such as Docker group privilege escalation and command execution in privileged mode. Notably, DeepCE minimizes disk writes during enumeration, making it suitable for stealthy assessments in containerized environments.

AI Summary: DeepTraffic is a toolkit that employs deep learning models specifically for the classification of network traffic, focusing on identifying malware and anomalies. Its primary application lies in enhancing cybersecurity measures through effective traffic analysis and representation learning using convolutional neural networks. Notable features include end-to-end encrypted traffic classification and the ability to learn hierarchical spatial-temporal features for improved intrusion detection.

README

Deep Learning models for network traffic classification

For more information please read our papers.

AI Summary: The Default Credentials Cheat Sheet is a tool designed for penetration testers and blue teamers, providing a comprehensive repository of default login credentials for various products to aid in security assessments. Notable features include a searchable database of over 3,700 default credentials, the ability to export results for use in brute force attacks, and automated updates to maintain current data. The tool is easily installable via pip and supports operations across multiple operating systems.

AI Summary: The DEFCON 31 Syscalls Workshop repository provides educational materials focusing on direct and indirect syscalls within Windows operating systems, particularly aimed at enhancing understanding of Win32 and Native APIs for Red Team activities. It includes theoretical content, practical exercises, and proof of concepts (POCs) to facilitate learning about syscall mechanisms and their implications in EDR evasion. Notable features include an emphasis on manual techniques over complex automation, offering foundational insights into call stacks and shellcode execution dynamics.

AI Summary: DeimosC2 is a deprecated post-exploitation Command & Control (C2) tool designed to facilitate control over compromised machines across multiple operating systems including Windows, macOS, and Linux. Its notable features include dynamic agent generation, diverse communication methods (TCP, HTTPS, DoH, and QUIC), a graphical interface for managing listeners and agents, and robust security measures such as multi-user support and two-factor authentication. However, it is important to note that the tool has a known XSS vulnerability and is no longer maintained.

AI Summary: Dembrandt is a command-line tool designed to extract design systems from any website into structured design tokens, including elements such as colors, typography, and components. Its notable features include the ability to generate a brand guide PDF, output data in W3C Design Tokens format, and support for various browser configurations to bypass bot protection on target sites. The tool is easily installed via npm and offers a range of options for customization and output format.

AI Summary: OWASP dep-scan is an advanced security audit tool designed for analyzing project dependencies against known vulnerabilities, advisories, and license issues, applicable to both local repositories and container images. Its primary use case is to facilitate integration within Application Security Posture Management (ASPM) and Vulnerability Management (VM) platforms, especially in Continuous Integration (CI) environments. Notable features include advanced reachability analysis, fast local vulnerability scanning without a server, generation of Software Bills of Materials (SBOM), and clear insights for prioritization of vulnerabilities.

AI Summary: Destroylist is a comprehensive phishing and scam domain blacklist that provides real-time threat intelligence to protect users globally. This tool maintains an extensive database of over 100,000 phishing domains and features active statistics on domain additions and removals, ensuring up-to-date protection against online threats. The repository supports community contributions, fostering collaborative efforts in enhancing online security.

README

Destroylist: Phishing & Scam Domain Blacklist

AI Summary: DetectDee is a reconnaissance tool designed to track down social media accounts using identifiers such as usernames, emails, and phone numbers across various social networks. Notable features include precise control over request handling to evade web application firewalls, support for multiple input types for user detection, and the option for integration with ChatGPT for enhanced result tagging. Its extensibility and ease of use make it suitable for cybersecurity practitioners in their investigations.

AI Summary: Dethrace is a recreation project aimed at reverse-engineering the 1997 game Carmageddon to enable it to run natively on contemporary systems. The tool supports building with CMake and SDL2, and allows users to leverage original game assets or demo versions for gameplay. Notably, it offers configuration options through an INI file and supports CD audio playback from compatible folders, enhancing the authenticity of the gaming experience.

README

Dethrace

AI Summary: Device Activity Tracker is a proof-of-concept tool designed for the analysis of WhatsApp and Signal user activity through Round-Trip Time (RTT) measurement of message delivery receipts. Its primary use case is to uncover privacy vulnerabilities in these messaging apps by detecting user activity levels, device state, and potential location changes, all while presenting real-time data through an accessible web interface. Notable features include an easy setup via Docker, a client-server architecture, and a CLI option for direct tracking of WhatsApp users.

AI Summary: The “devops-tools” repository is a curated compilation of the most effective and popular DevOps tools for 2024, aimed at enhancing development and operational workflows. It categorizes tools into various segments such as Continuous Integration, Containerization, and Monitoring, providing brief descriptions to assist users in identifying the right tools for their needs. Notably, the repository encourages community contributions to continuously improve the list of resources available.

README

Curated List of Best DevOps Tools for 2024

A curated collection of the most effective and popular DevOps tools to streamline your development and operations processes for 2024

AI Summary: Dexcalibur is an advanced Android reverse engineering platform that focuses on automating dynamic instrumentation for improved analysis. Its notable features include the ability to decompile and disassemble intercepted bytecode at runtime, manage multiple hooks, and perform static analysis with its built-in engine capable of executing smali code. This tool is designed to streamline the tedious tasks associated with dynamic analysis, making it essential for security researchers and developers.

AI Summary: DGFraud is a Graph Neural Network (GNN) toolbox designed for detecting fraud in various systems by integrating and comparing state-of-the-art GNN-based models. Its primary use case lies in enhancing the efficacy of fraud detection mechanisms through advanced graph-based methodologies. Notable features include a modular architecture for implementing new models, comprehensive documentation on existing algorithms, and support for TensorFlow 2.0, allowing seamless integration into existing projects.

README

AI Summary: The Dictionary-Of-Pentesting is a comprehensive collection of dictionaries designed for penetration testing, vulnerability discovery, brute force attacks, and fuzzing. It categorizes resources such as authentication, file paths, ports, domains, and various default credentials, and continuously expands its listings to include regex patterns, user credentials, and application-specific payloads. Notable features include a broad range of default password lists, HTTP parameter enumeration, and the inclusion of specific patterns for cloud services and common vulnerabilities.

AI Summary: The Digital Forensics Guide serves as a comprehensive resource for those engaged in digital forensics, providing a compilation of applications, libraries, and tools essential for effectively conducting forensic investigations. The guide includes sections on various forensic fields such as computer, mobile, and network forensics, along with curated lists of tutorials, certifications, and frameworks to enhance practitioners’ skills and knowledge. Notable features include playbooks for practical application and a structured format for easy navigation through key topics.

AI Summary: Diodb is a community-driven, vendor-agnostic database designed to catalog Vulnerability Disclosure Programs (VDPs) and Bug Bounty Programs (BBPs), including essential details such as contact information, policy locations, and reward structures. It facilitates streamlined engagement between security researchers and organizations, promoting best practices like Safe Harbor for ethical hacking. Notable features include a searchable front-end interface, options to download raw data in JSON format, and tools for generating VDPs easily.

AI Summary: Dirhunt is a web crawling tool designed to search for and analyze directories on web servers, identifying interesting content even when directory listings are disabled. It efficiently detects false 404 errors and empty index files while minimizing server requests, supporting features such as multiple site processing, detection of redirectors, and integration with various data sources for enhanced directory discovery. The tool is aimed at audit teams and is intended for use on owned or authorized servers only.

AI Summary: Dirmap is an advanced web directory scanning tool designed for comprehensive directory discovery and vulnerability assessment, surpassing the capabilities of tools like DirBuster and Dirsearch. Its notable features include support for concurrent scanning across multiple targets and payloads, recursive scanning with customizable status code triggers, dynamic dictionary creation through web crawling, and extensive configuration options for request handling and response processing. This makes Dirmap particularly effective for security professionals conducting thorough penetration testing and vulnerability assessments on web applications.

AI Summary: Discover is a customizable suite of bash scripts designed to automate various tasks in penetration testing, including recon, scanning, enumeration, and malicious payload creation with Metasploit, ideal for use on Kali Linux or Ubuntu systems. Notable features include multiple reconnaissance options for domains and persons, automated scanning tools that utilize Nmap and other utilities, and web application testing facilities incorporating tools like Nikto and SSL analysers. The tool simplifies complex penetration testing workflows through an organized menu structure, enabling swift task execution.

AI Summary: DllShimmer is a tool designed to facilitate DLL hijacking by allowing users to backdoor any function in a DLL without disrupting the normal operation of the host program. It generates proxy DLLs through a boilerplate C++ file and a corresponding .def file, ensuring that all exported functions maintain their original names and ordinal numbers, thus avoiding detection. Key features include support for both dynamic and static linking, the option to prevent multiple executions of the backdoor, and comprehensive debug logging capabilities.

AI Summary: DNSGen 2.0 is an advanced DNS name permutation engine tailored for security researchers and penetration testers, facilitating subdomain discovery and security assessments through the generation of intelligent domain name variations. Notable features include a smart domain name permutation engine, support for custom wordlists, multiple sophisticated permutation techniques such as word affixing and cloud-specific patterns, and integration capabilities with tools like MassDNS for efficient domain resolution.

README

DNSGen 2.0 - Advanced DNS Name Permutation Engine 🚀

AI Summary: dnstwist is a DNS-centric tool designed for domain name permutation and reconnaissance, allowing security researchers to discover potential phishing domains and domain variations. Its primary use case is to enhance domain security assessments by identifying lookalike domains and subdomain enumeration. Notable features include support for various DNS record lookups, historical data integration, and API access for automation.

README

docs/README.md

AI Summary: Dockle is a container image linter designed to enhance the security and compliance of Docker images by identifying vulnerabilities and recommending adherence to best practices, including CIS Benchmarks. It offers a simple command-line interface for scanning images, supports integration with CI/CD pipelines, and provides detailed checkpoint reports regarding security issues and Dockerfile practices. Notable features include vulnerability detection and the ability to customize scan parameters for fine-tuning results.

AI Summary: DogeRat is an advanced Android remote administration tool (RAT) that enables real-time control over Android devices through a Telegram-based interface without the need for port forwarding. Notable features include the ability to send and receive messages, capture multimedia, access location data, manage contacts, and utilize keylogger functionality, with additional capabilities available in its paid version, such as encryption and undetectable injections. The tool is intended solely for educational purposes and boasts a comprehensive set of functionalities for thorough device management.