AI Summary: PrivescCheck is a PowerShell script designed for identifying common Windows vulnerabilities and configuration issues outside the scope of public security standards, facilitating exploitation and post-exploitation tasks. It allows users to run various checks—including basic, extended, and audit checks—generate human-readable reports in multiple formats (TXT, HTML, CSV, XML), and includes options for silent execution and risky checks, making it suitable for penetration testing, research, and auditing purposes. Notably, the tool performs context-aware access control checks to provide accurate findings based on the current user’s privileges.

AI Summary: Privilege Escalation is a comprehensive cheat sheet and reference guide tailored for penetration testers, CTF participants, and cybersecurity students, focusing on methods to escalate privileges in compromised systems. This tool includes a wealth of exploitation techniques, such as abusing sudo rights, exploiting SUID bits, and identifying vulnerable Docker instances, alongside detailed enumeration and exploitation methods. Notable features include practical examples, links to external resources, and an organized structure for efficient referencing in both educational and professional penetration testing scenarios.

AI Summary: Project Restoration is a patch for Majora’s Mask 3D that reintroduces mechanics from the original game while resolving gameplay issues to enhance player experience. Notable features include an improved swimming mechanic for Zora Link, adjustments to the Inverted Song of Time’s effect, and modifications to the Twinmold battle for clarity and pacing. The project aims to blend the best aspects of the original game with the enhanced graphics of the remaster, ensuring a polished gameplay experience without game-breaking issues.

AI Summary: protobuf-inspector is a command-line tool designed to parse Google Protobuf encoded blobs (versions 2 and 3) without requiring their corresponding definitions. It outputs a structured representation of the blob’s content, including inferred types and potential parsing errors, making it useful for developers working with Protobuf data or engaging in reverse-engineering tasks. Notable features include the ability to detect structure dynamically, handle embedded messages, and support raw data extraction for in-depth analysis.

AI Summary: Prowler is an open-source cloud security platform that automates security assessments and compliance checks across various cloud environments. It features hundreds of customizable security checks and integration capabilities, enabling organizations to implement real-time monitoring and remediation for enhanced cloud security. Designed for scalability and cost-effectiveness, Prowler simplifies the complexities of cloud security management for organizations of all sizes.

README

Prowler is the Open Cloud Security platform trusted by thousands to automate security and compliance in any cloud environment. With hundreds of ready-to-use checks and compliance frameworks, Prowler delivers real-time, customizable monitoring and seamless integrations, making cloud security simple, scalable, and cost-effective for organizations of any size.

AI Summary: PS2Recomp is an experimental static recompiler for PlayStation 2 ELF binaries that translates MIPS R5900 instructions into C++ code. Its primary use case involves recompiling and executing PS2 games while allowing configuration for stubs, skips, and instruction patches. Notable features include customizable syscall handling, support for PS2-specific macros, and integration with Ghidra for efficient function export and mapping.

README

PS2Recomp: PlayStation 2 Static Recompiler (Experimental)

Also check our WIKI

AI Summary: PsMapExec is a PowerShell-based post-exploitation framework designed to facilitate penetration testing within Active Directory environments. It offers enhancements over similar tools like CrackMapExec and NetExec, allowing for comprehensive Active Directory enumeration and management with a user-friendly interface. The tool is self-contained, making it suitable for use in restricted environments, and emphasizes adherence to ethical guidelines and consent when utilized for security assessments.

README

PsMapExec

AI Summary: pspy is an unprivileged Linux process monitoring tool that allows users to observe commands executed by other processes, including cron jobs, in real-time without requiring root access. It leverages procfs scans and inotify filesystem watchers to detect short-lived processes and can be particularly useful for system enumeration in Capture The Flag (CTF) challenges, as well as for demonstrating secure coding practices regarding command-line argument handling. Notable features include customizable process and filesystem event monitoring, with options for output formatting and scan intervals.

AI Summary: Psudohash is a customizable password list generator designed for orchestrating brute force attacks and cracking hashes by mimicking human password creation patterns. Key features include in-order and all-order combinations of keyword permutations, leet character substitution, common padding value additions, and filtering options based on word length, making it particularly effective for pentesting corporate environments where standard naming conventions are often used in passwords.

README

psudohash

Cool New Features of v1.1.0

Special thanks to DavidAngelos:
▶️ Added a progress bar in every step to track execution.
▶️ Added options:

AI Summary: Pwn_jenkins is a tool designed for exploiting various remote code execution vulnerabilities within Jenkins instances, specifically targeting misconfigurations and outdated versions. It enables authenticated and unauthenticated access to sensitive files, allows for arbitrary command execution via deserialization exploits, and identifies authentication bypass issues through crafted requests. Notable features include support for multiple CVEs, including CVE-2014-23897 and CVE-2019-1003002, making it a comprehensive toolkit for assessing the security of Jenkins environments.

AI Summary: Pwnagotchi is a Raspberry Pi-based tool designed for capturing WPA key material from Wi-Fi networks using passive and active techniques, generating PCAP files compatible with hashcat for cracking. Notable features include the ability to perform full and half WPA handshake captures, utilize PMKID attacks, and facilitate communication between multiple Pwnagotchi units through a custom protocol. The tool has removed AI components to enhance stability and battery life during operation.

AI Summary: Pwncat is a powerful networking tool that enhances the capabilities of traditional netcat by incorporating advanced features such as evasion techniques for firewalls and intrusion detection/prevention systems, along with support for both bind and reverse shells. Its self-injecting shell functionality and extensive scripting support using Python make it particularly effective for penetration testing and exploitation scenarios. Notably, it facilitates seamless port forwarding and maintains a user-friendly interface for enhanced usability in complex network environments.

AI Summary: Pwndbg is a Python module designed as a plugin for GDB and LLDB, enhancing the debugging experience for developers working on low-level software, reverse engineering, and exploit development. Its primary use case is to streamline common debugging tasks by providing user-friendly features and a suite of utilities that address the shortcomings of vanilla GDB and LLDB. Notable features include an improved hexdump command, a clean interface for quick navigation, and a range of custom tools to facilitate debugging across different platforms and architectures.

AI Summary: pwnedOrNot is an OSINT tool designed to check if email accounts have been compromised and retrieve associated passwords from public data dumps. It leverages the HaveIBeenPwned v3 API for initial breach verification and subsequently searches for compromised passwords. Key features include detailed breach information, the ability to filter results by domain, and support for batch processing of multiple email addresses.

README

OSINT Tool for Finding Passwords of Compromised Email Accounts

Created by Lohitya Pushkar (thewhiteh4t).
Twitter - Blog

AI Summary: pwninit is a tool designed to automate the setup for binary exploitation challenges by preparing the necessary executables and library files. Key features include the ability to set the challenge binary as executable, download an appropriate linker and debug symbols, patch the binary using patchelf, and generate a customizable pwntools solve script. This streamlines the initial configuration process for security professionals and students engaging in binary exploitation tasks.

AI Summary: PyArmor-Unpacker is a tool designed to unpack Python applications protected by PyArmor, specifically targeting versions prior to v8. The tool offers three methods for unpacking, with the preferred method being suitable for Python 3.9, allowing users to retrieve the original code from obfuscated .pyc files. Notable features include a detailed usage guide, support for multiple unpacking methods, and an emphasis on community contributions to address known issues and enhance functionality.

AI Summary: PyGOD is a Python library designed for graph outlier detection, enabling users to identify anomalies in various structures such as social networks and security systems. It offers over ten detection algorithms, maintains a unified API for ease of use, and supports multiple levels of outlier detection (node, edge, and graph-level) while being compatible with PyTorch Geometric. Key features include scalable design for large graph processing, comprehensive documentation, and streamlined data handling with PyG data objects.

AI Summary: PyInstaller Extractor is a Python script designed to extract the contents of executables created with PyInstaller, including fixed headers for bytecode decompilation. It supports a wide range of PyInstaller versions and can handle both Windows and Linux binaries, enabling users to recover files from packaged applications efficiently. Notable features include seamless integration with Python 2.x and 3.x environments, as well as compatibility with various bytecode decompilers for further analysis.

AI Summary: PyLingual is a Python bytecode decompiler specifically designed for versions 3.6 and later, allowing users to convert Python bytecode back into source code. Notable features include the ability to run locally or through a web service, support for different Python versions via pyenv, and adjustable options for decompilation settings, such as output directory and segmentation preferences. This tool is optimized for readability and extensibility, though it may initially exhibit some control flow accuracy regressions compared to its web service counterpart.

AI Summary: pypush is an evolving library designed for interfacing with Apple’s internal API, specifically focusing on the client side of the Apple Push Notification service (APNs). Its primary use case is to enable applications to impersonate Apple devices and receive push notifications while facilitating reverse-engineering efforts related to iMessage and other APIs. Notable features include platform independence and a planned expansion to include a wider range of Apple’s API functionalities as development progresses.

AI Summary: pythem is a versatile penetration testing framework written in Python, designed for use by security researchers and professionals to conduct various security assessments within legal boundaries. Notable features include support for attacks such as ARP spoofing, DNS manipulation, brute force attacks on SSH and web forms, as well as tools for exploit development and packet filtering. The framework can be installed on Debian-based Linux distributions, or run as a Docker container, facilitating accessibility and ease of deployment.

AI Summary: QBDI is a modular dynamic binary instrumentation (DBI) framework designed for cross-platform and cross-architecture use, supporting various operating systems including Linux, macOS, Android, iOS, and Windows. It provides C/C++ APIs along with Python and JavaScript bindings, facilitating scripting while integrating seamlessly with external injection tools like Frida. Notable features include the ability to instrument binaries without a preferred injection method and an LD_PRELOAD-based injector for dynamic executables on Linux and macOS, although it currently does not support multithreading or C++ exception handling.

AI Summary: QuickPic Gallery Mod is a modernized version of the classic QuickPic Gallery application, designed for Android platforms with API level 23 and above. This tool emphasizes speed, stability, and simplicity, featuring multiple bug fixes, enhanced compatibility with recent Android versions, and a refreshed Material 3 design while maintaining its lightweight and offline-first experience.

README

QuickPic Gallery Mod

A modernized version of the classic QuickPic Gallery, focused on speed, stability, and simplicity. It includes multiple bug fixes, improved compatibility with recent Android versions, and a refreshed Material 3 design — while preserving the lightweight, fast, and offline-first experience of the original app.

AI Summary: Qu1cksc0pe is a comprehensive malware analysis tool designed to analyze various file types, including Windows executables, Linux binaries, Android APKs, and email files, utilizing both static and dynamic analysis methods. It provides detailed insights such as DLL usage, API functions, embedded executables, and MITRE ATT&CK mappings, facilitating in-depth evaluation of potentially malicious files. The tool also features a user-friendly web interface and robust error handling to enhance usability, especially within different operating system environments.

AI Summary: Quark Engine is a comprehensive tool designed for malware family analysis and vulnerability assessment, particularly in the context of Android malware. Its primary use case involves identifying and reporting on various malware behaviors and signatures, enabling security researchers to assess risks and improve defenses. Notable features include detailed analysis reports, a rule-based scoring system for malware, and compatibility with Python 3.10, making it accessible for developers and cybersecurity professionals.