AI Summary: ROPgadget is a tool designed to facilitate Return-Oriented Programming (ROP) exploitation by allowing users to search for gadgets within binary files. It supports multiple file formats (ELF, PE, Mach-O, Raw) and architectures (x86, x64, ARM, ARM64, MIPS, PowerPC, Sparc, RISC-V 64) and employs the Capstone disassembler for efficient gadget identification. Notable features include customizable search parameters, ROP chain generation, and support for various opcode and string searching capabilities.

AI Summary: Ruler is a remote interaction tool designed for Exchange servers, exploiting MAPI/HTTP and RPC/HTTP protocols to manipulate Outlook features for shell access. Its primary use case includes enumerating valid users, creating malicious mail rules, and executing VBScript via Outlook forms or home pages. Notable features include the ability to leverage the Autodiscover service for efficient interaction and a variety of built-in functions for customized exploitation.

README

Introduction

Ruler is a tool that allows you to interact with Exchange servers remotely, through either the MAPI/HTTP or RPC/HTTP protocol. The main aim is abuse the client-side Outlook features and gain a shell remotely.

AI Summary: Rustcat is a versatile port listener and reverse shell utility compatible with Linux, MacOS, and Windows, designed to simplify remote command execution. Notable features include an interactive mode with command history, tab completion, and CTRL-C blocking, which enhance user experience during shell operations. It provides two primary modes of operation: listening for incoming connections and establishing reverse shells for remote system access.

README

AI Summary: RustHound is a cross-platform BloodHound collector tool developed in Rust, designed to generate data about users, groups, computers, OUs, GPOs, and containers for analysis within BloodHound. It operates silently without detection by antivirus software and is suitable for environments where SharpHound is blocked or incompatible. Notable features include its ability to run on Linux, Windows, and macOS, along with a range of compile options, including Docker support and static binary generation.

AI Summary: RustRedOps is a collection of Red Team operation tools developed in Rust, aimed at enhancing the capabilities of security professionals and penetration testers in conducting security assessments and intrusion tests. Notable features include a diverse set of projects focused on techniques such as API hooking, anti-analysis, process enumeration, and various forms of code injection, which collectively facilitate advanced exploitation tactics and malware development. The repository emphasizes efficiency and effectiveness, making it a valuable resource for practitioners in cybersecurity.

AI Summary: RustScan is an advanced port scanner designed for high-speed operation, capable of scanning all 65,000 ports in just 3 seconds. Its notable features include a flexible scripting engine that supports Python, Lua, and Shell for automated processing, as well as adaptive learning capabilities that enhance its performance over time, making it a highly effective tool for network security assessments.

README

AI Summary: rz-ghidra is an integration of the Ghidra decompiler and Sleigh disassembler specifically designed for the Rizin framework. This plugin allows users to decompile functions, output various formats such as XML and JSON, and customize settings for decompilation in a self-contained manner without requiring the full Ghidra suite. Notable features include seamless integration with Rizin, side-by-side decompilation views, and extensive configurability through various parameters for enhanced user experience.

README

rz-ghidra

This is an integration of the Ghidra decompiler and Sleigh Disassembler for Rizin. It is solely based on the decompiler part of Ghidra, which is written entirely in C++, so Ghidra itself is not required at all and the plugin can be built self-contained. This project was presented, initially for radare2, at r2con 2019 as part of the Cutter talk: https://youtu.be/eHtMiezr7l8?t=950

AI Summary: The SaaS Attacks repository provides a structured collection of attack techniques tailored for Software-as-a-Service (SaaS) platforms, aimed at aiding security researchers, penetration testers, and red/blue teams. Notable features include an emphasis on “networkless” attacks devoid of traditional endpoint interactions, and a matrix inspired by the MITRE ATT&CK framework focusing specifically on SaaS-based threats. This resource is designed to facilitate knowledge sharing and collaboration in the identification and mitigation of SaaS vulnerabilities.

AI Summary: Sandman is a backdoor designed for use during red team engagements, specifically tailored to operate on hardened networks by leveraging the NTP protocol to retrieve and execute arbitrary shellcode from a designated server. Notable features include the ability to spoof legitimate IP addresses for NTP, execute as a standalone C# application, and the flexibility to function across various operating systems including Windows and Linux, enhancing its covert capabilities in security assessments.

AI Summary: sandmap is a reconnaissance tool that enhances the capabilities of the Nmap engine, providing a simplified command line interface for automating and expediting network and system scanning processes. It offers 31 modules with 459 predefined scan profiles, support for the Nmap Scripting Engine (NSE), and integration with TOR for enhanced privacy during scans, allowing users to execute multiple scans simultaneously.

README

sandmap

Description • How To Use • Command Line • Configuration • Requirements • Other • Contributing • License • Wiki

AI Summary: SatIntel is an OSINT tool designed for satellite reconnaissance, built with Golang. It enables users to extract satellite telemetry, receive orbital predictions, and parse Two Line Elements (TLE) using a command-line interface that integrates with APIs from Space Track and N2YO. Notable features include satellite catalog retrieval, telemetry display, visual and radio orbital predictions, and user-friendly authentication through environmental variables.

README

SatIntel

 .       .                   .       .      .     .      .                      .              .
    .           .            .     ________
                  .               /////////                .         .      .       .       .          .
        .   ________   .  .      /////////     .    .
           |.____.  /\         /////////    .                      .               .               .
  .       //      \/  |\     /////////
         //          \ |  \ /////////         _______ _______ _______ _____ __   _ _______ _______       .
        ||           | |  ///////// .     .   |______ |_____|    |      |   | \  |    |    |______ |
   .    ||           | |//  /////             ______| |     |    |    __|__ |  \_|    |    |______ |_____  .
        \\         / //     \/   .
          \\.___./ //\      ,_\     .     .                                                            .
  .       .    \ //////\   /    \                 .    .      Satellite OSINT CLI Tool          .            .
          .    ///////// \|      |    .
       .      ///////// .  \ __ /          .               Made by Angelina Tsuboi (G4LXY)              .
 .           /////////                              .               .                   .
   .   .    /////////     .     .                           .                   .                   .     .
           --------   .                  ..             .               .                .
    .        .         .                       .                                 .                .

SatIntel is a OSINT tool for satellite reconnaissance made with Golang. The tool can extract satellite telemetry, receive orbital predictions, and parse TLEs.

Features

• Satellite Catalog Retrieval from NORAD ID or Selection Menu
• Display Satellite Telemetry
• Visual and Radio Orbital Predictions
• Parse Two Line Elements (TLE)

Preview

Usage

Make an account at Space Track save username and password.

AI Summary: scan4all is a versatile cybersecurity tool designed for automated web scanning and vulnerability detection, integrating various tools such as vscan, nuclei, and subfinder. It supports a wide range of protocols for password blasting and includes built-in detection capabilities for over 15,000 proof-of-concept (PoC) exploits. Built on Golang, it is cross-platform, lightweight, customizable, and features intelligent scanning mechanisms that optimize performance while ensuring comprehensive coverage of vulnerabilities.

README

💬

AI Summary: Scanners Box is a comprehensive hacker toolkit that consolidates over 335 open-source scanners across various categories, such as subdomain enumeration, SQL injection vulnerability detection, and malware detection. The tool is designed for modular vulnerability assessment and does not include well-known scanning tools like Nmap or Metasploit, focusing instead on specialized scanning capabilities. Notable features include AI-powered autonomous scanners, dynamic and static code analysis, and comprehensive scanning for web applications and IoT devices.

AI Summary: Scapy is a versatile Python-based tool for interactive packet manipulation that allows users to forge, decode, and analyze packets across various network protocols. Its primary use cases include network scanning, tracerouting, and custom packet crafting, enabling complex tasks such as VLAN hopping and ARP cache poisoning. Notable features include extensive protocol support, intuitive shell interaction, and the ability to easily integrate into automated tests and attacks, making it a comprehensive option for cybersecurity professionals.

AI Summary: Scavenger is an OSINT bot designed to search for sensitive data leaks on paste sites, specifically targeting credentials, private keys, configuration files, and other sensitive information. It features customizable search terms, two operational modes (scraping archives and tracking users), and the ability to scan local folders for sensitive data. The bot effectively organizes crawled pastes into different directories based on detection outcomes, facilitating efficient data management.

README

Scavenger - OSINT Bot - REWORKED

bot in action

AI Summary: Free database schema discovery and comprehension tool

Free database schema discovery and comprehension tool

AI Summary: SchemaSpy is a database metadata analysis tool designed for visualizing and understanding data models through HTML-based reports and entity-relationship diagrams. It supports over a dozen database types via JDBC drivers and can be executed as a standalone application or through Maven, making it versatile for database administrators and developers. Notable features include easy navigation of data schemas and the ability to generate comprehensive documentation of database structures.

README

AI Summary: Scilla is an information gathering tool designed for DNS, subdomains, ports, and directories enumeration. Its primary use case is for penetration testing, providing capabilities for extensive reconnaissance on target domains. Notable features include customizable wordlists for subdomain and directory enumeration, multiple output formats, and ease of installation through various methods such as Homebrew, Snap, and Docker.

README

🏴‍☠️ Information Gathering tool 🏴‍☠️ - DNS / Subdomains / Ports / Directories enumeration


_{Coded with 💙 by edoardottt}
Share on Twitter!

AI Summary: Scope Sentry is a versatile cybersecurity tool that provides functionalities such as asset mapping, subdomain enumeration, vulnerability scanning, and information leakage detection. Its primary use case is to facilitate comprehensive security assessments of web assets through a distributed scanning approach, allowing users to configure multiple scanning nodes. Notably, it features a plugin system for extensibility, supports multi-node scanning, and includes components for web monitoring and sensitive data leakage detection.

AI Summary: Search-That-Hash is a hash cracking automation tool that quickly queries popular online hash databases and utilizes Hashcat for local cracking when offline. It features automatic type identification through integration with Name-That-Hash, a fast search capability, extensibility for adding new hash sources, and an accessible design. Additionally, the tool offers both CLI and JSON API outputs, ensuring flexibility in usage for security professionals.

README

➡️ Discord ⬅️

The Fastest Hash Cracking System
pip3 install search-that-hash && sth

AI Summary: Deepfence SecretScanner is a standalone tool designed to identify unprotected secrets, such as API keys and passwords, within container images and file systems. It matches content against a comprehensive database of approximately 140 secret types, outputting detailed findings in JSON format. Furthermore, SecretScanner can be integrated into the ThreatMapper platform, allowing for holistic vulnerability scanning and risk assessment in cloud-native applications.

README

SecretScanner

SecretScanner

Deepfence SecretScanner can find unprotected secrets in container images or file systems.

AI Summary: SecTemplates is a resource repository designed for infosec professionals and engineering teams lacking dedicated security personnel, providing templates for various security programs such as bug bounties, incident response, and vulnerability management. The tool offers structured starting points including checklists, runbooks, and document templates, facilitating the establishment and scaling of security initiatives while maintaining neutrality towards specific vendors. Content is freely available for personal and commercial use, barring resale in other products.

AI Summary: The “security” repository serves as a compilation of security research and writing contributions by the author, highlighting vulnerabilities across various software platforms including Vim, Chrome, and Firefox. Its primary use case is to document security issues and provide insights via detailed write-ups and analysis, particularly related to Capture The Flag (CTF) challenges. Notable features include links to CVEs, write-ups of specific vulnerabilities, and a collection of past security issues relevant to major web browsers.

AI Summary: The Jassics Security Study Plan repository provides a comprehensive roadmap for aspiring cybersecurity engineers, covering various roles such as penetration testing, application security, cloud security, and DevSecOps. It offers structured study plans that include both free and paid resources, tools, and key concepts necessary to excel in the field. Notable features include detailed plans for specialized areas like AWS, GCP, and threat modeling, along with common skills assessments to help learners gauge their progress.

AI Summary: security-tools is a collection of small security utilities developed in Python and Bash, aimed at assisting CTF competitors, bug bounty hunters, penetration testers, and developers. The primary use case is to facilitate various security tasks and streamline the testing process. Notable features include a diverse range of tools tailored for different security challenges and scenarios.

README

security-tools

Small security related tools created in Python and Bash for CTF players, bug bounty hunters, pentesters and developers.