AI Summary: sn0int is a semi-automatic OSINT framework and package manager designed for IT security professionals and researchers to gather intelligence on targets or themselves. It facilitates the enumeration of attack surfaces by processing public information through flexible, modular analysis tools and provides features such as subdomain harvesting, IP address enrichment, login breach discovery, and social media profile analysis. Its extensible architecture allows users to create and share custom modules, enhancing its versatility in investigations.

AI Summary: Sn1per is an automated penetration testing and attack surface management tool that enhances vulnerability scanning by integrating both commercial and open-source scanners to identify hidden assets and vulnerabilities within an organization’s environment. It streamlines the security assessment process through automation, providing deep and continuous security insights suitable for organizations of all sizes. Notable features include its capability to discover and prioritize risks, saving time and resources in the vulnerability management lifecycle.

AI Summary: Social Analyzer is an OSINT tool designed to analyze and locate a person’s profiles across over 1000 social media platforms via an API, CLI, or web application. Its primary use case includes investigating potential malicious activities like cyberbullying and misinformation dissemination through sophisticated detection modules that yield a confidence rating. Notable features include multi-profile searches, various detection techniques (such as OCR and advanced algorithms), and customizable queries for enhanced data extraction and analysis.

AI Summary: Social-Media-OSINT is a comprehensive resource tool designed for open-source intelligence (OSINT) gathering on various social media platforms and messenger applications. Its primary use case includes providing links to tools, techniques, and methodologies for effective information extraction and analysis across platforms such as Facebook, Instagram, LinkedIn, and more. Notable features include extensive categorization of social media types and resources for advanced analytics on topics like hate speech and disinformation.

AI Summary: The Social-Media-OSINT-Tools-Collection is a comprehensive repository aimed at providing tools for gathering open-source intelligence (OSINT) specifically from social media platforms. Its primary use case involves enabling users to track and analyze information from various social media sites such as Facebook, Instagram, and Twitter, utilizing features like link checkers, keyword searches, and profile lookups. Notable features include monitoring public mentions, recovering accounts, and various specialized search tools that enhance intelligence gathering capabilities.

AI Summary: SocialBox-Termux is a brute-force attack framework designed for social media platforms such as Facebook, Gmail, Instagram, and Twitter. It facilitates penetration testing by automating the login attempts using various credentials, making it useful for security professionals. Notable features include compatibility with Termux on Android, easy installation via a shell script, and the ability to run under a VPN for enhanced privacy.

README

SocialBox-Termux

SocialBox is a Bruteforce Attack Framework [ Facebook , Gmail , Instagram ,Twitter ] , Coded By Belahsan Ouerghi Edit By samsesh

AI Summary: SocialFish is a phishing tool primarily designed for educational purposes, allowing users to create customizable social engineering attack vectors. It features a user-friendly interface and supports Docker for easy deployment. The tool enables users to simulate phishing attacks to assess and enhance security awareness and defenses against social engineering threats.

README

SocialFish

Are you looking for SF’s mobile controller? UndeadSec/SocialFishMobile

Are you looking for SF’s old version(Ngrok integrated) ? UndeadSec/SociaFish/…/sharkNet

AI Summary: socid-extractor is a command-line tool and Python library designed for extracting user profile data from various social media and web platforms, storing the information in a machine-readable format. Supporting over 100 methods for different sites, it enables users to retrieve details such as usernames, links, and personal attributes, facilitating use cases in OSINT and user tracking. Notable features include the ability to skip HTTP requests for unknown URLs, batch processing options, and integration capabilities for broader investigative workflows.

AI Summary: Sogen is a high-performance Windows user space emulator designed for syscall-level operation, granting detailed control over process execution, particularly useful in security analysis, malware dissection, and DRM research. Notable features include advanced memory management, complete PE loading support, implemented Windows structured exception handling, a scheduled threading model, and comprehensive debugging interfaces, including GDB compatibility for seamless integration with popular debugging tools.

README

Sogen is a high-performance Windows user space emulator that operates at syscall level, providing full control over process execution through comprehensive hooking capabilities.

AI Summary: Special K is a versatile tool designed for PC gaming that enhances graphics and performance through code injection. It allows users to modify game behavior by injecting its DLL into applications, supporting both local and global injection methods, which enables a wide range of visual and performance adjustments. Notable features include performance analysis tools, shader and texture modifications, and compatibility with various graphics APIs in both Windows and WINE environments.

AI Summary: The Spectre Attack Example repository demonstrates an exploit based on the Spectre vulnerability (CVE-2017-5753 and CVE-2017-5715), which allows attackers to read sensitive information from memory by exploiting speculative execution. The tool constructs a scenario where out-of-bounds memory reads can leak data via cache timing attacks, highlighting how seemingly safe coding practices can inadvertently increase vulnerability. Notable features include the ability to test system vulnerability, read specified memory addresses, and compile with both GCC and Visual Studio.

AI Summary: SpiceDB is an open-source authorization database inspired by Google’s Zanzibar system, designed to provide scalable and secure permission checks for applications. It allows developers to define schemas, manage relationships, and conduct queries to assess user permissions on resources, addressing critical access control threats. Notable features include its relational-like structure for defining authorization models and its capability to handle complex permission queries for enhanced security management.

README

SpiceDB sets the standard for authorization that scales.

Scale with
Traffic • Dev Velocity • Functionality • Geography

AI Summary: SpiderSuite is an advanced cross-platform web crawling tool specifically crafted for security professionals, facilitating comprehensive web audits and vulnerability assessments. Notable features include ease of installation, user-friendly documentation, and a feature-rich environment tailored for first-time users. The tool aims to enhance security testing processes through efficient crawling capabilities.

README

• Roadmap

SpiderSuite is an advance cross-platform and multi-feature web crawler designed for security professionals. For more information visit SpiderSuite’s website.

AI Summary: Spoilerwall is a network hardening tool that obscures open ports by serving movie spoilers whenever a scan is performed, effectively misleading potential attackers. Its primary use case is to create a deceptive environment that appears vulnerable but instead provides mundane content, deterring unwanted attention and scans. Notable features include customizable spoiler content, easy server setup, and the ability to redirect all TCP traffic to the Spoilerwall service, enhancing security through obfuscation.

AI Summary: Spoofy is a Python-based tool designed to evaluate the spoofability of domains by analyzing their SPF and DMARC records. It features authoritative lookups with a known DNS fallback, accurate bulk processing, and a customizable spoof logic derived from real-world testing, enabling users to conduct comprehensive assessments of domain security configurations. Additionally, Spoofy offers DKIM selector enumeration via API as an optional feature, making it a valuable resource for cybersecurity assessments.

AI Summary: SPRAY is a high-performance directory fuzzing tool designed for testing and exploiting web applications, boasting over 50% greater performance compared to similar tools like ffuf and feroxbuster. It features customizable dictionary generation based on masks or rules, dynamic filtering, extensive fingerprint recognition capabilities, and the ability to handle multiple targets efficiently with resume options for interrupted sessions. The tool seamlessly integrates with *nix command line environments, facilitating inter-operation with other cybersecurity tools.

AI Summary: sqlmap is an open-source penetration testing tool designed for automating the detection and exploitation of SQL injection vulnerabilities in web applications. It features a robust detection engine with capabilities such as database fingerprinting, data extraction, file system access, and command execution through out-of-band connections, making it a comprehensive tool for security professionals. The tool is compatible with Python 2.7 and 3.x, ensuring broad platform support.

README

sqlmap

AI Summary: SSH-MITM is a security auditing tool that functions as a man-in-the-middle SSH server, capable of intercepting and analyzing SSH sessions. It supports various authentication methods, including public key and password authentication, along with features like session hijacking, file manipulation during SCP/SFTP transfers, and dynamic port forwarding. Notably, it also includes capabilities for phishing FIDO tokens and auditing clients for known vulnerabilities, making it a versatile solution for security assessments.

AI Summary: SSL Kill Switch 2 is a blackbox tool designed to disable SSL/TLS certificate validation, including certificate pinning, in iOS and macOS applications. This tool modifies low-level functions managing SSL/TLS connections to bypass the system’s default validation, enabling man-in-the-middle attacks on SSL or HTTPS traffic. It supports installation as a Cydia Substrate tweak on jailbroken iOS devices and can be injected as a dynamic library into macOS applications for similar functionality.

AI Summary: SSRF-Testing is a tool designed for testing and exploiting Server Side Request Forgery (SSRF) vulnerabilities. It provides a variety of resources, including quick URL bypass methods, custom HTTP response generation, and a minimal web server setup for testing different response codes across various file types. Notably, it also includes an IP encoding utility to facilitate testing within whitelisted domains.

README

AI Summary: SSTImap is a penetration testing tool designed to identify and exploit Server-Side Template Injection (SSTI) vulnerabilities in web applications. Its notable features include an interactive mode for enhanced exploitation, support for various programming languages and template engines, and a modular plugin architecture allowing for extensibility. The tool enables advanced exploitation techniques, including the use of generic payloads and evaluation scenarios.

README

SSTImap

AI Summary: SteamKit is a .NET library that facilitates interaction with Valve’s Steam network, providing a flexible and extensible interface for executing various network operations. Its primary use case is enabling developers to create applications that can leverage Steam’s functionalities, such as game management and account handling. Notable features include its distribution as a NuGet package for easy integration, comprehensive XML documentation, and support for .NET 10.0 or higher.

README

SteamKit

AI Summary: SteamTracking is a tool designed to automate the monitoring of various metrics associated with Steam accounts and game performance. Its primary use case is to streamline the process of tracking gameplay statistics and trends, reducing the manual effort required for users. Notable features include automated data collection and user-friendly insights into gaming habits.

README

Steam Tracking

Tracking things, so you don’t have to.

AI Summary: StegCloak is a JavaScript steganography module that conceals secrets within text by using invisible Unicode characters after compressing and encrypting the data. It is designed for covert communication, allowing users to safely embed strings in various platforms while ensuring cryptographic security through AES-256-CTR encryption and HMAC integrity checks. Key features include high-speed processing, support for hiding file links, and a flexible interface available via API, command-line, and web interface.

AI Summary: Stego-Toolkit is a Docker image designed for tackling steganography challenges frequently encountered in CTF platforms. It comes pre-loaded with a variety of popular tools and screening scripts that facilitate the analysis of images and audio files for hidden data, allowing users to effortlessly run command-line and GUI applications within a containerized environment. Notable features include automation scripts for file screening and support for both Linux and Windows tools via Wine, ensuring a comprehensive toolkit for steganography analysis.