Description:
GitPhish is a security research tool that assesses GitHub device code authentication flows through various modules, including an auth server and deployment engine, for security testing and analysis.
Security
pqcscan – Post-Quantum Cryptography Scanner
Description:
A Rust-based utility to scan SSH and TLS servers for Post-Quantum Cryptography support. It generates JSON results and helps identify assets lacking PQC support, aiding in migration efforts aligned with global deadlines for PQC adoption.
AdaptixC2
Description:
AdaptixC2 is an extensible post-exploitation and adversarial emulation framework designed for penetration testers. It features a server/client architecture, cross-platform GUI, encrypted communication, plugin support, task management, and multi-platform agents, making it a versatile tool for cybersecurity assessments.
VaulTLS
Description:
VaulTLS is a self-hosted web app for managing mutual TLS certificates centrally, featuring a modern web interface, OpenID Connect support, email notifications, RESTful API, and Docker support. Built with Rust and Vue.js, it simplifies certificate management for home labs and small environments.
mitmproxy
Description:
mitmproxy is an interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
fiddleitm
Description:
A mitmproxy addon designed to identify malicious web traffic, supporting rule management, real-time alerts, event logging, and traffic filtering.
OWASP Nettacker
Description:
OWASP Nettacker is an open source automation tool in Python for information gathering, vulnerability scanning, and penetration testing. It discovers open ports, services, bugs, vulnerabilities, misconfigurations, default credentials, subdomains, and more, with multiple modes including command-line, API, Web GUI, and Docker.
WaybackLister
Description:
WaybackLister is a reconnaissance tool that utilizes the Wayback Machine to find and verify historical URLs and directory listings for security assessments and bug bounty recon, supporting multithreaded scanning and subdomain discovery.
Villain
License: Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International
Description:
Villain is a high-level Stage 0/1 C2 framework that can handle multiple reverse TCP and HoaxShell-based shells, enhance their functionality with additional features (commands, utilities), and share them among connected sibling servers (Villain instances running on different machines).
hawk-eye
Description:
Hawk Eye is a powerful command-line tool designed to scan various data sources like filesystems, S3, databases, Slack, and cloud storage for PII and sensitive data, using advanced text analysis and OCR techniques for comprehensive security auditing.