SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out...
Vimana is a modular security framework designed to audit Python web applications. The base of the Vimana is composed of crawlers focused on frameworks (in addition to the generic ones for web), trackers, discovery,...
BatchQL is a GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations. This script is not complex, and we welcome improvements. When exploring the problem space of GraphQL batching...
This tool compiles some necessary tools for wifi auditing in a unix bash script with a user friendly interface. The goal of owt is to have the smallest file size possible while still...
PowerShell toolkit for auditing Active Directory Certificate Services (AD CS). It is built on top of PKISolution‘s PSPKI toolkit (Microsoft Public License). This repo contains a newer version of PSPKI than what’s available in...
msldap LDAP library for MS AD Documentation Awesome documentation here! Features Comes with a built-in console LDAP client All parameters can be conrolled via a conveinent URL (see below) Supports integrated windows authentication (SSPI)...
mongoaudit is a CLI tool for auditing MongoDB servers, detecting poor security settings and performing automated penetration testing. Installing Clone this repository and run the setup: > git clone https://github.com/stampery/mongoaudit.git > cd mongoaudit > python...
Kubestriker performs numerous in depth checks on kubernetes infra to identify the security misconfigurations and challenges that devops engineers/developers are likely to encounter when using Kubernetes, especially in production and at scale. kubestriker is...
FireEye released a free tool on GitHub named Azure AD Investigator that can help companies determine if the SolarWinds hackers (aka UNC2452) used any of their attack techniques inside their networks. Click here for...
Aura is a static assessment framework formulated as a response to the ever-escalating menace of destructive offers and vulnerable code printed on PyPI. Venture goals: give an automatic checking program above uploaded packages to...
Lil Pwny is a Python software to accomplish an offline audit of NTLM hashes of users’ passwords, recovered from Energetic Directory, from known compromised passwords from Have I Been Pwned. The usernames of any...
A multiprocessing solution to auditing Lively Listing passwords employing Python. About Lil Pwny Lil Pwny is a Python application to carry out an offline audit of NTLM hashes of users’ passwords, recovered from Energetic...
