GraphCrawler
Villain
GraphCrawler | Villain | |
---|---|---|
7 | 2 | |
288 | 3,590 | |
- | - | |
3.4 | 6.9 | |
3 months ago | 10 days ago | |
Python | Python | |
MIT License | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
GraphCrawler
- GraphCrawler: GraphQL automated security testing toolkit
-
BIG update out for GraphCrawler - GraphQL automated security testing.
You all loved it before but it just got better. Now in version 1.2 just point GraphCrawler at a domain and it will search for subdomains and then GraphQL endpoints on those subdomains for you! After that it will run just like before and do a security assessment on each one. It literally does it all for you now. Check it out! GraphCrawler
-
Automated toolkit for testing GraphQL endpoints.
Hey everyone, for y’all interested in GraphQL security I’ve released a big update to my tool GraphCrawler. It will do literally everything for you when checking out an endpoint for misconfigurations and exposures. Hope y’all like it! And if you do plz star it! GraphCrawler
-
Best GraphQL pentesting tool
Just released my biggest update yet for GraphCrawler! It is now the most powerful GraphQL endpoint security tool out there and I’m working on making it better. Please give it a star if you like it. I hope it makes y’all’s lives easier GraphCrawler
-
New GraphQL pentest tool
Hey, I just released a new version of GraphCrawler and this new version combines it with Clairvoyance and GraphQL-path-enum, to make it the most powerful GraphQL endpoint security tool. If there is anything for a foothold it will find it and help you exploit it by giving you attack paths. Give it a look here: GraphCrawler
-
Pentesting and bug bounty tool for GraphQL
Hey again, I posted about this tool before but there’s been a pretty big update to it and now it includes Clairvoyance and graphql-path-enum built into it. It is the all in one GraphQL pentesting tool. Hope y’all enjoy! GraphCrawler
- GraphQL Automated Vulnerability Scanner
Villain
-
Is MSF Venom - Metasploit a good investment for the long run in terms of RATs?
Villain (recommend) https://github.com/t3l3machus/Villain
- Villain - a Windows & Linux backdoor generator and multi-session handler that allows users to connect with sibling servers (other machines running Villain) and share their backdoor sessions, handy for working as a team.
What are some alternatives?
hoaxshell - A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.
HavocNotion - A simple ExternalC2 POC for Havoc C2. Communicates over Notion using a custom python agent, handler and extc2 channel. Not operationally safe or stable, built as a PoC to showcase Havoc C2's modular C2 channel interface.
Pentest-Notes - Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)
aizawa - Simple command-line webshell that executes commands via the HTTP request in order to avoid any WAF or IDS while bypassing disable_function.
PowerShell-Obfuscation-Bible - A collection of techniques, examples and a little bit of theory for manually obfuscating PowerShell scripts to achieve AV evasion, compiled for educational purposes. The contents of this repository are the result of personal research, including reading materials online and conducting trial-and-error attempts in labs and pentests.
uuid-loader - UUID based Shellcode loader for your favorite C2
recon - Enumerate a target Based off of Nmap Results
emploleaks - An OSINT tool that helps detect members of a company with leaked credentials
Nebula - Nebula is a cloud C2 Framework, which at the moment offers reconnaissance, enumeration, exploitation, post exploitation on AWS, but still working to allow testing other Cloud Providers and DevOps Components.
RecycledInjector - Native Syscalls Shellcode Injector
OmegaPSToolkit - Totally in development! A toolkit that brings together penetration testing tools such as wireless tools, web tools, password cracking tools, etc.
Pyramid - a tool to help operate in EDRs' blind spots