Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →
Top 23 penetration-testing-tool Open-Source Projects
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
-
Villain
Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among connected sibling servers (Villain instances running on different machines).
-
-
kubesploit
Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
Garud
An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.
-
Spoofy
Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
-
xurlfind3r
A command-line interface (CLI) based passive URLs discovery utility. It is designed to efficiently identify known URLs of given domains by tapping into a multitude of curated online passive sources.
-
Minimalistic-offensive-security-tools
A repository of tools for pentesting of restricted and isolated environments.
-
Redeye
Redeye is a tool intended to help you manage your data during a pentest operation (by redeye-framework)
-
-
Pentest-Notes
Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec) (by SofianeHamlaoui)
-
-
cervantes
Cervantes is an open-source, collaborative platform designed specifically for pentesters and red teams. It serves as a comprehensive management tool, streamlining the organization of projects, clients, vulnerabilities, and reports in a single, centralized location. (by CervantesSec)
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Project mention: A morning with the Rabbit R1: a fun, funky, unfinished AI gadget | news.ycombinator.com | 2024-04-24It does show how incompetent the attacker was, I report below what Retr0id wrote in the issue:
"tl;dr: The "leak" seems real, but doesn't prove any of the claims made in the readme.
This statement from Peiyuan Liao, the rabbit CTO, is consistent with what I'm seeing here: https://twitter.com/liaopeiyuan/status/ 1782922595199033662
So the "leak" is a bit of a nothingburger, containing partial code for the relatively boring process of letting users authenticate with online services through a sandboxed browser session, from which auth tokens etc. can be extracted. You can't infer anything about how LAM does or doesn't work from this.
They likely used "kiosk escape" tricks to get code exec within the box that runs the browser. Assuming their sandboxing is all set up correctly, this isn't particularly concerning, but it does expose the code that runs within the sandbox for analysis. That's what we appear to have here.
The attacker left behind a file named cdk.log, which is an artifact of https://github.com/cdk-team/CDK/, a container pentesting tool. They were clearly trying to escape the sandbox and pivot to somewhere more interesting, but I don't think they managed it. I think "part 2" is a bluff, this is all they have (feel free to prove me wrong, lol).
But that doesn't mean there's nothing here. Lets look at what we do have.
The most interesting detail to me is a package name list in repo/ typescript/common/base-tsconfig.json
[...]
The only code actually present is for q-web-minion-
What follows is my speculation based on the names alone:
"q" seems like a codename for the rabbit device (so q-hole rabbit hole). Q might stand for "quantum".
The problem with trying to log into and interface with consumer-facing services from 'the cloud" is that you'll get IP rate limited, blocked as a bot, etc. It would make sense to proxy traffic back out through the user's device, and that's what I'd hope q-proxy is about. The big downside with this is that it ~doubles latency and halves available bandwidth, magnifying any deficiencies of a flaky 4G connection. This is perhaps partly why their doordash demo chugged so hard. (protip to the team; use a caching proxy, with SSL, MitM. Detect CDN URLs and don't proxy those.)
This is a total stab in the dark but my guess is that bunny-host is where the LAM action happens, and bunny-builder is for LAM training.
cm-quantum-peripheral-common might be the wrist-mounted device teased in the launch event.
Addendum:
It's also possible there were some juicy credentials accessible within the container. But if there were, they aren't in this leak. In particular, it looks like they're using GCP "service account keys' (/credentials/ cm-gcp-service-account-quantum-workload/gcp-service-account- quantum-workload.json), which according to google's docs "create a security risk and are not recommended. Unlike the other credential file types, compromised service account keys can be used by a bad actor without any additional information".
There isn't enough information here (and/or my analysis isn't deep enough - "cloud" is not my forte) to determine if that'll cause any issues in practice, but if there really is a "part 2" leak, I'd guess this is how they got it."
I OCR two screenshots that I did so there could be errors.
Project mention: WebSocket security: 9 common vulnerabilities & prevention methods | dev.to | 2023-09-25Comprehensive WebSocket security testing requires a deep understanding of the WebSocket protocol and practical experience in both manual and automated security testing techniques. Open tools like STEWS can detect known WebSocket vulnerabilities while commercial security tools like Burp Suite exist to intercept and manipulate WebSocket frames with ease, however they won't catch everything. Perform manual testing and fuzzing to identify unexpected behavior or vulnerabilities that automated tools might miss.
NOTE:
The open source projects on this list are ordered by number of github stars.
The number of mentions indicates repo mentiontions in the last 12 Months or
since we started tracking (Dec 2020).
penetration-testing-tools related posts
- A morning with the Rabbit R1: a fun, funky, unfinished AI gadget
- A Detailed Talk about K8S Cluster Security from the Perspective of Attackers (Part 1)
- A Detailed Talk about K8S Cluster Security from the Perspective of Attackers (Part 1)
- A tool to help with Active Directory and Windows
- Where can I find the best AD notes / cheatsheet for every situation :) ?
- best phishing site or code for hacking insta
- Browser in the Browser (BITB) Attack
-
A note from our sponsor - InfluxDB
www.influxdata.com | 25 Apr 2024
Index
What are some of the best open-source penetration-testing-tool projects? This list will help you:
| Project | Stars | |
|---|---|---|
| 1 | WhatWeb | 5,096 |
| 2 | Modlishka | 4,670 |
| 3 | CDK | 3,638 |
| 4 | Villain | 3,561 |
| 5 | cloudfox | 1,794 |
| 6 | kubesploit | 1,071 |
| 7 | broxy | 990 |
| 8 | reverse-ssh | 817 |
| 9 | Garud | 752 |
| 10 | SSTImap | 644 |
| 11 | Spoofy | 532 |
| 12 | xurlfind3r | 520 |
| 13 | Minimalistic-offensive-security-tools | 510 |
| 14 | Redeye | 452 |
| 15 | t14m4t | 381 |
| 16 | faction | 352 |
| 17 | Pentest-Notes | 329 |
| 18 | lit-bb-hack-tools | 304 |
| 19 | Nimbo-C2 | 296 |
| 20 | STEWS | 286 |
| 21 | jwtXploiter | 257 |
| 22 | cervantes | 247 |
| 23 | SharpStrike | 199 |
Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com