Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

Tfsec is now part of Trivy

A tool designed to exploit a privilege escalation vulnerability in the sudo program on Unix-like systems. It takes advantage of a specific misconfiguration or flaw in sudo to gain elevated privileges on the system, essentially allowing a regular user to execute commands as the root user.

Windows Local Privilege Escalation Cookbook

An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.

yotter - bash script that performs recon and then uses dirb to discover directories that might lead to information leakage

A Trivy plugin that scans and outputs the results (vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more) to an interactive html file.

Plugin for YATAS that audits AWS accounts for misconfiguration and security issues

DroidSniper - Misconfigured Android Debug Bridge Scanner

Fast CORS Misconfiguration Scanner

A tool to find .git folder exposed due to server misconfiguration.

This script automate exploit only cloud service

FireSploit is a powerful tool for ethical hackers, developers, and security researchers. It helps find and fix misconfigured Firebase databases that are exposing sensitive data to the public. By scanning for open read/write access, it helps you secure your applications and prevent data breaches.

Plugin for YATAS that audits GCP projects for misconfiguration and security issues

Env Breaker adalah Pemindaian dan deteksi file .env pada situs-situs target. Skrip ini membantu mengidentifikasi kemungkinan kebocoran informasi sensitif yang terkait dengan file .env

NetGun is a free and open source tool for port scanning, services enumeration, misconfigurations testing and CVE research. This is only for testing, official repository: https://github.com/MyCr4ck/NetGun_Classe03

Bash script to detect SPF, DKIM, and DMARC issues that expose domains to spoofing

⚛️ nucleo is a script that checks common vulnerabilities and security misconfigurations, strongly inspired by nuclei.

Automation tools untuk mendeteksi celah misconfig Host Header injection

⚠️ Description only - code is confidential. Automates cloud security assessments for AWS, Azure, and GCP to detect misconfigurations and perform controlled exploitation.