144 open source projects by nccgroup

RedSnarf is a pen-testing / red-teaming tool for Windows environments

Security-focused static analysis for the Phoenix Framework

A Generic Windows Memory Scraping Tool

Container Blackbox Security Auditing Tool: enumerates security configuration from within the target container

NCC Group Ransomware Simulator

HTA encryption tool for RedTeams

Clickjacking PoC Generator

A tool to visually snapshot a website by supplying multiple user-agent. Designed to aid in discovery of different entry points into an application.

Heap analysis tooling for ptmalloc

A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.

An automated, modular cryptanalysis tool; i.e., a Weapon of Math Destruction

SetCookie Analysis in Browser Research Results

A DNS rebinding attack framework.

Automated HTTP Request Repeating With Burp Suite

A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques

AFL/QEMU fuzzing with full-system emulation.

Automatically identify deserialisation issues in Java and .NET applications by using active and passive scans

A tool for quickly evaluating IAM permissions in AWS.

TCP tunneling over HTTP/HTTPS for web application servers

Discover resources created in an AWS account.

Fast directory scanning and scraping tool

A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.

Socks5/4/4a Proxy support for Remote Desktop Protocol / Terminal Services / Citrix / XenApp / XenDesktop

Phantom Tap (PhanTap) - an ‘invisible’ network tap aimed at red teams

Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team.

the Network Protocol Fuzzer that we will want to use.

A sniffer for Bluetooth 5 and 4.x LE

Information released publicly by NCC Group's Cyber Incident Response Team

Advanced Burp Suite Logging Extension

VisualCodeGrepper - Code security scanning tool.

Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa.

Security auditing tool for Azure environments

Content hijacking proof-of-concept using Flash, PDF and Silverlight

Specify targets and run sets of tools against them

This tool downloads, installs, and configures a shiny new copy of Chromium.

Easy 802.1Q VLAN Hopping

A tool to find and exploit servers vulnerable to Shellshock

Multi-Cloud Security Auditing Tool

DriverBuddy is an IDA Python script to assist with the reverse engineering of Windows kernel drivers.

A tool for standing up (and tearing down!) purposefully insecure cloud infrastructure

Extension adds a new tab in Burp Suite called Extractor

Python Implementation of a .NET Padding Oracle Assessment Tool

Proxmark3 Amiibo simulator as shown at Recon Montreal 2018

Generates CMakeLists.txt files from arbitrary C/C++ codebases

A U-Boot hacking toolkit for security researchers and tinkerers

Knowledge base of exploit mitigations available across numerous operating systems, architectures and applications and versions.

Small Python library that makes it easy to exploit race conditions in web apps with Requests.

BLEBoy is a training tool to teach users about BLE security by providing a single BLE peripheral that can be used to experiment with each BLE pairing method and demonstrates GATT security concepts.

Heap analysis tooling for dlmalloc