MFTool is a specialized NTFS parser designed for red team operations, allowing direct access to the Master File Table without relying on Windows APIs. It enables users to search for files, retrieve locked or deleted content, and navigate NTFS structures stealthily, catering to the specific needs of security professionals. The tool also features commands for file retrieval, metadata display, and directory enumeration, though it has some limitations, including incomplete parsing of NTFS attributes and unsupported encrypted files.

ghbuster is a tool that identifies potentially malicious or inauthentic GitHub repositories and users through heuristics. It provides methods to detect suspicious activities such as unlinked email commits and coordinated stargazing, helping to maintain the integrity of the GitHub ecosystem. Users can easily install and run the tool with specific commands and can also generate documentation and run tests.

npq is a tool designed to audit npm packages before installation, enhancing security by checking for vulnerabilities, package age, download counts, and other criteria. It integrates seamlessly with npm and can be used with other package managers by specifying environment variables, thus ensuring a safer installation process for developers. However, it is important to note that no tool can guarantee absolute safety from malicious packages.

SSH-Snake is an automated tool designed to map network connections by leveraging SSH private keys found on systems. It operates recursively to discover relationships between connected systems, functioning similarly to a worm by replicating itself without leaving traces on scanned systems. Although intended for hacking, it can also assist system administrators in analyzing their network infrastructure.

Twyn is a security tool designed to protect against typosquatting attacks by comparing package names in your dependencies against a list of popular packages. It offers various scanning options, supports multiple dependency file formats, and allows users to customize configurations, including an allowlist for legitimate packages that may trigger false positives. Twyn can be installed via PyPi and used through the command line or as a library in projects.

ATEAM is a Python tool designed for reconnaissance of Azure services, enabling security researchers and Azure administrators to discover resources and tenant ownership information. It supports multi-threaded scanning, DNS validation, and exports results in various formats while utilizing an SQLite database for persistent storage of findings.

SAMLSmith is a C# tool designed for generating custom SAML responses and executing Silver and Golden SAML attacks, aimed at security researchers and penetration testers. It offers four main commands for generating SAML responses via command line parameters or JSON configuration files, as well as extracting certificates from AD FS encrypted materials. The tool is based on components from the Python tool ADFSpoof and is intended for authorized security testing and research only.

IAMhounddog is a tool designed for penetration testers to efficiently identify privileged principals and second-order privilege escalation opportunities in AWS environments. It streamlines the assessment of permission relationships among AWS roles, users, and policies, reducing the need for manual reviews. Created by Nathan Tucker and released by Virtue Security, it aids in enhancing security testing processes for cloud infrastructures.

ADeleginator is a tool designed to identify insecure trustee and resource delegations in Active Directory, serving as a wrapper around the existing tool ADeleg. Users can set it up by downloading the necessary components and running a PowerShell script to execute the tool. The project is credited to Spencer Alessi and acknowledges the contributions of @mtth-bfft.

GitPhish is a security assessment tool designed to conduct GitHub's device code authentication flow, featuring an authentication server, automated landing page deployment, and an administrative interface. It captures authentication tokens and provides real-time monitoring through a web-based dashboard, utilizing a Flask-based server and SQLite for data storage. The tool supports various deployment templates and requires specific configurations, including GitHub Personal Access Tokens for operation.

Bugfish Nuke is a Windows tool designed for emergency data deletion, allowing users to securely erase sensitive files and system traces with customizable overwrite options. It features an advanced function to lock out system access by corrupting Windows login files, and includes user-friendly elements like customizable audio notifications during the deletion process. Users are warned against misuse and encouraged to comply with legal guidelines while using the tool.

ssh-audit is a tool designed for auditing SSH server and client configurations, allowing users to assess security settings, recognize software and operating systems, and identify weaknesses in algorithms. It supports various features such as policy scans, key exchange analysis, and compatibility checks, and can be run on both Linux and Windows without dependencies. The tool includes built-in hardening guides and maintains compatibility with Python versions 3.9 to 3.13.