Security Assessment Tools
A collection of powerful, automated security analysis tools to help pentesters, bug bounty hunters, and security professionals identify vulnerabilities and misconfigurations in their targets.
HackTricks Discord Server
Join the HackTricks Discord to stay up to date with technical security news summarized by AI, connect with the cybersecurity community, and get help around the HackTricks platforms.
Blue-CloudPEASS - Cloud IAM Security Auditor
Blue Team tool for auditing cloud security posture. Identifies risky IAM privileges, unused access, external trust relationships, and security misconfigurations across cloud platforms.
CloudPEASS - Blackbox Permission Scanner
Red Team tool for finding permissions and privilege escalation paths across AWS, Azure, and GCP. Enumerates permissions, identifies attack vectors, and suggests exploitation techniques.
Domain & DNS Security Auditor
Comprehensive DNS security analysis including DNSSEC validation, SPF/DKIM/DMARC email security, HTTP security headers, CSP evaluation, SSL/TLS certificate analysis, and domain configuration checks.
GitHub Leaks Scanner
Scan GitHub repositories, organizations, and users for accidentally exposed secrets, API keys, tokens, and credentials using multiple powerful scanning tools.
HackTricks AI Chatbot
Chat with an AI assistant powered by HackTricks knowledge base. Get instant answers to your security questions, pentesting techniques, and hacking methodologies.
Malware World
Detect potentially malicious hosts on the internet using 500+ blacklists. Check IPs, domains, and URLs against comprehensive threat databases.
NaxusAI
LLM-powered, multi-agent analysis that reviews source code repositories to uncover vulnerabilities and security anti-patterns, including 0days, with actionable remediation guidance.