Open Source on Github

A series of handy open source tools aimed at cyber security professionals

TwelveSec has made numerous contributions to the open source information security community. We strive to share our expertise with the entire community and have created a series of tools aimed at helping information security and IT professionals, as well as developers. Check out the list of tools below and download them via GitHub – and feel free to also contribute. Explore the tools.
GasMask is an all-in-one Open-Source Intelligence (OSINT) tool, designed to help Penetration Testers and Red Teams effectively gather information from publicly available sources.

GasMask is useful for Penetration Testers and Red Teams that wish to collect as much information as possible about a target client. Information gathering is the most critical step to discover preliminary information about the systems, their software and the people involved with the target.

SKF Java Snippets
TwelveSec has developed Java snippets aimed at helping developers create secure code. These Java Snippets have been developed to include OWASP ASVS requirements and have been contributed to the Security Knowledge Framework (SKF) of OWASP.


PassCat is an open source Windows native C/C++ application capable of retrieving the passwords stored locally on a computer.


Rootend is an open source python 3.x tool which automates enumeration and privilege escalation operations by targeting a wide arrange of potential exploitation categories. It is useful for penetration testers & CTF players. It does so by looking for SUID bit enabled binaries. Weak permissions on security critical components, finding PHP Configuration files and much more.

Panic Button
Panic Button is a Windows application aimed at mitigating cyber security risks from ransomware attacks. The application attempts to prevent cyber attackers from taking control of a computer’s encryption keys. When the user suspects there is an ongoing ransomware attack and runs Panic Button, the application instantly copies all memory and keys to a safe location, and attempts to hibernate the computer instead of shutting down. The encryption keys might then be salvageable by a forensics team.
This Burp Suite extender provides a solution for testing enterprise applications that involve security Authorization tokens into every HTTP request. Furthermore, this solution provides a better approach to solve the problem of Burp Suite automated scanning failures when Authorization tokens exist.
This is a Burp Extender plugin that will allow penetration testers to tamper with requests containing compressed, serialized java objects.