8 matches found
Hardcodes - Find Hardcoded Strings From Source Code
hardcodes is a utility for searching strings hardcoded by developers in programs. It uses a modular tokenizer that can handle comments, any number of backslashes & nearly any syntax you throw at it. Yes, it is designed to process any syntax and following languages are officially supported: ada,...
Powerob - An On-The-Fly Powershell Script Obfuscator Meant For Red Team Engagements
An on-the-fly Powershell script obfuscator meant for red team engagements. Built out of necessity. Installation git clone https://github.com/cwolff411/powerob Usage python3 powerob.py obfuscate originalfile.ps1 obfuscatedfile.ps1 Takes an INPUTFILE obfuscates it and dumps the obfuscated version...
RS256-2-HS256 - JWT Attack To Change The Algorithm RS256 To HS256
JWT Attack to change the algorithm RS256 to HS256 Usage usage: RS2562HS256JWT.py -h payload pubkey positional arguments: payload JSON payload from JWT to attack pubkey Public key file to use for signing optional arguments: -h, --help show this help message and exit Example Download RS256-2-HS256...
XSSSNIPER - An Automatic XSS Discovery Tool
XSSSNIPER is an handy xss discovery tool with mass scanning functionalities. Usage: Usage: xsssniper.py options Options: -h, --help show this help message and exit -u URL, --url=URL target URL --post try a post request to target url --data=POSTDATA post data to use --threads=THREADS number of...
CATPHISH - For Phishing And Corporate Espionage
Project for phishing and corporate espionage. Current Algorithms SingularOrPluralise prependOrAppend doubleExtensions mirrorization homoglyphs dashOmission Punycode CATPHISH v.0.0.5 Added more languages. Improved generator code. CATPHISH v.0.0.4 Added Punycode algorithm for vietnamese and cyrilli...
Struts2Shell - Interactive Shell Command to Exploit Apache Struts CVE-2017-5638
Improves manipulation and sending commands to the vulnerable Apache Struts server using a shell. Usage: python Struts2Shell.py Download Struts2Shell...
vsaudit - VOIP Security Audit Framework
This is an opensource tool to perform attacks to general voip services It allows to scans the whole network or single host to do the gathering phase, then it is able to search for most known vulnerabilities on the founds alive hosts and try to exploit them. Install dependencies To start using...
Net-creds - Sniff passwords and hashes from an interface or pcap file
Thoroughly sniff passwords and hashes from an interface or pcap file. Concatenates fragmented packets and does not rely on ports for service identification. Sniffs URLs visited POST loads sent HTTP form logins/passwords HTTP basic auth logins/passwords HTTP searches FTP logins/passwords IRC...