6011 matches found
Domain-Protect - OWASP Domain Protect - Prevent Subdomain Takeover
OWASP Global AppSec Dublin - talk and demo Features scan Amazon Route53 across an AWS Organization for domain records vulnerable to takeover scan Cloudflare for vulnerable DNS records take over vulnerable subdomains yourself before attackers and bug bounty researchers automatically create known...
Pinecone - A WLAN Red Team Framework
Pinecone is a WLAN networks auditing tool, suitable for red team usage. It is extensible via modules, and it is designed to be run in Debian-based operating systems. Pinecone is specially oriented to be used with a Raspberry Pi, as a portable wireless auditing box. This tool is designed for...
GraphCrawler - GraphQL Automated Security Testing Toolkit
Graph Crawler is the most powerful automated testing toolkit for any GraphQL endpoint. NEW: Can search for endpoints for you using Escape Technology's powerful Graphinder tool. Just point it towards a domain and add the '-e' option and Graphinder will do subdomain enumeration + search popular...
SMB-Session-Spoofing - Tool To Create A Fake SMB Session
Welcome! This is a utility that can be compiled with Visual Studio 2019 or newer. The goal of this program is to create a fake SMB Session. The primary purpose of this is to serve as a method to lure attackers into accessing a honey-device. This program comes with no warranty or guarantees. Progr...
Grafiki - Threat Hunting Tool About Sysmon And Graphs
Grafiki is a Django project about Sysmon and graphs, for the time being. In my opinion EventViewer, Elastic and even Kibana, are not graphic enough. The current threats are complicated and if attackers think in graphs, defenders also must do it. This is a proof of concept, the code was not debugg...
Win-Brute-Logon - Crack Any Microsoft Windows Users Password Without Any Privilege (Guest Account Included)
This PoC was ported in pure PowerShell: https://github.com/DarkCoderSc/power-brute-logon Win Brute Logon Proof Of Concept Release date: 2020-05-14 Target: Windows XP to Latest Windows 10 Version 1909 Weakness location : LogonUserA, LogonUserW, CreateProcessWithLogonA, CreateProcessWithLogonW Usag...
QLOG - Windows Security Logging
QLOG provides enriched Event Logging for security related events on Windows based systems. It is under heavy development and currently in alpha state. QLOG doesn’t use API hooks and it doesn’t require a driver to be installed on the target system, QLOG only uses ETW to retrieve its telemetry...
Dorothy - Tool To Test Security Monitoring And Detection For Okta Environments
Created by David French @threatpunter at Elastic Security Dorothy is a tool to help security teams test their monitoring and detection capabilities for their Okta environment. Dorothy has several modules to simulate actions that an attacker might take while operating in an Okta environment and...
Reconftw - Simple Script For Full Recon
This is a simple script intended to perform a full recon on an objective with multiple subdomains tl;dr Requires Go Run ./install.sh before first run apt, rpm, pacman compatible git clone https://github.com/six2dez/reconftw cd reconftw chmod +x .sh ./install.sh ./reconftw.sh -d target.com -a...
Go365 - An Office365 User Attack Tool
Go365 is a tool designed to perform user enumeration and password guessing attacks on organizations that use Office365 now/soon Microsoft365. Go365 uses a unique SOAP API endpoint on login.microsoftonline.com that most other tools do not use. When queried with an email address and password, the...
GWTMap - Tool to help map the attack surface of Google Web Toolkit
GWTMap is a tool to help map the attack surface of Google Web Toolkit GWT based applications. The purpose of this tool is to facilitate the extraction of any service method endpoints buried within a modern GWT application's obfuscated client-side code, and attempt to generate example GWT-RPC...
Nuubi Tools - Information Ghatering, Scanner And Recon
Nuubi Tools: Information-ghatering|Scanner|Recon Options: -h/--help | Show help message and exit Arguments: -b/--banner | Banner grabing of target ip address -s/--subnet | Subnetlookup of target -c/--cms | Cms detect with headers -d/--dns | Dnslookup of target domain -e/--extract | Extract links...
SharpHose - Asynchronous Password Spraying Tool In C# For Windows Environments
SharpHose is a C password spraying tool designed to be fast, safe, and usable over Cobalt Strike's execute-assembly. It provides a flexible way to interact with Active Directory using domain-joined and non-joined contexts, while also being able to target specific domains and domain controllers...
Urlbuster - Powerful Mutable Web Directory Fuzzer To Bruteforce Existing And/Or Hidden Files Or Directories
Powerful web directory fuzzer to locate existing and/or hidden files or directories. Similar to dirb or gobuster, but with a lot of mutation options. Installation pip install urlbuster Features Proxy support Cookie support Basic Auth Digest Auth Retries for slow servers Persistent and...
Screenspy - Capture user screenshots using shortcut file (Bypass SmartScreen/Defender)
Capture user screenshots using shortcut file Bypass SmartScreen/Defender. Suport Multi-monitor Legal disclaimer: Usage of ScreenSpy for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. Developers...
Spray - A Password Spraying Tool For Active Directory Credentials By Jacob Wilkin(Greenwolf)
A Password Spraying tool for Active Directory Credentials by Jacob WilkinGreenwolf Getting Started These instructions will show you the requirements for and how to use Spray. Prerequisites All requirements come preinstalled on Kali Linux, to run on other flavors or Mac just make sure curlowa & ly...
Awspx - A Graph-Based Tool For Visualizing Effective Access And Resource Relationships In AWS Environments
auspex ˈau̯s.pɛks noun : An augur of ancient Rome, especially one who interpreted omens derived from the observation of birds. awspx is a graph-based tool for visualizing effective access and resource relationships within AWS. It resolves policy information to determine what actions affect which...
Theo - Ethereum Recon And Exploitation Tool
Theo aims to be an exploitation framework and a blockchain recon and interaction tool. Features: Automatic smart contract scanning which generates a list of possible exploits. Sending transactions to exploit a smart contract. Transaction pool monitor. Web3 console Frontrunning and backrunning...
Posh-SSH - PowerShell Module for automating tasks on remote systems using SSH
Windows Powershell module that leverages a custom version of the SSH.NET Library http://sshnet.codeplex.com/ to provide basic SSH functionality in Powershell. The main purpose of the module is to facilitate automating actions against one or multiple SSH enabled servers. This module is for Windows...
LFISuite - Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner
LFI Suite is a totally automatic tool able to scan and exploit Local File Inclusion vulnerabilities using many different methods of attack, listed in the section Features. Features Works with Windows, Linux and OS X Automatic Configuration Automatic Update Provides 8 different Local File Inclusio...
angryFuzzer - Tool for Information Gathering
AngryFuzz3r is a collection of tools for pentesting to gather information and discover vulnerabilities of the targets based on Fuzzedb https://github.com/fuzzdb-project/fuzzdb project UrlFuzz3r- AngryFuzz3r1 Discover hidden files and directories on a web server. The application tries to find URL...
nightHawkResponse - Incident Response Forensic Framework
Custom built application for asynchronus forensic data presentation on an Elasticsearch backend. This application is designed to ingest a Mandiant Redline "collections" file and give flexibility in search/stack and tagging. The application was born out of the inability to control multiple...
Discover - Custom bash scripts used to automate various pentesting tasks
For use with Kali Linux. Custom bash scripts used to automate various pentesting tasks. Download, setup & usage git clone git://github.com/leebaird/discover.git /opt/discover/ All scripts must be ran from this location. cd /opt/discover/ ./setup.sh ./discover.sh RECON 1. Domain 2. Person 3. Parse...
Hook Analyser 3.2 - Malware Analysis Tool
Hook Analyser is a freeware application which allows an investigator/analyst to perform “static & run-time / dynamic” analysis of suspicious applications, also gather analyse & co-related threat intelligence related information or data from various open sources on the Internet. Essentially it’s a...
Tails 1.4 - The Amnesic Incognito Live System
Tails is a live operating system, that you can start on almost any computer from a DVD, USB stick, or SD card. It aims at preserving your privacy and anonymity , and helps you to: use the Internet anonymously and circumvent censorship ; all connections to the Internet are forced to go through the...
[Hashkill 0.3.1] Password Cracker Tool Released
Hashkill is an opensource hash cracker for Linux that uses OpenSSL. Currently it supports 4 attack methods dictionary, bruteforce, hybrid. Hashkill has 35 plugins for different types of passwords ranging from simple hashes like MD5 and SHA1 to passworded ZIP files and private SSL key passphrases...
TruffleHog Explorer - A User-Friendly Web-Based Tool To Visualize And Analyze Data Extracted Using TruffleHog
Welcome to TruffleHog Explorer , a user-friendly web-based tool to visualize and analyze data extracted using TruffleHog. TruffleHog is one of the most powerful secrets discovery, classification, validation, and analysis open source tool. In this context, a secret refers to a credential a machine...
LDAPWordlistHarvester - A Tool To Generate A Wordlist From The Information Present In LDAP, In Order To Crack Passwords Of Domain Accounts
A tool to generate a wordlist from the information present in LDAP, in order to crack non-random passwords of domain accounts. Features The bigger the domain is, the better the wordlist will be. x Creates a wordlist based on the following information found in the LDAP: x User : name and...
Invoke-SessionHunter - Retrieve And Display Information About Active User Sessions On Remote Computers (No Admin Privileges Required)
Retrieve and display information about active user sessions on remote computers. No admin privileges required. The tool leverages the remote registry service to query the HKEYUSERS registry hive on the remote computers. It identifies and extracts Security Identifiers SIDs associated with active...
MasterParser - Powerful DFIR Tool Designed For Analyzing And Parsing Linux Logs
What is MasterParser ? MasterParser stands as a robust Digital Forensics and Incident Response tool meticulously crafted for the analysis of Linux logs within the var/log directory. Specifically designed to expedite the investigative process for security incidents on Linux systems, MasterParser...
DroidLysis - Property Extractor For Android Apps
DroidLysis is a pre-analysis tool for Android apps: it performs repetitive and boring tasks we'd typically do at the beginning of any reverse engineering. It disassembles the Android sample, organizes output in directories, and searches for suspicious spots in the code to look at. The output help...
LTESniffer - An Open-source LTE Downlink/Uplink Eavesdropper
LTESniffer is An Open-source LTE Downlink/Uplink Eavesdropper It first decodes the Physical Downlink Control Channel PDCCH to obtain the Downlink Control Informations DCIs and Radio Network Temporary Identifiers RNTIs of all active users. Using decoded DCIs and RNTIs, LTESniffer further decodes t...
Noir - An Attack Surface Detector Form Source Code
Noir is an attack surface detector form source code. Key Features Automatically identify language and framework from source code. Find API endpoints and web pages through code analysis. Load results quickly through interactions with proxy tools such as ZAP, Burpsuite, Caido and More Proxy tools...
InfoHound - An OSINT To Extract A Large Amount Of Data Given A Web Domain Name
During the reconnaissance phase, an attacker searches for any information about his target to create a profile that will later help him to identify possible ways to get in an organization. InfoHound performs passive analysis techniques which do not interact directly with the target using OSINT to...
KRBUACBypass - UAC Bypass By Abusing Kerberos Tickets
This POC is inspired by James Forshaw @tiraniddo shared at BlackHat USA 2022 titled “ Taking Kerberos To The Next Level ” topic, he shared a Demo of abusing Kerberos tickets to achieve UAC bypass. By adding a KERB-AD-RESTRICTION-ENTRY to the service ticket, but filling in a fake MachineID, we can...
IpGeo - Tool To Extract IP Addresses From Captured Network Traffic File
IpGeo is a python tool to extract IP addresses from captured network traffic file pcap/pcapng and generate csv report containing details about the geolocation of each ip in the packets. The report contains: 1. Country: 2. Country Code. 3. Region 4. Region Name 5. City 6. Zip 7. Latitude 8...
Email-Vulnerablity-Checker - Find Email Spoofing Vulnerablity Of Domains
Verify whether the domain is vulnerable to spoofing by Email-vulnerablity-checker Features This tool will automatically tells you if the domain is email spoofable or not you can do single and multiple domain input as well for multiple domain checker you need to have text file with domains in it...
JSubFinder - Searches Webpages For Javascript And Analyzes Them For Hidden Subdomains And Secrets
JSubFinder is a tool writtin in golang to search webpages & javascript for hidden subdomains and secrets in the given URL. Developed with BugBounty hunters in mind JSubFinder takes advantage of Go's amazing performance allowing it to utilize large data sets & be easily chained with other tools...
SDomDiscover - A Easy-To-Use Python Tool To Perform DNS Recon
/ // \ / \ \ / / / / / / / / / / / / \ | / / / / / / // / // / / / / / / // / // // / |/ / / / ///// // ///////|/// A easy-to-use python tool to perform dns recon with multiple options Installation: It can be installed in any OS with python3 Manual installation git clone...
GraphQL Cop - Security Auditor Utility For GraphQL APIs
GraphQL Cop is a small Python utility to run common security tests against GraphQL APIs. Requirements Python3 Requests Library Detections Alias Overloading DoS Batch Queries DoS GET based Queries CSRF GraphQL Tracing / Debug Modes Info Leak Field Duplication DoS Field Suggestions Info Leak Graphi...
Dockerized-Android - A Container-Based Framework To Enable The Integration Of Mobile Components In Security Training Platforms
Dockerized Android is a container-based framework that allows to execute and Android Emulator inside Docker and control it through a browser. This project has been developed in order to provide a starting point for integrating mobile security components into Cyber Ranges but it can be used for an...
packetsifterTool - A Tool To Aid Analysts In Sifting Through A Packet Capture (Pcap) To Find Noteworthy Traffic
PacketSifter is a tool to perform batch processing of PCAP data to uncover potential IOCs. Simply initializePacketSifter with your desired integrations VirusTotal, AbuseIPDB and pass PacketSifter a pcap and the desired switches and PacketSifter will sift through the data and generate several outp...
DarkLoadLibrary - LoadLibrary For Offensive Operations
LoadLibrary for offensive operations. How does is work? https://www.mdsec.co.uk/2021/06/bypassing-image-load-kernel-callbacks/ Usage DARKMODULE DarkModule = DarkLoadLibrary LOADLOCALFILE, // control flags L"TestDLL.dll", // local dll path, if loading from disk NULL, // DLL Buffer to load from if...
Judge-Jury-and-Executable - A File System Forensics Analysis Scanner And Threat Hunting Tool
Features: Scan a mounted filesystem for threats right away Or gather a system baseline before an incident, for extra threat hunting ability Can be used before, during or after an incident For one to many workstations Scans the MFT, bypassing file permissions, file locks or OS file...
Dnspeep - Spy On The DNS Queries Your Computer Is Making
dnspeep lets you spy on the DNS queries your computer is making. Here's some example output: $ sudo dnspeep query name server IP response A incoming.telemetry.mozilla.org 192.168.1.1 CNAME: telemetry-incoming.r53-2.services.mozilla.com, CNAME:...
Subcert - An Subdomain Enumeration Tool, That Finds All The Subdomains From Certificate Transparency Logs
Subcert is a subdomain enumeration tool, that finds all the valid subdomains from certificate transparency logs. Setup Step 1: Install Python 3 apt-get install python3-pip Step 2: Clone the Repository git clone https://github.com/A3h1nt/Subcert.git Step 3: Install Dependencies pip3 install -r...
Galer - A Fast Tool To Fetch URLs From HTML Attributes By Crawl-In
A fast tool to fetch URLs from HTML attributes by crawl-in. Inspired by the @omespino Tweet, which is possible to extract src, href, url and action values by evaluating JavaScript through Chrome DevTools Protocol. Installation from Binary The installation is easy. You can download a prebuilt bina...
Git-Wild-Hunt - A Tool To Hunt For Credentials In Github Wild AKA Git*Hunt
A tool to hunt for credentials in the GitHub wild AKA githunt Getting started 1. Install the tool 2. Configure your GitHub token 3. Search for credentials 4. See results cat results.json | jq Installation requirements: virtualenv, python3 1. git clone https://github.com/d1vious/git-wild-hunt &&...
Grawler - Tool Which Comes With A Web Interface That Automates The Task Of Using Google Dorks, Scrapes The Results, And Stores Them In A File
Grawler is a tool written in PHP which comes with a web interface that automates the task of using google dorks, scrapes the results, and stores them in a file. General info Grawler aims to automate the task of using google dorks with a web interface, the main idea is to provide a simple yet...
Hetty - An HTTP Toolkit For Security Research
Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community. Features Man-in-the-middle MITM HTTP/1.1 proxy with logs Project based...