Sh4D0Wup - Signing-key Abuse And Update Exploitation Framework

Signing-key abuse and update exploitation framework. % docker run -it --rm ghcr.io/kpcyrd/sh4d0wup:edge -h Usage: sh4d0wup OPTIONS Commands: bait Start a malicious update server front Bind a http/https server but forward everything unmodified infect High level tampering, inject additional command...

FirebaseExploiter - Vulnerability Discovery Tool That Discovers Firebase Database Which Are Open And Can Be Exploitable

FirebaseExploiter is a vulnerability discovery tool that discovers Firebase Database which are open and can be exploitable. Primarily built for mass hunting bug bounties and for penetration testing. Features Mass vulnerability scanning from list of hosts Custom JSON data in exploit.json to upload...

Bearer - Code Security Scanning Tool (SAST) That Discover, Filter And Prioritize Security Risks And Vulnerabilities Leading To Sensitive Data Exposures (PII, PHI, PD)

Discover, filter, and prioritize security risks and vulnerabilities impacting your code. Bearer is a static application security testing SAST tool that scans your source code and analyzes your data flows to discover, filter and prioritize security risks and vulnerabilities leading to sensitive da...

PhoneSploit-Pro - An All-In-One Hacking Tool To Remotely Exploit Android Devices Using ADB And Metasploit-Framework To Get A Meterpreter Session

An all-in-one hacking tool written in Python to remotely exploit Android devices using ADB Android Debug Bridge and Metasploit-Framework. Complete Automation to get a Meterpreter session in One Click This tool can automatically Create , Install , and Run payload on the target device using...

PortEx - Java Library To Analyse Portable Executable Files With A Special Focus On Malware Analysis And PE Malformation Robustness

PortEx is a Java library for static malware analysis of Portable Executable files. Its focus is on PE malformation robustness, and anomaly detection. PortEx is written in Java and Scala, and targeted at Java applications. Features Reading header information from: MSDOS Header, COFF File Header,...

Kubei - A Flexible Kubernetes Runtime Scanner

Kubei is a vulnerabilities scanning tool that allows users to get an accurate and immediate risk assessment of their kubernetes clusters. Kubei scans all images that are being used in a Kubernetes cluster, including images of application pods and system pods. It doesn’t scan the entire image...

auditpolCIS - CIS Benchmark Testing Of Windows SIEM Configuration

CIS Benchmark testing of Windows SIEM configuration This is an application for testing the configuration of Windows Audit Policy settings against the CIS Benchmark recommended settings. A few points: The tested system was Windows Server 2019, and the benchmark used was also Windows Server 2019. T...

KubeStalk - Discovers Kubernetes And Related Infrastructure Based Attack Surface From A Black-Box Perspective

KubeStalk is a tool to discover Kubernetes and related infrastructure based attack surface from a black-box perspective. This tool is a community version of the tool used to probe for unsecured Kubernetes clusters around the internet during Project Resonance - Wave 9. Usage The GIF below...

Nuclearpond - A Utility Leveraging Nuclei To Perform Internet Wide Scans For The Cost Of A Cup Of Coffee

Nuclear Pond is used to leverage Nuclei in the cloud with unremarkable speed, flexibility, and perform internet wide scans for far less than a cup of coffee. It leverages AWS Lambda as a backend to invoke Nuclei scans in parallel, choice of storing json findings in s3 to query with AWS Athena, an...

PowerMeUp - A Small Library Of Powershell Scripts For Post Exploitation That You May Need Or Use!

This is a powershell reverse shell that executes the commands and or scripts that you add to the powerreverse.ps1 file as well as a small library of Post-Exploitation scripts. This also can be used for post exploitation and lateral movement even. Please use at your own risk I am not and will not ...

Striker - A Command And Control (C2)

Striker is a simple Command and Control C2 program. Disclaimer This project is under active development. Most of the features are experimental, with more to come. Expect breaking changes. Features A Agents Native agents for linux and windows hosts. Self-contained, minimal python agent should you...

UDPX - Fast A nd Lightweight, UDPX Is A Single-Packet UDP Scanner Written In Go That Supports The Discovery Of Over 45 Services With The Ability To Add Custom Ones

Fast and lightweight, UDPX is a single-packet UDP scanner written in Go that supports the discovery of over 45 services with the ability to add custom ones. It is easy to use and portable, and can be run on Linux, Mac OS, and Windows. Unlike internet-wide scanners like zgrab2 and zmap, UDPX is...

Katana - A Next-Generation Crawling And Spidering Framework

A next-generation crawling and spidering framework Features • Installation • Usage • Scope • Config • Filters • Join Discord Features Fast And fully configurable web crawling Standard and Headless mode support JavaScript parsing / crawling Customizable automatic form filling Scope control -...

Wa-Tunnel - Tunneling Internet Traffic Over Whatsapp

This is a Baileys based piece of code that lets you tunnel TCP data through two Whatsapp accounts. This can be usable in different situations, for example network carriers that give unlimited whatsapp data or airplanes where you also get unlimited social network data. It's using Baileys since it'...

Scriptkiddi3 - Streamline Your Recon And Vulnerability Detection Process With SCRIPTKIDDI3, A Recon And Initial Vulnerability Detection Tool Built Using Shell Script And Open Source Tools

Streamline your recon and vulnerability detection process with SCRIPTKIDDI3, A recon and initial vulnerability detection tool built using shell script and open source tools. How it works • Installation • Usage • MODES • For Developers • Credits Introducing SCRIPTKIDDI3, a powerful recon and initi...

Nmap-API - Uses Python3.10, Debian, python-Nmap, And Flask Framework To Create A Nmap API That Can Do Scans With A Good Speed Online And Is Easy To Deploy

Uses python3.10, Debian, python-Nmap, and flask framework to create a Nmap API that can do scans with a good speed online and is easy to deploy. This is a implementation for our college PCL project which is still under development and constantly updating. API Reference Get all items GET...

GVision - A Reverse Image Search App That Use Google Cloud Vision API To Detect Landmarks And Web Entities From Images, Helping You Gather Valuable Information Quickly And Easily

GVision is a reverse image search app that use Google Cloud Vision API to detect landmarks and web entities from images, helping you gather valuable information quickly and easily. About Google Cloud Vision API Google Cloud Vision API is a machine learning-powered image analysis service that...

debugHunter - Discover Hidden Debugging Parameters And Uncover Web Application Secrets

Discover hidden debugging parameters and uncover web application secrets with debugHunter. This Chrome extension scans websites for debugging parameters and notifies you when it finds a URL with modified responses. The extension utilizes a binary search algorithm to efficiently determine the...

Pinacolada - Wireless Intrusion Detection System For Hak5's WiFi Coconut

Pinacolada looks for typical IEEE 802.11 attacks and then informs you about them as quickly as possible. All this with the help of Hak5's WiFi Coconut, which allows it to listen for threats on all 14 channels in the 2.4GHz range simultaneously. Supported 802.11 Attacks Attack | Type | Status...

QuadraInspect - Android Framework That Integrates AndroPass, APKUtil, And MobFS, Providing A Powerful Tool For Analyzing The Security Of Android Applications

The security of mobile devices has become a critical concern due to the increasing amount of sensitive data being stored on them. With the rise of Android OS as the most popular mobile platform, the need for effective tools to assess its security has also increased. In response to this need, a ne...

Certwatcher - Tool For Capture And Tracking Certificate Transparency Logs, Using YAML Templates Based DSL

CertWatcher is a tool for capturing and tracking certificate transparency logs, using YAML templates. The tool helps detect and analyze websites using regular expression patterns and is designed for ease of use by security professionals and researchers. Certwatcher continuously monitors the...

Reportly - An AzureAD User Activity Report Tool

Reportly is an AzureAD user activity report tool. About the tool This is a tool that will help blue teams during a cloud incident. When running the tool, the researcher will enter as input a suspicious user and a time frame and will receive a report detailing the following: 1. Information about t...

SilentMoonwalk - PoC Implementation Of A Fully Dynamic Call Stack Spoofer

PoC Implementation of a fully dynamic call stack spoofer TL;DR SilentMoonwalk is a PoC implementation of a fully dynamic call stack spoofer, implementing a technique to remove the original caller from the call stack, using ROP to desynchronize unwinding from control flow. Authors This PoC is the...

WindowSpy - A Cobalt Strike Beacon Object File Meant For Targetted User Surveillance

WindowSpy is a Cobalt Strike Beacon Object File meant for targetted user surveillance. The goal of this project was to trigger surveillance capabilities only on certain targets, e.g. browser login pages, confidential documents, vpn logins etc. The purpose was to increase stealth during user...

Seekr - A Multi-Purpose OSINT Toolkit With A Neat Web-Interface

A multi-purpose toolkit for gathering and managing OSINT-Data with a neat web-interface. Introduction Seekr is a multi-purpose toolkit for gathering and managing OSINT-data with a sleek web interface. The backend is written in Go and offers a wide range of features for data collection,...

Grepmarx - A Source Code Static Analysis Platform For AppSec Enthusiasts

Grepmarx is a web application providing a single platform to quickly understand, analyze and identify vulnerabilities in possibly large and unknown code bases. Features SAST Static Analysis Security Testing capabilities: Multiple languages support: C/C++, C, Go, HTML, Java, Kotlin, JavaScript,...

Shoggoth - Asmjit Based Polymorphic Encryptor

Shoggoth is an open-source project based on C++ and asmjit library used to encrypt given shellcode, PE, and COFF files polymorphically. Shoggoth will generate an output file that stores the payload and its corresponding loader in an obfuscated form. Since the content of the output is...

RedditC2 - Abusing Reddit API To Host The C2 Traffic, Since Most Of The Blue-Team Members Use Reddit, It Might Be A Great Way To Make The Traffic Look Legit

Abusing Reddit API to host the C2 traffic, since most of the blue-team members use Reddit, it might be a great way to make the traffic look legit.  Disclaimer: Use of this project is for Educational/Testing purposes only. Using it on unauthorised machines is strictly forbidden. If somebody is...

CMLoot - Find Interesting Files Stored On (System Center) Configuration Manager (SCCM/CM) SMB Shares

CMLoot was created to easily find interesting files stored on System Center Configuration Manager SCCM/CM SMB shares. The shares are used for distributing software to Windows clients in Windows enterprise environments and can contains scripts/configuration files with passwords, certificates pfx,...

Noseyparker - A Command-Line Program That Finds Secrets And Sensitive Information In Textual Data And Git History

Nosey Parker is a command-line tool that finds secrets and sensitive information in textual data. It is useful both for offensive and defensive security testing. Key features: It supports scanning files, directories, and the entire history of Git repositories It uses regular expression matching...

Fingerprintx - Standalone Utility For Service Discovery On Open Ports!

fingerprintx is a utility similar to httpx that also supports fingerprinting services like as RDP, SSH, MySQL, PostgreSQL, Kafka, etc. fingerprintx can be used alongside port scanners like Naabu to fingerprint a set of ports identified during a port scan. For example, an engineer may wish to scan...

MSI Dump - A Tool That Analyzes Malicious MSI Installation Packages, Extracts Files, Streams, Binary Data And Incorporates YARA Scanner

MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner. On Macro-enabled Office documents we can quickly use oletools mraptor to determine whether document is malicious. If we want to dissect it further, we could...

Apk.Sh - Makes Reverse Engineering Android Apps Easier, Automating Some Repetitive Tasks Like Pulling, Decoding, Rebuilding And Patching An APK

apk.sh is a Bash script that makes reverse engineering Android apps easier, automating some repetitive tasks like pulling, decoding, rebuilding and patching an APK. Features apk.sh basically uses apktool to disassemble, decode and rebuild resources and some bash to automate the frida gadget...

Decider - A Web Application That Assists Network Defenders, Analysts, And Researcher In The Process Of Mapping Adversary Behaviors To The MITRE ATT&CK Framework

What is it? The Short A web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE ATT&CK® framework. The Long Decider is a tool to help analysts map adversary behavior to the MITRE ATT&CK framework. Decider makes creating...

ThunderCloud - Cloud Exploit Framework

Cloud Exploit Framework Usage python3 tc.py -h | | | | | / | | | | | | | | | | | | | | | | | | | ' | | | | ' \ / |/ \ '| | | |/ | | | |/ | | | | | | | || | | | | | | / | | || | | || | | | / || ||,|| ||,||| ||/ ,|,| usage: tc.py -h -ce COGNITOENDPOINT -reg REGION -accid AWSACCOUNTID...

Waf-Bypass - Check Your WAF Before An Attacker Does

WAF bypass Tool is an open source tool to analyze the security of any WAF for False Positives and False Negatives using predefined and customizable payloads. Check your WAF before an attacker does. WAF Bypass Tool is developed by Nemesida WAF team with the participation of community. How to run I...

QRExfiltrate - Tool That Allows You To Convert Any Binary File Into A QRcode Movie. The Data Can Then Be Reassembled Visually Allowing Exfiltration Of Data In Air Gapped Systems

This tool is a command line utility that allows you to convert any binary file into a QRcode GIF. The data can then be reassembled visually allowing exfiltration of data in air gapped systems. It was designed as a proof of concept to demonstrate weaknesses in DLP software; that is, the assumption...

Mimicry - Security Tool For Active Deception In Exploitation And Post-Exploitation

Mimicry is a security tool developed by Chaitin Technology for active deception in exploitation and post-exploitation. Active deception can live migrate the attacker to the honeypot without awareness. We can achieve a higher security level at a lower cost with Active deception. English | 中文文档 Dem...

APCLdr - Payload Loader With Evasion Features

Payload Loader With Evasion Features. Features: no crt functions imported indirect syscalls using HellHall api hashing using CRC32 hashing algorithm payload encryption using rc4 - payload is saved in .rsrc Payload injection using APC calls - alertable thread Payload execution using APC - alertabl...

PortexAnalyzerGUI - Graphical Interface For PortEx, A Portable Executable And Malware Analysis Library

Graphical interface for PortEx, a Portable Executable and Malware Analysis Library Download Releases page Features Header information from: MSDOS Header, Rich Header, COFF File Header, Optional Header, Section Table PE Structures: Import Section, Resource Section, Export Section, Debug Section...

Invoke-PSObfuscation - An In-Depth Approach To Obfuscating The Individual Components Of A PowerShell Payload Whether You'Re On Windows Or Kali Linux

Traditional obfuscation techniques tend to add layers to encapsulate standing code, such as base64 or compression. These payloads do continue to have a varied degree of success, but they have become trivial to extract the intended payload and some launchers get detected often, which essentially...

NimPlant - A Light-Weight First-Stage C2 Implant Written In Nim

ByCas van Cooten @chvancooten, with special thanks to some awesome folks: Fabian Mosch @S3cur3Th1sSh1t for sharing dynamic invocation implementation in Nim and the Ekko sleep mask function snovvcrash @snovvcrash for adding the initial version of execute-assembly & self-deleting implant option...

FindUncommonShares - A Python Equivalent Of PowerView's Invoke-ShareFinder.ps1 Allowing To Quickly Find Uncommon Shares In Vast Windows Domains

The script FindUncommonShares.py is a Python equivalent of PowerView's Invoke-ShareFinder.ps1 allowing to quickly find uncommon shares in vast Windows Active Directory Domains. Features Only requires a low privileges domain user account. Automatically gets the list of all computers from the domai...

Ator - Authentication Token Obtain and Replace Extender

The plugin is created to help automated scanning using Burp in the following scenarios: 1. Access/Refresh token 2. Token replacement in XML,JSON body 3. Token replacement in cookies The above can be achieved using complex macro, session rules or Custom Extender in some scenarios. The rules become...

Wifi_Db - Script To Parse Aircrack-ng Captures To A SQLite Database

Script to parse Aircrack-ng captures into a SQLite database and extract useful information like handshakes in 22000 hashcat format, MGT identities, interesting relations between APs, clients and it's Probes, WPS information and a global view of all the APs seen. / | | || | \ \ /\ / /| || | | | / ...

GPT_Vuln-analyzer - Uses ChatGPT API And Python-Nmap Module To Use The GPT3 Model To Create Vulnerability Reports Based On Nmap Scan Data

This is a Proof Of Concept application that demostrates how AI can be used to generate accurate results for vulnerability analysis and also allows further utilization of the already super useful ChatGPT. Requirements Python 3.10 All the packages mentioned in the requirements.txt file OpenAi api...

Kali Linux 2023.1 - Penetration Testing and Ethical Hacking Linux Distribution

Time for another Kali Linux release! – Kali Linux 2023.1. This release has various impressive updates. he changelog summary since the 2022.4 release from December: Kali Purple - The dawn of a new era. Kali is not only Offense, but starting to be defense Python Changes - Python 3.11 & PIP changes...

CertWatcher - A Tool For Capture And Tracking Certificate Transparency Logs, Using YAML Templates Based DSL

CertWatcher is a tool for capture and tracking certificate transparency logs, using YAML templates. The tool helps to detect and analyze phishing websites and regular expression patterns, and is designed to make it easy to use for security professionals and researchers. Certwatcher continuously...

CertVerify - A Scanner That Files With Compromised Or Untrusted Code Signing Certificates

The CertVerify is a tool designed to detect executable files exe, dll, sys that have been signed with untrusted or leaked code signing certificates. The purpose of this tool is to identify potentially malicious files that have been signed using certificates that have been compromised, stolen, or...

Graphicator - A GraphQL Enumeration And Extraction Tool

Graphicator is a GraphQL "scraper" / extractor. The tool iterates over the introspection document returned by the targeted GraphQL endpoint, and then re-structures the schema in an internal form so it can re-create the supported queries. When such queries are created is using them to send request...