Scout - Lightweight URL Fuzzer And Spider: Discover A Web Server'S Undisclosed Files, Directories And VHOSTs

Scout is a URL fuzzer and spider for discovering undisclosed VHOSTS, files and directories on a web server. A full word list is included in the binary, meaning maximum portability and minimal configuration. Aim and fire! Usage Discover URLs on a given web server. version Display scout version...

DFSCoerce - PoC For MS-DFSNM Coerce Authentication Using NetrDfsRemoveStdRoot Method

PoC for MS-DFSNM coerce authentication using NetrDfsRemoveStdRoot method and probably more but am lazy and its just PoC :P . Documentation: https://docs.microsoft.com/en-us/openspecs/windowsprotocols/ms-dfsnm/95a506a8-cae6-4c42-b19d-9c1ed1223979 Inspired by: PetitPotam @topotam77...

Nim-Loader - WIP Shellcode Loader In Nim With EDR Evasion Techniques

a very rough work-in-progress adventure into learning nim by cobbling resources together to create a shellcode loader that implements common EDR/AV evasion techniques. This is a mess and is forresearch purposes only! Please don't expect it to compile and run without your own modifications...

Authcov - Web App Authorisation Coverage Scanning

Web app authorisation coverage scanning. Introduction AuthCov crawls your web application using a Chrome headless browser while logged in as a pre-defined user. It intercepts and logs API requests as well as pages loaded during the crawling phase. In the next phase it logs in under a different us...

Norimaci - Simple And Lightweight Malware Analysis Sandbox For macOS

"Norimaci" is a simple and lightweight malware analysis sandbox for macOS. This tool was inspired by "Noriben". Norimaci uses the features of OpenBSM or Monitor.app to monitor macOS system activity instead of Sysinternals Process Monitor procmon. Norimaci consists of 3 Python scripts. norimaci.py...

TrelloC2 - Simple C2 Over The Trello API

Simple C2 over Trello's API Proof-of-Concept By: Fabrizio Siciliano @0rbz Update 12/30/2019 Removed hardcoded API key and Token, use input instead. Requirements Python 3.x Setup 1. Create a Trello account: https://trello.com/signup 2. Once logged in, get your API key: https://trello.com/app-key 3...

WEF - Wi-Fi Exploitation Framework

A fully offensive framework to the 802.11 networks and protocols with different types of attacks for WPA and WEP, automated hash cracking, bluetooth hacking and much more. I recommend you my alfa adapter: Alfa AWUS036ACM , which works really great with both, 2.4 and 5 Ghz Tested and supported in...

MalSCCM - Tool To Abuse Local Or Remote SCCM Servers To Deploy Malicious Applications

This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage. To use this tool your current process must have admin rights over the SCCM server. Typically deployments of SCCM will either have the management server and the primary server on the...

GooFuzz - Tool To Perform Fuzzing With An OSINT Approach, Managing To Enumerate Directories, Files, Subdomains Or Parameters Without Leaving Evidence On The Target's Server With Google Dorking

Credits Author: M3n0sD0n4ld Twitter: @DavidUton Description: GooFuzz is a script written in Bash Scripting that uses advanced Google search techniques to obtain sensitive information in files or directories without making requests to the web server. Download and install: $ git clone...

Naabu - A Fast Port Scanner Written In Go With A Focus On Reliability And Simplicity

Naabu is a port scanning tool written in Go that allows you to enumerate valid ports for hosts in a fast and reliable manner. It is a really simple tool that does fast SYN/CONNECT scans on the host/list of hosts and lists all ports that return a reply. Features Fast And Simple SYN/CONNECT probe...

Msprobe - Finding All Things On-Prem Microsoft For Password Spraying And Enumeration

Finding all things on-prem Microsoft for password spraying and enumeration. The tool will used a list of common subdomains associated with your target apex domain to attempt to discover valid instances of on-prem Microsoft solutions. Screenshots of the tool in action are below: Installing Install...

SharpSniper - Find Specific Users In Active Directory Via Their Username And Logon IP Address

Often a Red Team engagement is more than just achieving Domain Admin. Some clients will want to see if specific users in the domain can be compromised, for example the CEO. SharpSniper is a simple tool to find the IP address of these users so that you can target their box. It requires that you ha...

Xss_Vulnerability_Challenges - This Repository Is A Docker Containing Some "XSS Vulnerability" Challenges And Bypass Examples

This repository is a Dockerized php application containing some XSS vulnerability challenges. The ideas behind challenges are: Javascript validation bypass html entities bypass WAF bypass Black-list validation bypass Basic XSS validation bypass Double encode bypass of WAF to exploit XSS Exploitin...

VAmPI - Vulnerable REST API With OWASP Top 10 Vulnerabilities For Security Testing

The Vulnerable API Based on OpenAPI 3 VAmPI is a vulnerable API made with Flask and it includes vulnerabilities from the OWASP top 10 vulnerabilities for APIs. It was created as I wanted a vulnerable API to evaluate the efficiency of tools used to detect security issues in APIs. It includes a...

Cervantes - Collaborative Platform For Pentesters Or Red Teams Who Want To Save Time To Manage Their Projects, Clients, Vulnerabilities And Reports In One Place

Cervantes is an opensource collaborative platform for pentesters or red teams who want to save time to manage their projects, clients, vulnerabilities and reports in one place. Features OpenSource Multiplatform Multilanguage Team Collaboration BuiltIn dashbaords and analytics Manage your clients...

Hunt-Sleeping-Beacons - Aims To Identify Sleeping Beacons

The idea of this project is to identify beacons which are unpacked at runtime or running in the context of another process. To do so, I make use of the observation that beacons tend to call Sleep between their callbacks. A call to sleep sets the state of the thread to DelayExecution which is take...

Nightingale - Docker Environment For Pentesting Which Having All The Required Tool For VAPT

In today's technological era, docker is the most powerful technology in each and every domain, whether it is Development, cyber security, DevOps, Automation, or Infrastructure. Considering the demand of the industry, I would like to introduce my idea to create a NIGHTINGALE: docker image for...

OSIPs - Gathers All Valid IP Addresses From All Text Files From A Directory, And Checks Them Against Whois Database, TOR Relays And Location

This script scans every file from a given folder recursively, extracts every IPv4 and IPv6 address, filters out the public IP addresses and then queries these IPs against TOR relays, WhoIs service and Location service. It outputs 4 files: a CSV file and a JSON file with all details of the IP...

LambdaGuard - AWS Serverless Security

AWS Lambda is an event-driven, serverless computing platform provided by Amazon Web Services. It is a computing service that runs code in response to events and automatically manages the computing resources required by that code. LambdaGuard is an AWS Lambda auditing tool designed to create asset...

Frostbyte - FrostByte Is A POC Project That Combines Different Defense Evasion Techniques To Build Better Redteam Payloads

FrostByte Progolue: In the past few days I've been experimenting with the AppDomain manager injection technique had a decent success with it in my previous Red Team engagements against certain EDRs. Although, this is really good for initial access vector, I wanted to release a POC which will help...

Admin-Panel_Finder - A Burp Suite Extension That Enumerates Infrastructure And Application Admin Interfaces (OTG-CONFIG-005)

A burp suite extension that enumerates infrastructure and application Admin Interfaces. OWASP References: Classification : Web Application Security Testing 02-Configuration and Deployment Management Testing OTG v4 : OWASP OTG-CONFIG-005 WSTG : WSTG-CONF-05 Why should I use this extension?...

Gshell - A Flexible And Scalable Cross-Plaform Shell Generator Tool

A simple yet flexible cross-platform shell generator tool. Name: GGreat Shell Description: A cross-platform shell generator tool that lets you generate whichever shell you want, in any system you want, giving you full control and automation. If you find this tool helpful, then please give me a...

Goreplay - Open-Source Tool For Capturing And Replaying Live HTTP Traffic Into A Test Environment In Order To Continuously Test Your System With Real Data

GoReplay is an open-source network monitoring tool which can record your live traffic and use it for shadowing, load testing, monitoring and detailed analysis. About As your application grows, the effort required to test it also grows exponentially. GoReplay offers you the simple idea of reusing...

SharpEventPersist - Persistence By Writing/Reading Shellcode From Event Log

Persistence by writing/reading shellcode from Event Log. Usage The SharpEventPersist tool takes 4 case-sensitive parameters: -file "C:\path\to\shellcode.bin" -instanceid 1337 -source Persistence -eventlog "Key Management Service". The shellcode is converted to hex and written to the "Key Manageme...

confluencePot - Simple Honeypot For Atlassian Confluence (CVE-2022-26134)

ConfluencePot is a simple honeypot for the Atlassian Confluence unauthenticated and remote OGNL injection vulnerability CVE-2022-26134. About the vulnerability You can find the official advisory by Atlassian to this vulerability here. For details about the inner workings and exploits in the wild...

DOMDig - DOM XSS Scanner For Single Page Applications

DOMDig is a DOM XSS scanner that runs inside the Chromium web browser and it can scan single page applications SPA recursively. Unlike other scanners, DOMDig can crawl any webapplication including gmail by keeping track of DOM modifications and XHR/fetch/websocket requests and it can simulate a...

Exfilkit - Data Exfiltration Utility For Testing Detection Capabilities

Data exfiltration utility for testing detection capabilities Description Data exfiltration utility used for testing detection capabilities of security products. Obviously for legal purposes only. Exfiltration How-To /etc/shadow - HTTP GET requests Server ./exfilkit-cli.py -m...

Pulsar - Data Exfiltration And Covert Communication Tool

Pulsar is a tool for data exfiltration and covert communication that enable you to create a secure data transfer, a bizarre chat or a network tunnel through different protocols, for example you can receive data from tcp connection and resend it to real destination through DNS packets. Setting up...

WhiteBeam - Transparent Endpoint Security

Transparent endpoint security Features Block and detect advanced attacks Modern audited cryptography: RustCrypto for hashing and encryption Highly compatible: Development focused on all platforms incl. legacy and architectures Source available: Audits welcome Reviewed by security researchers with...

Jeeves - Time-Based Blind SQLInjection Finder

Jeeves is made for looking to Time-Based Blind SQLInjection through recon. - Installation & Requirements: Installing Jeeves  $ go install github.com/ferreiraklet/Jeeves@latest OR $ git clone https://github.com/ferreiraklet/Jeeves.git $ cd Jeeves $ go build jeeves.go $ chmod +x jeeves $ ./jeeves...

PacketStreamer - Distributed Tcpdump For Cloud Native Environments

Deepfence PacketStreamer is a high-performance remote packet capture and collection tool. It is used by Deepfence's ThreatStryker security observability platform to gather network traffic on demand from cloud workloads for forensic analysis. Primary design goals: Stay light, capture and stream, n...

Blackbird - An OSINT Tool To Search For Accounts By Username In 101 Social Networks

Blackbird An OSINT tool to search fast for accounts by username across 101 sites. The Lockheed SR-71 "Blackbird" is a long-range, high-altitude, Mach 3+ strategic reconnaissance aircraft developed and manufactured by the American aerospace company Lockheed Corporation. Disclaimer This or previous...

Offensive-Azure - Collection Of Offensive Tools Targeting Microsoft Azure

Collection of offensive tools targeting Microsoft Azure written in Python to be platform agnostic. The current list of tools can be found below with a brief description of their functionality. ./DeviceCode/devicecodeeasymode.py Generates a code to be entered by the target user Can be used for...

AutoPWN Suite - Project For Scanning Vulnerabilities And Exploiting Systems Automatically

AutoPWN Suite is a project for scanning vulnerabilities and exploiting systems automatically. How does it work? AutoPWN Suite uses nmap TCP-SYN scan to enumerate the host and detect the version of softwares running on it. After gathering enough information about the host, AutoPWN Suite...

Socialhunter - Crawls The Website And Finds Broken Social Media Links That Can Be Hijacked

Crawls the given URL and finds broken social media links that can be hijacked. Broken social links may allow an attacker to conduct phishing attacks. It also can cost a loss of the company's reputation. Broken social media hijack issues are usually accepted on the bug bounty programs. Currently, ...

Nipe - An Engine To Make Tor Network Your Default Gateway

The Tor project allows users to surf the Internet, chat and send instant messages anonymously through its own mechanism. It is used by a wide variety of people, companies and organizations, both for lawful activities and for other illicit purposes. Tor has been largely used by intelligence...

Sentinel-Attack - Tools To Rapidly Deploy A Threat Hunting Capability On Azure Sentinel That Leverages Sysmon And MITRE ATT&CK

Sentinel ATT&CK aims to simplify the rapid deployment of a threat hunting capability that leverages Sysmon and MITRE ATT&CK on Azure Sentinel. DISCLAIMER: This tool requires tuning and investigative trialling to be truly effective in a production environment. Overview Sentinel ATT&CK provides the...

Lockc - Making Containers More Secure With eBPF And Linux Security Modules (LSM)

lockc is open source sofware for providing MAC Mandatory Access Control type of security audit for container workloads. The main reason why lockc exists is that containers do not contain. Containers are not as secure and isolated as VMs. By default, they expose a lot of information about host OS...

AWS-Threat-Simulation-and-Detection - Playing Around With Stratus Red Team (Cloud Attack Simulation Tool) And SumoLogic

This repository is a documentation of my adventures with Stratus Red Team - a tool for adversary emulation for the cloud. Stratus Red Team is "Atomic Red Team for the cloud, allowing to emulate offensive attack techniques in a granular and self-contained manner. We run the attacks covered in the...

Puwr - SSH Pivoting Script For Expanding Attack Surfaces On Local Networks

Easily expand your attack surface on a local network by discovering more hosts, via SSH. Using a machine running a SSH service, Puwr uses a given subnet range to scope out IP's, sending back any successful ping requests it has. This can be used to expand out an attack surface on a local network, ...

AzureRT - A Powershell Module Implementing Various Azure Red Team Tactics

Powershell module implementing various cmdlets to interact with Azure and Azure AD from an offensive perspective. Helpful utilities dealing with access token based authentication, switching from Az to AzureAD and az cli interfaces, easy to use pre-made attacks such as Runbook-based command...

COM-Hunter - COM Hijacking VOODOO

COM Hijacking VOODOO COM-hunter is a COM Hijacking persistnce tool written in C. This tool was inspired during the RTO course of @zeropointsecltd Features Finds out entry valid CLSIDs in the victim's machine. Finds out valid CLSIDs via Task Scheduler in the victim's machine. Finds out if someone...

CRLFsuite - Fast CRLF Injection Scanning Tool

CRLFsuite is a fast tool specially designed to scan CRLF injection. Installation $ git clone https://github.com/Nefcore/CRLFsuite.git $ cd CRLFsuite $ sudo python3 setup.py install $ crlfsuite -h Features Single URL scanning Multiple URL scanning Stdin supported GET & POST method supported...

SMB-Session-Spoofing - Tool To Create A Fake SMB Session

Welcome! This is a utility that can be compiled with Visual Studio 2019 or newer. The goal of this program is to create a fake SMB Session. The primary purpose of this is to serve as a method to lure attackers into accessing a honey-device. This program comes with no warranty or guarantees. Progr...

Atomic-Operator - A Python Package Is Used To Execute Atomic Red Team Tests (Atomics) Across Multiple Operating System Environments

This python package is used to execute Atomic Red Team tests Atomics across multiple operating system environments. What's new? Why? atomic-operator enables security professionals to test their detection and defensive capabilities against prescribed techniques defined within atomic-red-team. By...

Notionterm - Embed Reverse Shell In Notion Pages

Embedreverse shell in Notion pages. Hack while taking notes FOR: Hiding attacker IP in reverse shell No direct interaction between attacker and target machine. Notion is used as a proxy hosting the reverse shell Demo/Quick proof insertion within report High available and shareable reverse shell...

MITM_Intercept - A Little Bit Less Hackish Way To Intercept And Modify non-HTTP Protocols Through Burp And Others

A little bit less hackish way to intercept and modify non-HTTP protocols through Burp and others with SSL and TLS interception support. This tool is for researchers and applicative penetration testers that perform thick clients security assesments. An improved version of the fantastic mitmrelay...

Zap-Scripts - Zed Attack Proxy Scripts For Finding CVEs And Secrets

Zed Attack Proxy Scripts for finding CVEs and Secrets. Building This project uses Gradle to build the ZAP add-on, simply run: ./gradlew build in the main directory of the project, the add-on will be placed in the directory build/zapAddOn/bin/. Usage The easiest way to use this repo in ZAP is to a...

PowerGram - Multiplatform Telegram Bot In Pure PowerShell

PowerGram is a pure PowerShell Telegram Bot that can be run on Windows, Linux or Mac OS. To make use of it, you only need PowerShell 4 or higher and an internet connection. All communication between the Bot and Telegram servers is encrypted with HTTPS, but all requests will be sent in GET method,...

Wrongsecrets - Examples With How To Not Use Secrets

Welcome to the OWASP WrongSecrets p0wnable app. With this app, we have packed various ways of how to not store your secrets. These can help you to realize whether your secret management is ok. The challenge is to find all the different secrets by means of various tools and techniques. Can you sol...