CloudSpec - An Open Source Tool For Validating Your Resources In Your Cloud Providers Using A Logical Language

CloudSpec is an open source tool for validating your resources in your cloud providers using a logical language that everybody can understand. With its reasonably simple syntax, you can validate the configuration of your cloud resources, avoiding mistakes that can lead to availability or...

CaptfEncoder - An Extensible Cross Platform Network Security Tool Suite

Captfencoder is an extensible cross platform network security tool suite, providing network security related code conversion, classical cryptography, cryptography, asymmetric encryption, special coding, miscellaneous tools, and aggregating all kinds of online tools. CaptfEncoder all functions...

ADenum - A Pentesting Tool That Allows To Find Misconfiguration Through The The Protocol LDAP And Exploit Some Of Those Weaknesses With Kerberos

AD Enum is a pentesting tool that allows to find misconfiguration through the protocol LDAP and exploit some of those weaknesses with Kerberos. cracking john -jp path John binary path -w wordList The path of the wordlist to be used john Default:...

Tarian - Antivirus for Kubernetes

We want to maintain this as an open-source project to fight against the attacks on our favorite Kubernetes ecosystem. By continuous contribution, we can fight threats together as a community. Protect your Applications running on Kubernetes from malicious attacks by pre-registering your source cod...

DInjector - Collection Of Shellcode Injection Techniques Packed In A D/Invoke Weaponized DLL

This repository is an accumulation of my code snippets for various shellcode injection techniques using fantastic D/Invoke API by @TheWover and @FuzzySecurity. Features: Fully ported to D/Invoke API Encrypted payloads which can be invoked from a URL or passed in base64 as an argument Built-in AMS...

AFLTriage - Tool To Triage Crashing Input Files Using A Debugger

AFLTriage is a tool to triage crashing input files using a debugger. It is designed to be portable and not require any run-time dependencies, besides libc and an external debugger. It supports triaging crashes generated by any program, not just AFL, but recognizes AFL directories specially, hence...

O365Spray - Username Enumeration And Password Spraying Tool Aimed At Microsoft O365

For educational, authorized and/or research purposes only. o365spray a username enumeration and password spraying tool aimed at Microsoft Office 365 O365. This tool reimplements a collection of enumeration and spray techniques researched and identified by those mentioned in Acknowledgments...

SMBeagle - Fileshare Auditing Tool That Hunts Out All Files It Can See In The Network And Reports If The File Can Be Read And/Or Written

SMBeagle is an SMB fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host, or both!? SMBeagle tries to make use of the win32 APIs for maximum...

Fileless-Xec - Stealth Dropper Executing Remote Binaries Without Dropping Them On Disk

Certainly useful , mainly for fun, rougly inspired by 0x00 article Pentest use: fileless-xec is used on target machine to stealthy execute a binary file located on attacker machine Short story fileless-xec enable us to execute a remote binary on a local machine directly from memory without droppi...

KaliIntelligenceSuite - Shall Aid In The Fast, Autonomous, Central, And Comprehensive Collection Of Intelligence By Executing Standard Penetration Testing Tools

Kali Intelligence Suite KIS shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by automatically: executing Kali Linux tools e.g., dnsrecon, gobuster, hydra, nmap, etc. querying publicly available APIs e.g., Censys.io, Haveibeenpwned.com, Hunter.io,...

Swurg - Parse OpenAPI Documents Into Burp Suite For Automating OpenAPI-based APIs Security Assessments

Swurg is a Burp Suite extension designed for OpenAPI testing. The OpenAPI Specification OAS defines a standard, programming language-agnostic interface description for REST APIs, which allows both humans and computers to discover and understand the capabilities of a service without requiring acce...

STEWS - A Security Tool For Enumerating WebSockets

STEWS is a tool suite for security testing of WebSockets This research was first presented at OWASP Global AppSec US 2021 Features STEWS provides the ability to: Discover : find WebSockets endpoints on the web by testing a list of domains Fingerprint : determine what WebSockets server is running ...

Toutatis - A Tool That Allows You To Extract Information From Instagrams Accounts Such As E-Mails, Phone Numbers And More

Toutatis is a tool that allows you to extract information from instagrams accounts such as e-mails, phone numbers and more Prerequisite Python 3 ️ Installation With PyPI pip install toutatis With Github git clone https://github.com/megadose/toutatis.git cd toutatis/ python3 setup.py install ...

Forbidden - Bypass 4Xx HTTP Response Status Codes

Bypass 4xx HTTP response status codes. Based on PycURL. Script uses multithreading, and is based on brute forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. To filter o...

AirStrike - Automatically Grab And Crack WPA-2 Handshakes With Distributed Client-Server Architecture

Tool that automates cracking of WPA-2 Wi-Fi credentials using client-server architecture Requirements Airstrike uses Hashcat Brain Architecture, aircrack-ng suite, entr utility and some helper scripts. You can use install.sh script to download all dependencies if you're on system which has an...

IAM Vulnerable - Use Terraform To Create Your Own Vulnerable By Design AWS IAM Privilege Escalation Playground

Use Terraform to create your own vulnerable by design AWS IAM privilege escalation playground. IAM Vulnerable uses the Terraform binary and your AWS credentials to deploy over 250 IAM resources into your selected AWS account. Within minutes, you can start learning how to identify and exploit...

DLLHijackingScanner - This Is A PoC For Bypassing UAC Using DLL Hijacking And Abusing The "Trusted Directories" Verification

This is a PoC for bypassing UAC using DLL hijacking and abusing the "Trusted Directories" verification. Generate Header from CSV The python script CsvToHeader.py can be used to generate a header file. By default it will use the CSV file dllhijackingcandidates.csv that can be found here:...

IDA2Obj - Static Binary Instrumentation

IDA2Obj is a tool to implement SBI StaticBinary Instrumentation. The working flow is simple: Dump object files COFF directly from one executable binary. Link the object files into a new binary, almost the same as the old one. During the dumping process, you can insert any data/code at any locatio...

ClusterFuzzLite - Simple Continuous Fuzzing That Runs In CI

ClusterFuzzLite is a continuous fuzzing solution that runs as part of Continuous Integration CI workflows to find vulnerabilities faster than ever before. With just a few lines of code, GitHub users can integrate ClusterFuzzLite into their workflow and fuzz pull requests to catch bugs before they...

Crawpy - Yet Another Content Discovery Tool

Yet another content discovery tool written in python. What makes this tool different than others: It is written to work asynchronously which allows reaching to maximum limits. So it is very fast. Calibration mode, applies filters on its own Has bunch of flags that helps you fuzz in detail Recursi...

Kerberoast - Kerberoast Attack -Pure Python-

Kerberos attack toolkit -pure python- Install pip3 install kerberoast Prereqirements Python 3.6 See requirements.txt For the impatient IMPORTANT: the accepted target url formats for LDAP and Kerberos are the following : +://:@/?= : +://:@/?= Steps -with SSPI-: kerberoast auto Steps -SSPI not...

ShonyDanza - A Customizable, Easy-To-Navigate Tool For Researching, Pen Testing, And Defending With The Power Of Shodan

A customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan. With ShonyDanza, you can: Obtain IPs based on search criteria Automatically exclude honeypots from the results based on your pre-configured thresholds Pre-configure all IP searches to filte...

XC - A Small Reverse Shell For Linux And Windows

Netcat like reverse shell for Linux & Windows. Features Windows Usage: └ Shared Commands: !exit !upload uploads a file to the target !download downloads a file from the target !lfwd local portforwarding like ssh -L !rfwd remote portforwarding like ssh -R !lsfwd lists active forwards !rmfwd remove...

ZipExec - A Unique Technique To Execute Binaries From A Password Protected Zip

ZipExec is a Proof-of-Concept POC tool to wrap binary-based tools into a password-protected zip file. This zip file is then base64 encoded into a string that is rebuilt on disk. This encoded string is then loaded into a JScript file that when executed, would rebuild the password-protected zip fil...

Kit_Hunter - A Basic Phishing Kit Scanner For Dedicated And Semi-Dedicated Hosting

Kit Hunter: A basic phishing kit detection tool Version 2.6.0 28 September 2021 Testing and development took place on Python 3.7.3 Linux What is Kit Hunter? Kit Hunter is a personal project to learn Python, and a basic scanning tool that will search directories and locate phishing kits based on...

Digital-Forensics-Lab - Free Hands-On Digital Forensics Labs For Students And Faculty

Features of Repository =================== Hands-on Digital Forensics Labs: designed for Students and Faculty Linux-based lab: All labs are purely based on Kali Linux Lab screenshots: Each lab has PPTs with instruction screenshots Comprehensive: Cover many topics in digital forensics Free: All...

OffensiveRust - Rust Weaponization For Red Team Engagements

My experiments in weaponizing Rust for implant development and general offensive operations. Why Rust? It is faster than languages like C/C++ It is multi-purpose language, bearing excellent communities It has an amazing inbuilt dependency build management called Cargo It is LLVM based which makes...

DetectionLabELK - A Fork From DetectionLab With ELK Stack Instead Of Splunk

DetectionLabELK is a fork from Chris Long's DetectionLab with ELK stack instead of Splunk. Description: DetectionLabELK is the perfect lab to use if you would like to build effective detection capabilities. It has been designed with defenders in mind. Its primary purpose is to allow blueteams to...

4-ZERO-3 - 403/401 Bypass Methods + Bash Automation

Introduction 4-ZERO-3 Tool to bypass 403/401. This script contain all the possible techniques to do the same. NOTE : If you see multiple 200 Ok/bypasses as output, you must check the Content-Length. If the content-length is same for multiple 200 Ok/bypasses means false positive. Reason can be...

Cracken - A Fast Password Wordlist Generator, Smartlist Creation And Password Hybrid-Mask Analysis Tool

Cracken is a fast password wordlist generator, Smartlist creation and password hybrid-mask analysis tool written in pure safe Rust more on talk/. Inspired by great tools like maskprocessor, hashcat, Crunch and 珞 HuggingFace's tokenizers. What? Why? Woot?? At DeepSec2021 we presented a new method...

FakeDataGen - Full Valid Fake Data Generator

FakeDataGen is a Full Valid Fake Data Generator. This tool helps you to create fake accounts in Spanish format with fully valid data. Within this information, you can find the most common names, emails, bank details and other useful information. Requirements Python 3 Install requirements.txt...

ELFXtract - An Automated Analysis Tool Used For Enumerating ELF Binaries

ELFXtract is an automated analysis tool used for enumerating ELF binaries Powered by Radare2 and r2ghidra This is specially developed for PWN challenges and it has many automated features It almost displays every details of the ELF and also decompiles its ASM to C code using r2ghidra Decompiling...

goEnumBruteSpray - User Enumeration And Password Bruteforce On Azure, ADFS, OWA, O365 And Gather Emails On Linkedin

The recommended module is o365 for user enumeration and passwords bruteforce / spray . Additional information can be retrieved to avoid account lockout, to know that the password is good but expired, MFA enabled,... Linkedin This module should be used to retrieve a list of email addresses before...

Nanobrok - Web Service For Control And Protect Your Android Device Remotely

Web Service write in Python for control and protect yourandroid device remotely. The official app can be found on the PlayStore: NanobrokPro Nanobrok Community Overview Nanobrok-Server is powerful opensource webservice for control and protect your android device, written in Python, that allow and...

LOLBins - PyQT5 App For LOLBAS And GTFOBins

PyQT app to list all Living Off The Land Binaries and Scripts for Windows from LOLBAS and Unix binaries that can be used to bypass local security restrictions in misconfigured systems from GTFOBins. Widnows Linux Download LOLBins...

Redherd Framework -A Collaborative And Serverless Framework For Orchestrating A Geographically Distributed Group Of Assets

RedHerd is a collaborative and serverless framework for orchestrating a geographically distributed group of assets capable of conducting simulating complex offensive cyberspace operations. --- Getting Started Take a look at the RedHerd documentation for instructions on how to getting started with...

Whoc - A Container Image That Extracts The Underlying Container Runtime

A container image that extracts the underlying container runtime and sends it to a remote server. Poke at the underlying container runtime of your favorite CSP container platform! WhoC at Defcon 29 Cloud Village Azurescape - whoc-powered research, the first cross-account container takeover in the...

Whispers - Identify Hardcoded Secrets In Static Structured Text

"My little birds are everywhere, even in the North, they whisper to me the strangest stories." - Lord Varys Whispers is a static code analysis tool designed for parsing various common data formats in search of hardcoded credentials and dangerous functions. Whispers can run in the CLI or you can...

UDP-Hunter - Network Assessment Tool For Various UDP Services Covering Both IPv4 And IPv6 Protocols

UDP Scanning has always been a slow and painful exercise, and if you add IPv6 on top of UDP, the tool choices get pretty limited. UDP Hunter is a python based open source network assessment tool focused on UDP Service Scanning. With UDP Hunter, we have focused on providing auditing of widely know...

ThreatBox - A Standard And Controlled Linux Based Attack Platform

ThreatBox is a standard and controlled Linux based attack platform. I've used a version of this for years. It started as a collection of scripts, lived as a rolling virtual machine, existed as code to build a Linux ISO, and has now been converted to a set of ansible playbooks. Why Ansible? Why no...

ThreadBoat - Program Uses Thread Execution Hijacking To Inject Native Shell-code Into A Standard Win32 Application

Program uses Thread Hijacking to Inject Native Shellcode into a Standard Win32 Application. About I developed this small project to continue my experiences of different code injection methods and to allow RedTeam security professionals to utilize this method as a unique way to perform software...

Stacs - Static Token And Credential Scanner

Static Token And Credential Scanner What is it? STACS is a YARA powered static credential scanner which suports binary file formats, analysis of nested archives, composable rulesets and ignore lists, and SARIF reporting. What does STACS support? Currently, STACS supports recursive unpacking of...

SillyRAT - A Cross Platform Multifunctional (Windows/Linux/Mac) RAT

A Cross Platform multifunctional Windows/Linux/Mac RAT. Getting Started Description A cross platform RAT written in pure Python. The RAT accept commands alongside arguments to either perform as the server who accepts connections or to perform as the client/target who establish connections to the...

Registry-Recon - Cobalt Strike Aggressor Script That Performs System/AV/EDR Recon

Cobalt Strike Aggressor Script that Performs System/AV/EDR Recon. Author: Jess Hires Description As a red-team practitioner, we are often using tools that attempt to fingerprint details about a compromised system, preferably in the most stealthy way possible. Some of our usual tooling for this...

pwnSpoof - Generates realistic spoofed log files for common web servers with customisable attack scenarios

pwnSpoof from Punk Security generates realistic spoofed log files for common web servers with customisable attack scenarios. Every log bundle is unique and completely customisable, making it perfect for generating CTF scenarios and for training serials. Can you find the attacker session and build...

Nosferatu - Lsass NTLM Authentication Backdoor

Lsass NTLM Authentication Backdoor How it Works First, the DLL is injected into the lsass.exe process, and will begin hooking authentication WinAPI calls. The targeted function is MsvpPasswordValidate, located in NtlmShared.dll. In the pursuit of not being detected, the hooked function will call...

Msticpy - Microsoft Threat Intelligence Security Tools

Microsoft Threat Intelligence Python Security Tools. msticpy is a library for InfoSec investigation and hunting in Jupyter Notebooks. It includes functionality to: query log data from multiple sources enrich the data with Threat Intelligence, geolocations and Azure resource data extract Indicator...

Kubernetes-Goat - Is A "Vulnerable By Design" Kubernetes Cluster. Designed To Be An Intentionally Vulnerable Cluster Environment To Learn And Practice Kubernetes Security

The Kubernetes Goat is designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security. Refer tohttps://madhuakula.com/kubernetes-goat for the guide. Show us some Please feel free to send us a PR and show some Upcoming Training's and Sessions DEFCON DEMO...

Kube-Applier - Enables Automated Deployment And Declarative Configuration For Your Kubernetes Cluster

kube-applier is a service that enables continuous deployment of Kubernetes objects by applying declarative configuration files from a Git repository to a Kubernetes cluster. kube-applier runs as a Pod in your cluster and watches the Git repo to ensure that the cluster objects are up-to-date with...

JVMXRay - Make Java Security Events Of Interest Visible For Analysis

JVMXRay is a technology for monitoring access to system resources within the Java Virtual Machine. It’s designed with application security emphasis but some will also find it beneficial for software quality processes and diagnostics. More about Oracle Java Duke mascot... Contact/Chat Group New ch...