RdpCacheStitcher - RdpCacheStitcher Is A Tool That Supports Forensic Analysts In Reconstructing Useful Images Out Of RDP Cache Bitmaps

RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps. Using raw RDP cache tile bitmaps extracted by tools like e.g. ANSSI's BMC-Tools https://github.com/ANSSI-FR/bmc-tools as input, it provides a graphical user interface and several...

NamedPipePTH - Pass The Hash To A Named Pipe For Token Impersonation

This project is a PoC code to use Pass-the-Hash for authentication on a local Named Pipe user Impersonation. There also is a blog post for explanation: https://s3cur3th1ssh1t.github.io/Named-Pipe-PTH/ It is heavily based on the code from the projects Invoke-SMBExec.ps1 and RoguePotato. I faced...

Ioccheck - A Tool For Simplifying The Process Of Researching IOCs

A tool for simplifying the process of researching file hashes, IP addresses, and other indicators of compromise IOCs. Features Look up hashes across multiple threat intelligence services, from a single command or a few lines of Python. Currenty supports the following services: VirusTotal...

FalconEye - Real-time detection software for Windows process injections

FalconEye is a windows endpoint detection software for real-time process injections. It is a kernel-mode driver that aims to catch process injections as they are happening real-time. Since FalconEye runs in kernel mode, it provides a stronger and reliable defense against process injection...

Rustcat - Netcat Alternative

About Rustcat is a port listener that can be used for different purposes. It is basically like netcat but with fewer options Why use Rustcat? Serves it purpose of listening to ports Has command history It is easy to use Supports udp Uses colors Installation Debian wget...

Kconfig-Hardened-Check - A Tool For Checking The Hardening Options In The Linux Kernel Config

Motivation There are plenty of Linux kernel hardening config options. A lot of them are not enabled by the major distros. We have to enable these options ourselves to make our systems more secure. But nobody likes checking configs manually. So let the computers do their job!...

Joern - Open-source Code Analysis Platform For C/C++/Java Based On Code Property Graphs

Joern's Documentation is available here: https://docs.joern.io/home Quick Installation wget https://github.com/ShiftLeftSecurity/joern/releases/latest/download/joern-install.sh chmod +x ./joern-install.sh sudo ./joern-install.sh joern Compiling synthetic/ammonite/predef/interpBridge.sc Compiling...

PPLdump - Dump The Memory Of A PPL With A Userland Exploit

This tool implements a userland exploit that was initially discussed by James Forshaw a.k.a. @tiraniddo - in this blog post - for dumping the memory of any PPL as an administrator. I wrote two blog posts about this tool. The first part is about Protected Processes concepts while the second one...

Volatility GUI - GUI For Volatility Forensics Tool

This is a GUI for Volatility forensics tool written in PyQT5 Prerequisites: 1- Installed version of Volatility. 2- Install PyQT5. sudo apt-get install python3-pyqt5 3- Download Volatility GUI. Configuration From the downloaded Volatility GUI, edit config.py file to specify 1- Python 2 bainary nam...

Aggrokatz - An Aggressor Plugin Extension For Cobalt Strike Which Enables Pypykatz To Interface With The Beacons Remotely

aggrokatz is an Aggressor plugin extension for CobaltStrike which enables pypykatz to interface with the beacons remotely. The current version of aggrokatz allows pypykatz to parse LSASS dump files and Registry hive files to extract credentials and other secrets stored without downloading the fil...

Gundog - Guided Hunting In Microsoft 365 Defender

Gundog provides you with guided hunting in Microsoft 365 Defender. Especially if not only for Email and Endpoint Alerts at the moment. Functionality You provide an AlertID you might received via Email notification and gundog will then hunt for as much as possible associated data. It does not give...

TChopper - Conduct Lateral Movement Attack By Leveraging Unfiltered Services Display Name To Smuggle Binaries As Chunks Into The Target Machine

New technique I have discovered recently and give it a nickname Chop chop to perform lateral movement using windows services display name and WMI by smuggling the malicious binary as base64 chunks and automate the process using the TChopper tool. How it works the tool will get the file you willin...

A2P2V - Automated Attack Path Planning and Validation

Automated Attack Path Planning and Validation A2P2V is a planning and cyber-attack tool that provides the capability for users to determine a set of ranked attack sequences given a specific attacker goal. The aim of the tool is to simplify process so that non-security experts can generate clear,...

defenselessV1 - Just Another Vulnerable Web Application

Defenseless is a vulnerable web application written in PHP/MySQL. This is the first version of this application. The purpose of this application is to create security awareness among developers and new guys in application security. It would soon be updated with with more bugs and a new vulnerable...

Redpill - Assist Reverse Tcp Shells In Post-Exploration Tasks

Project Description The redpill project aims to assist reverse tcp shells in post-exploration tasks. Often in redteam engagements we need to use unconventional ways to access target system, such as reverse tcp shells not metasploit in order to bypass the defenses implemented by the system...

EmailFinder - Search Emails From A Domain Through Search Engines

\ \ /| \ | /| /| \ || \ | | | | | \ | || | || | | | | \ \ || | | || | | | | \ || | || \ | /| | \ || / | \ \ /|/ |/ / |/ / | Author: @JosueEncinar | Description: Search emails from a domain through search engines. | Version: 0.1b | Usage: emailfinder -d domain.com Installation: pip3 install...

pyWhat - Identify Anything. Easily Lets You Identify Emails, IP Addresses, And More...

The easiest way to identify anything pip3 install pywhat && pywhat --help What is this? Imagine this: You come across some mysterious text 5f4dcc3b5aa765d61d8327deb882cf99 and you wonder what it is. What do you do? Well, with what all you have to do is ask what "5f4dcc3b5aa765d61d8327deb882cf99"...

Nebula - Cloud C2 Framework, Which At The Moment Offers Reconnaissance, Enumeration, Exploitation, Post Exploitation On AWS

Nebula is a Cloud and hopefully DevOps Penetration Testing framework. It is build with modules for each provider and each functionality. As of April 2021, it only covers AWS, but is currently an ongoing project and hopefully will continue to grow to test GCP, Azure, Kubernetes, Docker, or...

iOS Malicious Bit Hunter - A Malicious Plug-In Detection Eng ine For iOS Applications

iOS Malicious Bit Hunter is a malicious plug-in detection engine for iOS applications. It can analyze the head of the macho file of the injected dylib dynamic library based on runtime, and can perform behavior analysis through interface input characteristics to determine the behavior of the dynam...

Interactsh - An OOB Interaction Gathering Server And Client Library

Interactsh is an Open-Source Solution for Out of band Data Extraction, A tool designed to detect bugs that cause external interactions, For example - Blind SQLi, Blind CMDi, SSRF, etc. Features DNS/HTTP/SMTP Interaction support CLI Client / Web Dashboard support AES encryption with zero logging...

BlueCloud - Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D

Cyber Range deployment of HELK and Velociraptor! Automated terraform deployment of one system running HELK + Velociraptor server with one registered Windows endpoint in Azure or AWS. A collection of Terraform and Ansible scripts that automatically and quickly deploys a small HELK + Velociraptor R...

Neurax - A Framework For Constructing Self-Spreading Binaries

A framework that aids in creation of self-spreading software Requirements go get -u github.com/redcode-labs/Coldfire go get -u github.com/yelinaung/go-haikunator New in v. 2.0 New wordlist mutators + common passwords by country Improvised passive scanning .FastScan option that makes active scans ...

Libinjection - SQL / SQLI Tokenizer Parser Analyzer

SQL / SQLI tokenizer parser analyzer. For C and C++ PHP Python Lua Java external port LuaJIT/FFI https://github.com/p0pr0ck5/lua-ffi-libinjection external port See https://www.client9.com/ for details and presentations. Simple example: fingerprint of '%s'\n", state.fingerprint; return issqli; "...

SharpWebServer - HTTP And WebDAV Server With Net-NTLM Hashes Capture Functionality

A Red Team oriented simple HTTP & WebDAV server written in C with functionality to capture Net-NTLM hashes. To be used for serving payloads on compromised machines for lateral movement purposes. Requires .NET Framework 4.5 and System.Net and System.Net.Sockets references. Usage :: SharpWebServer ...

Bbscope - Scope Gathering Tool For HackerOne, Bugcrowd, And Intigriti!

The ultimate scope gathering tool for HackerOne, Bugcrowd, and Intigriti by sw33tLie. Need to grep all the large scope domains that you've got on your bug bounty platforms? This is the right tool for the job. What about getting a list of android apps that you are allowed to test? We've got you...

ColdFire - Golang Malware Development Library

Golang malware development framework Introduction ColdFire provides various methods useful for malware development in Golang. Most functions are compatible with both Linux and Windows operating systems. Installation go get github.com/redcode-labs/ColdFire Types of functions included Logging...

Link - A Command And Control Framework Written In Rust

link is a command and control framework written in rust. Currently in beta. Introduction link provides MacOS, Linux and Windows implants which may lack the necessary evasive tradecraft provided by other more mature command and control frameworks. Tested on Linux only. Features Hopefully this list...

Totp-Ssh-Fluxer - Take Security By Obscurity To The Next Level (This Is A Bad Idea, Don'T Really Use This Please)

Some people change their SSH port on their servers so that it is slightly harder to find for bots or other nasties, and while that is generally viewed as an action of security through obscurity it does work very well at killing a lot of the automated logins you always see in /var/log/auth.log...

RedWarden - Flexible CobaltStrike Malleable Redirector

RedWarden - Flexible CobaltStrike Malleable Redirector previously known as proxy2's malleableredirector plugin Let's raise the bar in C2 redirectors IR resiliency, shall we? Red Teaming business has seen several different great ideas on how to combat incident responders and misdirect them while...

Krane - Kubernetes RBAC Static Analysis And Visualisation Tool

Krane is a simple Kubernetes RBAC static analysis tool. It identifies potential security risks in K8s RBAC design and makes suggestions on how to mitigate them. Krane dashboard presents current RBAC security posture and lets you navigate through its definition. Features RBAC Risk rules - Krane...

Typodetect - Detect The Active Mutations Of Domains

This tool gives blue teams, SOC's, researchers and companies the ability to detect the active mutations of their domains, thus preventing the use of these domains in fraudulent activities, such as phishing and smishing. For this, Typodetect allows the use of the latest available version of the TL...

Shepard - In Progress Persistent Download/Upload/Execution Tool Using Windows BITS

This is an IN PROGRESS persistance tool using Windows Background Intelligent Transfer Service BITS. Functionality: File Download, File Exfiltration, File Download + Persistent Execution Usage: run shepard.exe as Administrator with the following command line arguments -d remoteLocation, writePath:...

Metarget - Framework Providing Automatic Constructions Of Vulnerable Infrastructures

1 Introduction Metarget = meta- + target, a framework providing automatic constructions of vulnerable infrastructures, used to deploy simple or complicated vulnerable cloud native targets swiftly and automatically. 1.1 Why Metarget? During security researches, we might find that the deployment of...

Penglab - Abuse Of Google Colab For Cracking Hashes

Abuse of Google Colab for fun and profit. What is it ? Penglab is a ready-to-install setup on Google Colab for cracking hashes with an incredible power, really useful for CTFs. See benchmarks below. It installs by default : Hashcat John Hydra SSH with ngrok And now, it can also : Launch an...

Bn-Uefi-Helper - Helper Plugin For Analyzing UEFI Firmware

Helper plugin for analyzing UEFI firmware. This plugin contains the following features: Apply the correct prototype to the entry point function Fix segments so all segments are RWX and have the correct semantics This allows for global function pointers to be rendered correctly Apply types for cor...

403Fuzzer - Fuzz 403/401Ing Endpoints For Bypasses

Fuzz 403ing endpoints for bypasses Follow on twitter! @intrudir This tool will check the endpoint with a couple of headers such as X-Forwarded-For It will also apply different payloads typically used in dir traversals, path normalization etc. to each endpoint on the path. e.g. /%2e/test/test2...

Onelinepy - Python Obfuscator To Generate One-Liners And FUD Payloads

Python Obfuscator To Generate One-Liners And FUD Payloads. Download & Run git clone https://github.com/spicesouls/onelinepy cd onelinepy chmod +x setup.sh ./setup.sh onelinepy Usage Guide | || | . | | -| | | | -| . | | | Python |||||||||| | | Obfustucator || || usage: oneline.py -h -m M -i I...

Arkhota - A Web Brute Forcer For Android

What? Arkhota is a web HTTP/S brute forcer for Android. Why? A web brute forcer is always in a hacker's computer, for obvious reasons. Sometimes attacks require to be quick or/and with minimal device preparation. Also a phone takes less attention rather than a laptop/computer. For this situations...

Dent - A Framework For Creating COM-based Bypasses Utilizing Vulnerabilities In Microsoft's WDAPT Sensors

More Information If you want to learn more about the techniques utlized in this framework please take a look at this article. Description This framework generates code to exploit vulnerabilties in Microsoft Defender Advanced Threat Protection's Attack Surface Reduction ASR rules to execute...

Caronte - A Tool To Analyze The Network Flow During Attack/Defence Capture The Flag Competitions

Caronte is a tool to analyze the network flow during capture the flag events of type attack/defence. It reassembles TCP packets captured in pcap files to rebuild TCP connections, and analyzes each connection to find user-defined patterns. The patterns can be defined as regex or using protocol...

magicRecon - A Powerful Shell Script To Maximize The Recon And Data Collection Process Of An Objective And Finding Common Vulnerabilities

MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats. The new version of MagicRecon has a large number of new too...

Bucky - An Automatic S3 Bucket Discovery Tool

Bucky is an automatic tool designed to discover S3 bucket misconfiguration, Bucky consists up of two modules Bucky firefox addon and Bucky backend engine. Bucky addon reads the source code of the webpages and uses Regular ExpressionRegex to match the S3 bucket used as Content Delivery NetworkCDN...

Kaiju - A Binary Analysis Framework Extension For The Ghidra Software Reverse Engineering Suite

CERT Kaiju is a collection of binary analysis tools for Ghidra. This is a Ghidra/Java implementation of some features of the CERT Pharos Binary Analysis Framework, particularly the function hashing and malware analysis tools, but is expected to grow new tools and capabilities over time. As this i...

CheeseTools - Self-developed Tools For Lateral Movement/Code Execution

This repository has been made basing onto the already existing MiscTool, so big shout-out to rasta-mouse for releasing them and for giving me the right motivation to work on them. CheeseExec Command Exec / Lateral movement via PsExec-like functionality. Must be running in the context of a...

IMAPLoginTester - Script That Reads A Text File With Lots Of E-Mails And Passwords, And Tries To Check If Those Credentials Are Valid By Trying To Login On IMAP Servers

IMAPLoginTester is a simple Python script that reads a text file with lots of e-mails and passwords, and tries to check if those credentials are valid by trying to login to the respective IMAP servers. Usage: usage: imaplogintester.py -h -i INPUT -o OUTPUT -s -t SLEEPTIME -T TIMEOUT -P SOCKS5PROX...

slopShell - The Only Php Webshell You Need

php webshell Since I derped, and forgot to talk about usage. Here goes. For this shell to work, you need 2 things, a victim that allows php file uploadyourself, in an educational environment and a way to send http requests to this webshell. Basic Usage VideoHosted on Youtube: Current VT Detection...

HookDump - Security Product Hook Detection

EDR function hook dumping Please refer to the Zeroperil blog post for more information https://zeroperil.co.uk/hookdump/ Building source In order to build this you will need Visual Studio 2019 community edition is fine and CMake. The batch file Configure.bat will create two build directories with...

AnalyticsRelationships - Get Related Domains / Subdomains By Looking At Google Analytics IDs

subdomains by looking at Google Analytics IDs Python/GO versions By @JosueEncinar " Get related domains / subdomains by looking at Google Analytics IDs Python/GO versions By @JosueEncinar This script try to get related domains / subdomains by looking at Google Analytics IDs from a URL. First sear...

Dystopia - Low To Medium Multithreaded Ubuntu Core Honeypot Coded In Python

Low to medium Ubuntu Core honeypot coded in Python. Features Optional Login Prompt Logs commands used and IP addresses Customize MOTD, Port, Hostname and how many clients can connect at once default is unlimited Save and load config Add support to a plethora of commands Todo Packet Capture Better...

FireStorePwn - Firestore Database Vulnerability Scanner Using APKs

fsp scans an APK and checks the Firestore database for rules that are not secure, testing with or without authentication. If there are problems with the security rules, attackers could steal, modify or delete data and raise the bill. Install fsp sudo wget...