BloodHound - Six Degrees Of Domain Admin

BloodHound is a monolithic web application composed of an embedded React frontend with Sigma.js and a Go based REST API backend. It is deployed with a Postgresql application database and a Neo4j graph database, and is fed by the SharpHound and AzureHound data collectors. BloodHound uses graph...

Tinyfilemanager-Wh1Z-Edition - Effortlessly Browse And Manage Your Files With Ease Using Tiny File Manager [WH1Z-Edition], A Compact Single-File PHP File Manager

Introducing Tiny File Manager WH1Z-Edition, the compact and efficient solution for managing your files and folders with enhanced privacy and security features. Gone are the days of relying on external resources – I've stripped down the code to its core, making it truly lightweight and perfect for...

Kali Linux 2024.1 - Penetration Testing and Ethical Hacking Linux Distribution

Time for another Kali Linux release! – Kali Linux 2024.1. This release has various impressive updates. The summary of the changelog since the 2023.4 release from December is: Micro Mirror Free Software CDN - FCIX Software Mirror reached out offering to host our images, and we said yes 2024 Theme...

Moukthar - Android Remote Administration Tool

Remote adminitration tool for android Features Notifications listener SMS listener Phone call recording Image capturing and screenshots Persistence Read & write contacts List installed applications Download & upload files Get device location Installation Clone repository console git clone...

RKS - A Script To Automate Keystrokes Through A Graphical Desktop Program

A script to automate keystrokes through an active remote desktop session that assists offensive operators in combination with living off the land techniques. About RKS RemoteKeyStrokes All credits goes to nopernik for making it possible so I took it upon myself to improve it. I wanted something...

LeakSearch - Search & Parse Password Leaks

LeakSearch is a simple tool to search and parse plain text passwords using ProxyNova COMB Combination Of Many Breaches over the Internet. You can define a custom proxy and you can also use your own password file, to search using different keywords: such as user, domain or password. In addition, y...

CanaryTokenScanner - Script Designed To Proactively Identify Canary Tokens Within Microsoft Office Documents And Acrobat Reader PDF (docx, xlsx, pptx, pdf)

Detecting Canary Tokens and Suspicious URLs inMicrosoft Office, Acrobat Reader PDF and Zip Files Introduction In the dynamic realm of cybersecurity, vigilance and proactive defense are key. Malicious actors often leverage Microsoft Office files and Zip archives, embedding covert URLs or macros to...

Huntr-Com-Bug-Bounties-Collector - Keep Watching New Bug Bounty (Vulnerability) Postings

New bug bountyvulnerabilities collector Requirements Chrome with GUI If you encounter trouble with script execution, check the status of VMs GPU features, if available. Chrome WebDriver Preview python3 main.py 2024-02-20 16:14:47.836189 1. Arbitrary File Reading due to Lack of Input Filepath...

BackDoorSim - An Educational Into Remote Administration Tools

BackdoorSim is a remote administration and monitoring tool designed for educational and testing purposes. It consists of two main components: ControlServer and BackdoorClient. The server controls the client, allowing for various operations like file transfer, system monitoring, and more. Disclaim...

CVE-2024-23897 - Jenkins <= 2.441 & <= LTS 2.426.2 PoC And Scanner

Exploitation and scanning tool specifically designed for Jenkins versions -p -f or python CVE-2024-23897.py -i -f Parameters: - -t or --target: Specify the target IPs. Supports single IP, IP range, comma-separated list, or CIDR block. - -i or --input-file: Path to input file containing hosts in...

swaggerHole - A Python3 Script Searching For Secret On Swaggerhub

Introduction This tool is made to automate the process of retrieving secrets in the public APIs on swaggerHub. This tool is multithreaded and pipe mode is available : Requirements - python3 sudo apt install python3 - pip3 sudo apt install python3-pip Installation pip3 install swaggerhole or...

RepoReaper - An Automated Tool Crafted To Meticulously Scan And Identify Exposed .Git Repositories Within Specified Domains And Their Subdomains

RepoReaper is a precision tool designed to automate the identification of exposed .git repositories across a list of domains and subdomains. By processing a user-provided text file with domain names, RepoReaper systematically checks each for publicly accessible .git files. This enables rapid...

SploitScan - A Sophisticated Cybersecurity Utility Designed To Provide Detailed Information On Vulnerabilities And Associated Proof-Of-Concept (PoC) Exploits

SploitScan is a powerful and user-friendly tool designed to streamline the process of identifying exploits for known vulnerabilities and their respective exploitation probability. Empowering cybersecurity professionals with the capability to swiftly identify and apply known and test exploits. It'...

SpeedyTest - Command-Line Tool For Measuring Internet Speed

SpeedyTest is a powerful command-line tool for measuring internet speed. With its advanced features and intuitive interface, it provides accurate and comprehensive speed test results. Whether you're a network administrator, developer, or simply want to monitor your internet connection, SpeedyTest...

SwaggerSpy - Automated OSINT On SwaggerHub

SwaggerSpy is a tool designed for automated Open Source Intelligence OSINT on SwaggerHub. This project aims to streamline the process of gathering intelligence from APIs documented on SwaggerHub, providing valuable insights for security researchers, developers, and IT professionals. What is...

AzSubEnum - Azure Service Subdomain Enumeration

AzSubEnum is a specialized subdomain enumeration tool tailored for Azure services. This tool is designed to meticulously search and identify subdomains associated with various Azure services. Through a combination of techniques and queries, AzSubEnum delves into the Azure domain structure,...

MrHandler - Linux Incident Response Reporting

MR.Handler is a specialized tool designed for responding to security incidents on Linux systems. It connects to target systems via SSH to execute a range of diagnostic commands, gathering crucial information such as network configurations, system logs, user accounts, and running processes. At the...

NullSection - An Anti-Reversing Tool That Applies A Technique That Overwrites The Section Header With Nullbytes

NullSection is an Anti-Reversing tool that applies a technique that overwrites the section header with nullbytes. Install git clone https://github.com/MatheuZSecurity/NullSection cd NullSection gcc nullsection.c -o nullsection ./nullsection Advantage When running nullsection on any ELF, it could ...

WEB-Wordlist-Generator - Creates Related Wordlists After Scanning Your Web Applications

WEB-Wordlist-Generator scans your web applications and creates related wordlists to take preliminary countermeasures against cyber attacks. Done x Scan Static Files. Scan Metadata Of Public Documents pdf,doc,xls,ppt,docx,pptx,xlsx etc. Create a New Associated Wordlist with the Wordlist Given as a...

Secbutler - The Perfect Butler For Pentesters, Bug-Bounty Hunters And Security Researchers

Essential utilities for pentester, bug-bounty hunters and security researchers secbutler is a utility tool made for pentesters , bug-bounty hunters and security researchers that contains all the most used and tedious stuff commonly used while performing cybersecurity activities like installing...

SqliSniper - Advanced Time-based Blind SQL Injection Fuzzer For HTTP Headers

SqliSniper is a robust Python tool designed to detect time-based blind SQL injections in HTTP request headers. It enhances the security assessment process by rapidly scanning and identifying potential vulnerabilities using multi-threaded, ensuring speed and efficiency. Unlike other scanners,...

CloudMiner - Execute Code Using Azure Automation Service Without Getting Charged

Execute code within Azure Automation service without getting charged Description CloudMiner is a tool designed to get free computing power within Azure Automation service. The tool utilizes the upload module/package flow to execute code which is totally free to use. This tool is intended for...

SADProtocol goes to Hollywood

.png Faraday’s researchers Javier Aguinaga and Octavio Gianatiempo have investigated on IP cameras and two high severity vulnerabilities. This research project began when Aguinaga's wife, a former Research leader at Faraday Security, informed him that their IP camera had stopped working. Although...

BounceBack - Stealth Redirector For Your Red Team Operation Security

BounceBack is a powerful, highly customizable and configurable reverse proxy with WAF functionality for hiding your C2/phishing/etc infrastructure from blue teams, sandboxes, scanners, etc. It uses real-time traffic analysis through various filters and their combinations to hide your tools from...

SharpShares - Multithreaded C# .NET Assembly To Enumerate Accessible Network Shares In A Domain

Multithreaded C .NET Assembly to enumerate accessible network shares in a domain Built upon djhohnstein's SharpShares project .\SharpShares.exe help Usage: SharpShares.exe /threads:50 /ldap:servers /ou:"OU=Special Servers,DC=example,DC=local" /filter:SYSVOL,NETLOGON,IPC$,PRINT$ /verbose...

Navgix - A Multi-Threaded Golang Tool That Will Check For Nginx Alias Traversal Vulnerabilities

navgix is a multi-threaded golang tool that will check for nginx alias traversal vulnerabilities Techniques Currently, navgix supports 2 techniques for finding vulnerable directories or location aliases. Those being the following: Heuristics navgix will make an initial GET request to the page, an...

Argus - A Framework for Staged Static Taint Analysis of GitHub Workflows and Actions

This repo contains the code for our USENIX Security '23 paper "ARGUS: A Framework for Staged Static Taint Analysis of GitHub Workflows and Actions". Argus is a comprehensive security analysis tool specifically designed for GitHub Actions. Built with an aim to enhance the security of CI/CD...

Nemesis - An Offensive Data Enrichment Pipeline

Nemesis is an offensive data enrichment pipeline and operator support system. Built on Kubernetes with scale in mind, our goal with Nemesis was to create a centralized data processing platform that ingests data produced during offensive security assessments. Nemesis aims to automate a number of...

Melee - Tool To Detect Infections In MySQL Instances

MELEE: A Tool to Detect Ransomware Infections in MySQL Instances Attackers are abusing MySQL instances for conducting nefarious operations on the Internet. The cybercriminals are targeting exposed MySQL instances and triggering infections at scale to exfiltrate data, destruct data, and extort mon...

Sncscan - Tool For Analyzing SAP Secure Network Communications (SNC)

Tool for analyzing SAP Secure Network Communications SNC. How to use? In its current state, sncscan can be used to read the SNC configurations for SAP Router and DIAG SAP GUI connections. The implementation for the SAP RFC protocol is currently in development. SAP Router SAP Routers can either...

Stompy - Timestomp Tool To Flatten MAC Times With A Specific Timestamp

A PowerShell function to perform timestomping on specified files and directories. The function can modify timestamps recursively for all files in a directory. Change timestamps for individual files or directories. Recursively apply timestamps to all files in a directory. Option to use specific...

PurpleKeep - Providing Azure Pipelines To Create An Infrastructure And Run Atomic Tests

With the rapidly increasing variety of attack techniques and a simultaneous rise in the number of detection rules offered by EDRs Endpoint Detection and Response and custom-created ones, the need for constant functional testing of detection rules has become evident. However, manually re-running...

BucketLoot - An Automated S3-compatible Bucket Inspector

BucketLoot is an automated S3-compatible Bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text. The tool can scan for bucke...

Raven - CI/CD Security Analyzer

RAVEN Risk Analysis andVulnerability Enumeration for CI/CD is a powerful security tool designed to perform massive scans for GitHub Actions CI workflows and digest the discovered data into a Neo4j database. Developed and maintained by the Cycode research team. With Raven, we were able to identify...

Route-Detect - Find Authentication (Authn) And Authorization (Authz) Security Bugs In Web Application Routes

Find authentication authn and authorization authz security bugs in web application routes: Web application HTTP route authn and authz bugs are some of the most common security issues found today. These industry standard resources highlight the severity of the issue: 2021 OWASP Top 10 1 - Broken...

Ligolo-Ng - An Advanced, Yet Simple, Tunneling/Pivoting Tool That Uses A TUN Interface

Ligolo-ng is a simple , lightweight and fast tool that allows pentesters to establish tunnels from a reverse TCP/TLS connection using a tun interface without the need of SOCKS. Features Tun interface No more SOCKS! Simple UI with agent selection and network information Easy to use and setup...

Antisquat - Leverages AI Techniques Such As NLP, ChatGPT And More To Empower Detection Of Typosquatting And Phishing Domains

AntiSquat leverages AI techniques such as natural language processing NLP, large language models ChatGPT and more to empower detection of typosquatting and phishing domains. How to use Clone the project via git clone https://github.com/redhuntlabs/antisquat. Install all dependencies by typing pip...

Airgorah - A WiFi Auditing Software That Can Perform Deauth Attacks And Passwords Cracking

Airgorah is a WiFi auditing software that can discover the clients connected to an access point, perform deauthentication attacks against specific clients or all the clients connected to it, capture WPA handshakes, and crack the password of the access point. It is written in Rust and uses GTK4 fo...

Rayder - A Lightweight Tool For Orchestrating And Organizing Your Bug Hunting Recon / Pentesting Command-Line Workflows

Rayder is a command-line tool designed to simplify the orchestration and execution of workflows. It allows you to define a series of modules in a YAML file, each consisting of commands to be executed. Rayder helps you automate complex processes, making it easy to streamline repetitive modules and...

Uscrapper - Powerful OSINT Webscraper For Personal Data Collection

Introducing Uscrapper 2.0, A powerfull OSINT webscrapper that allows users to extract various personal information from a website. It leverages web scraping techniques and regular expressions to extract email addresses, social media links, author names, geolocations, phone numbers, and usernames...

DllNotificationInjection - A POC Of A New "Threadless" Process Injection Technique That Works By Utilizing The Concept Of DLL Notification Callbacks In Local And Remote Processes

DllNotificationInection is a POC of a new “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes. An accompanying blog post with more details is available here: https://shorsec.io/blog/dll-notification-injection/ Ho...

Gssapi-Abuse - A Tool For Enumerating Potential Hosts That Are Open To GSSAPI Abuse Within Active Directory Networks

gssapi-abuse was released as part of my DEF CON 31 talk. A full write up on the abuse vector can be found here: A Broken Marriage: Abusing Mixed Vendor Kerberos Stacks The tool has two features. The first is the ability to enumerate non Windows hosts that are joined to Active Directory that offer...

ADCSync - Use ESC1 To Perform A Makeshift DCSync And Dump Hashes

This is a tool I whipped up together quickly to DCSync utilizing ESC1. It is quite slow but otherwise an effective means of performing a makeshift DCSync attack without utilizing DRSUAPI or Volume Shadow Copy. This is the first version of the tool and essentially just automates the process of...

FalconHound - A Blue Team Multi-Tool. It Allows You To Utilize And Enhance The Power Of Blo odHound In A More Automated Fashion

FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is designed to be used in conjunction with a SIEM or other log aggregation tool. One of the challenging aspects of BloodHound is that it is a snapshot in time...

pyGPOAbuse - Partial Python Implementation Of SharpGPOAbuse

Python partial implementation of SharpGPOAbuse by@pkb1s This tool can be used when a controlled account can modify an existing GPO that applies to one or more users & computers. It will create an immediate scheduled task as SYSTEM on the remote computer for computer GPO, or as logged in user for...

CloudRecon - Finding assets from certificates

CloudRecon Finding assets from certificates! Scan the web! Tool presented @DEFCON 31 Install You must have CGO enabled, and may have to install gcc to run CloudRecon sudo apt install gcc go install github.com/g0ldencybersec/CloudRecon@latest Description CloudRecon CloudRecon is a suite of tools f...

Pmkidcracker - A Tool To Crack WPA2 Passphrase With PMKID Value Without Clients Or De-Authentication

This program is a tool written in Python to recover the pre-shared key of a WPA2 WiFi network without any de-authentication or requiring any clients to be on the network. It targets the weakness of certain access points advertising the PMKID value in EAPOL message 1. Program Usage python...

EasyEASM - Zero-dollar Attack Surface Management Tool

Zero-dollar attack surface management tool featured at Black Hat Arsenal 2023 and Recon Village @ DEF CON 2023. Description Easy EASM is just that... the easiest to set-up tool to give your organization visibility into its external facing assets. The industry is dominated by $30k vendors selling...

Logsensor - A Powerful Sensor Tool To Discover Login Panels, And POST Form SQLi Scanning

A Powerful Sensor Tool to discover login panels, and POST Form SQLi Scanning Features login panel Scanning for multiple hosts Proxy compatibility http, https Login panel scanning are done in multiprocessing so the script is super fast at scanning many urls quick tutorial & screenshots are shown a...

EmploLeaks - An OSINT Tool That Helps Detect Members Of A Company With Leaked Credentials

This is a tool designed for Open Source Intelligence OSINT purposes, which helps to gather information about employees of a company. How it Works The tool starts by searching through LinkedIn to obtain a list of employees of the company. Then, it looks for their social network profiles to find...