LSMS - Linux Security And Monitoring Scripts

These are a collection of security and monitoring scripts you can use to monitor your Linux installation for security-related events or for an investigation. Each script works on its own and is independent of other scripts. The scripts can be set up to either print out their results, send them to...

Firefly - Black Box Fuzzer For Web Applications

Firefly is an advanced black-box fuzzer and not just a standard asset discovery tool. Firefly provides the advantage of testing a target with a large number of built-in checks to detect behaviors in the target. Note: Firefly is in a very new stage v1.0 but works well for now, if the target does n...

BackupOperatorToolkit - The BackupOperatorToolkit Contains Different Techniques Allowing You To Escalate From Backup Operator To Domain Admin

The BackupOperatorToolkit contains different techniques allowing you to escalate from Backup Operator to Domain Admin. Usage The BackupOperatorToolkit BOT has 4 different mode that allows you to escalate from Backup Operator to Domain Admin. Use "runas.exe /netonly /user:domain.dk\backupoperator...

Killer - Is A Tool Created To Evade AVs And EDRs Or Security Tools

It's a AV/EDR Evasion tool created to bypass security tools for learning, until now the tool is FUD. Features: Module Stomping for Memory scanning evasion DLL Unhooking by fresh ntdll copy IAT Hiding and Obfuscation & API Unhooking ETW Patchnig for bypassing some security controls Included sandbo...

Fiber - Using Fibers To Run In-Memory Code In A Different And Stealthy Way

A fiber is a unit of execution that must be manually scheduled by the application rather than rely on the priority-based scheduling mechanism built into Windows. Fibers are often called lightweight threads. For more detailed information about what are and how fibers work consult the official...

Burpgpt - A Burp Suite Extension That Integrates OpenAI's GPT To Perform An Additional Passive Scan For Discovering Highly Bespoke Vulnerabilities, And Enables Running Traffic-Based Analysis Of Any Type

burpgpt leverages the power of AI to detect security vulnerabilities that traditional scanners might miss. It sends web traffic to an OpenAI model specified by the user, enabling sophisticated analysis within the passive scanner. This extension offers customisable prompts that enable tailored web...

C2-Hunter - Extract C2 Traffic

C2-Hunter C2-Hunter is a program designed for malware analysts to extract Command and Control C2 traffic from malwares in real-time. The program uses a unique approach by hooking into win32 connections APIs. With C2-Hunter, malware analysts can now intercept and analyze communication in real-time...

Bypass-Sandbox-Evasion - Bypass Malware Sandbox Evasion Ram Check

Sandboxes are commonly used to analyze malware. They provide a temporary, isolated, and secure environment in which to observe whether a suspicious file exhibits any malicious behavior. However, malware developers have also developed methods to evade sandboxes and analysis environments. One such...

PythonMemoryModule - Pure-Python Implementation Of MemoryModule Technique To Load Dll And Unmanaged Exe Entirely From Memory

"Python memory module" AI generated pic - hotpot.ai pure-python implementation of MemoryModule technique to load a dll or unmanaged exe entirely from memory What is it PythonMemoryModule is a Python ctypes porting of the MemoryModule technique originally published by Joachim Bauch. It can load a...

XSS-Exploitation-Tool - An XSS Exploitation Tool

XSS Exploitation Tool is a penetration testing tool that focuses on the exploit of Cross-Site Scripting vulnerabilities. This tool is only for educational purpose, do not use it against real environment Features Technical Data about victim browser Geolocation of the victim Snapshot of the...

Kali Linux 2023.2 - Penetration Testing and Ethical Hacking Linux Distribution

Time for another Kali Linux release! – Kali Linux 2023.2. This release has various impressive updates. The changelog highlights over the last few weeks since March’s release of 2023.1 is: New VM image for Hyper-V - With “Enhanced Session Mode” out of the box Xfce audio stack update: enters...

AtomLdr - A DLL Loader With Advanced Evasive Features

A DLL Loader With Advanced Evasive Features Features: CRT library independent. The final DLL file, can run the payload by loading the DLL executing its entry point, or by executing the exported "Atom" function via the command line. DLL unhooking from \KnwonDlls\ directory, with no RWX sections. T...

LinkedInDumper - Tool To Dump Company Employees From LinkedIn API

Python 3 script to dump company employees from LinkedIn API Description LinkedInDumper is a Python 3 script that dumps employee data from the LinkedIn social networking platform. The results contain firstname, lastname, position title, location and a user's profile link. Only 2 API calls are...

Kubestroyer - Kubernetes Exploitation Tool

Kubestroyer Kubestroyer aims to exploit Kubernetes clusters misconfigurations and be the swiss army knife of your Kubernetes pentests About The Project Kubestroyer is a Golang exploitation tool that aims to take advantage of Kubernetes clusters misconfigurations. The tool is scanning known...

DCVC2 - A Golang Discord C2 Unlike Any Other

This multi operating system compatible tool was created to leverage Discord's voice channels for command and control operations. This tool operates entirely over the Real-Time Protocol RTP primarily leveraging DiscordGo and leaves no pesky traces behind in text channels. It is a command line base...

MAAD-AF - MAAD Attack Framework - An Attack Tool For Simple, Fast And Effective Security Testing Of M365 And Azure AD

MAAD-AF is an open-source cloud attack tool developed for testing security of Microsoft 365 & Azure AD environments through adversary emulation. MAAD-AF provides security practitioners easy to use attack modules to exploit configurations across different M365/AzureAD cloud-based tools & services...

Burp-Dom-Scanner - Burp Suite's Extension To Scan And Crawl Single Page Applications

It's a Burp Suite's extension to allow for recursive crawling and scanning of Single Page Applications. It runs a Chromium browser to scan the webpage for DOM-based XSS. It can also collect all the requests XHR, fetch, websockets, etc issued during the crawling allowing them to be forwarded to...

Graphcat - Generate Graphs And Charts Based On Password Cracking Result

Simple script to generate graphs and charts on hashcat and john potfile and ntds Install git clone https://github.com/Orange-Cyberdefense/graphcat cd graphcat pip install . Helper $ graphcat.py -h usage: graphcat.py -h -potfile hashcat.potfile -hashfile hashfile.txt -john -format FORMAT...

Azure-AccessPermissions - Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment

Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment. Background details can be found in the accompanied blog posts: Untangling Azure Active Directory Principals & Access Permissions Untangling Azure Active Directory Permissions II: Privileged...

Nidhogg - All-In-One Simple To Use Rootkit For Red Teams

Nidhogg is a multi-functional rootkit for red teams. The goal of Nidhogg is to provide an all-in-one and easy-to-use rootkit with multiple helpful functionalities for red team engagements that can be integrated with your C2 framework via a single header file with simple usage, you can see an...

GodPotato - Local Privilege Escalation Tool From A Windows Service Accounts To NT AUTHORITY\SYSTEM

Based on the history of Potato privilege escalation for 6 years, from the beginning of RottenPotato to the end of JuicyPotatoNG, I discovered a new technology by researching DCOM, which enables privilege escalation in Windows 2012 - Windows 2022, now as long as you have "ImpersonatePrivilege"...

PentestGPT - A GPT-empowered Penetration Testing Tool

A GPT-empowered penetration testing tool. Common Questions Q : What is PentestGPT? A : PentestGPT is a penetration testing tool empowered by ChatGPT. It is designed to automate the penetration testing process. It is built on top of ChatGPT and operate in an interactive mode to guide penetration...

Bootlicker - A Generic UEFI Bootkit Used To Achieve Initial Usermode Execution

bootlicker is a legacy, extensible UEFI firmware rootkit targeting vmware hypervisor virtual machines. It is designed to achieve initial code execution within the context of the windows kernel, regardless of security settings configured. Architecture bootlicker takes its design from the legacy...

Platbox - UEFI And SMM Assessment Tool

UEFI and SMM Assessment Tool Features Platbox is a tool that helps assessing the security of the platform: Dumps the platform registers that are interesting security-wise Flash Locks MMIO and Remapping Locks SMM Base and Locks MSRs RW access to the PCI configuration space of devices. RW to physic...

EntropyReducer - Reduce Entropy And Obfuscate Youre Payload With Serialized Linked Lists

EntropyReducer: Reduce The Entropy Of Youre Payload And Obfuscate It With Serialized Linked Lists How Does It Work EntropyReducer algorithm is determined by BUFFSIZE and NULLBYTES values. The following is how would EntropyReducer organize your payload if BUFFSIZE was set to 4 , and NULLBYTES to 2...

rebindMultiA - Tool To Perform a Multiple A Record Rebind Attack

rebindMultiA is a tool to perform a Multiple A Record rebind attack. rebindmultia.com is a domain that I've set up to assist with these attacks. It makes every IP its own authoritative nameserver for the domain IP.ns.rebindmultia.com. For example, 13.33.33.37.ns.rebindmultia.com's authoritative...

Jsfinder - Fetches JavaScript Files Quickly And Comprehensively

jsFinder is a command-line tool written in Go that scans web pages to find JavaScript files linked in the HTML source code. It searches for any attribute that can contain a JavaScript file e.g., src, href, data-main, etc. and extracts the URLs of the files to a text file. The tool is designed to ...

Acheron - Indirect Syscalls For AV/EDR Evasion In Go Assembly

Acheron is a library inspired by SysWhisper3/FreshyCalls/RecycledGate, with most of the functionality implemented in Go assembly. acheron package can be used to add indirect syscall capabilities to your Golang tradecraft, to bypass AV/EDRs that makes use of usermode hooks and instrumentation...

Hades - Go Shellcode Loader That Combines Multiple Evasion Techniques

Hades is a proof of concept loader that combines several evasion technques with the aim of bypassing the defensive mechanisms commonly used by modern AV/EDRs. Usage The easiest way, is probably building the project on Linux using make. git clone https://github.com/f1zm0/hades && cd hades make The...

Bypass-403 - A Simple Script Just Made For Self Use For Bypassing 403

A simple script just made for self use for bypassing 403 It can also be used to compare responses on verious conditions as shown in the below snap Usage ./bypass-403.sh https://example.com admin ./bypass-403.sh website-here path-here Features Use 24 known Bypasses for 403 with the help of curl...

Dumpulator - An Easy-To-Use Library For Emulating Memory Dumps. Useful For Malware Analysis (Config Extraction, Unpacking) And Dynamic Analysis In General (Sandboxing)

Note: This is a work-in-progress prototype, please treat it as such. Pull requests are welcome! You can get your feet wet withgood first issues An easy-to-use library for emulating code in minidump files. Here are some links to posts/videos using dumpulator: Introduction video with OALabs:...

KoodousFinder - A Simple Tool To Allows Users To Search For And Analyze Android Apps For Potential Security Threats And Vulnerabilities

A simple tool to allows users to search for and analyze android apps for potential security threats and vulnerabilities Account and API Key Create a Koodous account and get your api key https://koodous.com/settings/developers Install $ pip install koodousfinder Arguments Param | description ---|-...

Wafaray - Enhance Your Malware Detection With WAF + YARA (WAFARAY)

WAFARAY is a LAB deployment based on Debian 11.3.0 stable x64 made and cooked between two main ingredients WAF + YARA to detect malicious files e.g. webshells, virus, malware, binaries typically through web functions upload files. Purpose In essence, the main idea came to use WAF + YARA YARA...

RustChain - Hide Memory Artifacts Using ROP And Hardware Breakpoints

This tool is a simple PoC of how to hide memory artifacts using a ROP chain in combination with hardware breakpoints. The ROP chain will change the main module memory page's protections to N/A while sleeping i.e. when the function Sleep is called. For more detailed information about this memory...

Cbrutekrag - Penetration Tests On SSH Servers Using Brute Force Or Dictionary Attacks. Written In C

Penetration tests on SSH servers using dictionary attacks. Written in C. brute krag means "brute force" in afrikáans Disclaimer This tool is for ethical testing purpose only. cbrutekrag and its owners can't be held responsible for misuse by users. Users have to act as permitted by local law rules...

ShadowSpray - A Tool To Spray Shadow Credentials Across An Entire Domain In Hopes Of Abusing Long Forgotten GenericWrite/GenericAll DACLs Over Other Objects In The Domain

A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain. Why this tool In a lot of engagements I see in BloodHound that the group "Everyone" / "Authenticated Users" / "Domain Users" or some other...

PassMute - PassMute - A Multi Featured Password Transmutation/Mutator Tool

This is a command-line tool written in Python that applies one or more transmutation rules to a given password or a list of passwords read from one or more files. The tool can be used to generate transformed passwords for security testing or research purposes. Also, while you doing pentesting it...

Lfi-Space - LFI Scan Tool

Written by TMRSWRR Version 1.0.0 All in one tools for LFI VULN FINDER -LFI DORK FINDER Instagram: TMRSWRR Screenshots How to use Read Me LFI Space is a robust and efficient tool designed to detectLocal File Inclusion LFI vulnerabilities in web applications. This tool simplifies the process of...

TLDHunt - Domain Availability Checker

TLDHunt is a command-line tool designed to help users find available domain names for their online projects or businesses. By providing a keyword and a list of TLD top-level domain extensions, TLDHunt checks the availability of domain names that match the given criteria. This tool is particularly...

Indicator-Intelligence - Finds Related Domains And IPv4 Addresses To Do Threat Intelligence After Indicator-Intelligence Collects Static Files

Finds related domains and IPv4 addresses to do threat intelligence after Indicator-Intelligence collects static files. Done Related domains, IPs collect Installation From Source Code You can use virtualenv for package dependencies before installation. git clone...

SpiderSuite - Advance Web Spider/Crawler For Cyber Security Professionals

An advance cross-platform and multi-feature GUI web spider/crawler for cyber security proffesionals. Spider Suite can be used for attack surface mapping and analysis. For more information visit SpiderSuite's website. Installation and Usage Spider Suite is designed for easy installation and usage...

Domain-Protect - OWASP Domain Protect - Prevent Subdomain Takeover

OWASP Global AppSec Dublin - talk and demo Features scan Amazon Route53 across an AWS Organization for domain records vulnerable to takeover scan Cloudflare for vulnerable DNS records take over vulnerable subdomains yourself before attackers and bug bounty researchers automatically create known...

Nimbo-C2 - Yet Another (Simple And Lightweight) C2 Framework

About Nimbo-C2 is yet another simple and lightweight C2 framework. Nimbo-C2 agent supports x64 Windows & Linux. It's written in Nim, with some usage of .NET on Windows by dynamically loading the CLR to the process. Nim is powerful, but interacting with Windows is much easier and robust using...

NTLMRecon - A Tool For Performing Light Brute-Forcing Of HTTP Servers To Identify Commonly Accessible NTLM Authentication Endpoints

NTLMRecon is a Golang version of the original NTLMRecon utility written by Sachin Kamath AKA pwnfoo. NTLMRecon can be leveraged to perform brute forcing against a targeted webserver to identify common application endpoints supporting NTLM authentication. This includes endpoints such as the Exchan...

Fuzztruction - Prototype Of A Fuzzer That Does Not Directly Mutate Inputs (As Most Fuzzers Do) But Instead Uses A So-Called Generator Application To Produce An Input For Our Fuzzing Target

Fuzztruction is an academic prototype of a fuzzer that does not directly mutate inputs as most fuzzers do but instead uses a so-called generator application to produce an input for our fuzzing target. As programs generating data usually produce the correct representation, our fuzzer mutates the...

Spartacus - DLL Hijacking Discovery Tool

Why "Spartacus"? If you have seen the film Spartacus from 1960, you will remember the scene where the Romans are asking for Spartacus to give himself up. The moment the real Spartacus stood up, a lot of others stood up as well and claimed to be him using the "I AM SPARTACUS" phrase. When a proces...

Teler-Waf - A Go HTTP Middleware That Provides Teler IDS Functionality To Protect Against Web-Based Attacks And Improve The Security Of Go-based Web Applications

teler-waf is a comprehensive security solution for Go-based web applications. It acts as an HTTP middleware, providing an easy-to-use interface for integrating IDS functionality with teler IDS into existing Go applications. By using teler-waf, you can help protect against a variety of web-based...

Metlo - An Open-Source API Security Platform

Secure Your API. Metlo is an open-source API security platform With Metlo you can: Create an Inventory of all your APIEndpoints and Sensitive Data. Detect common API vulnerabilities. Proactively test your APIs before they go into production. Detect API attacks in real time. Metlo does this by...

hardCIDR - Linux Bash Script To Discover The Netblocks, Or Ranges, Owned By The Target Organization

A Linux Bash script to discover the netblocks, or ranges, in CIDR notation owned by the target organization during the intelligence gathering phase of a penetration test. This information is maintained by the five Regional Internet Registries RIRs: ARIN North America RIPE Europe/Asia/Middle East...

REcollapse Is A Helper Tool For Black-Box Regex Fuzzing To Bypass Validations And Discover Normalizations In Web Applications

REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications. It can also be helpful to bypass WAFs and weak vulnerability mitigations. For more information, take a look at the REcollapse blog post. The goal of this tool is to...