Browsing category
Dolos Cloak is a python script designed to help network penetration testers and red teamers bypass 802.1x solutions by using an advanced man-in-the-middle attack. The tool is able to piggyback on the wired connection of a victim device that is already allowed on the target network without kicking the vicitim device off the network. It […]
The united states department of justice filed a LawSuit against Edward Snowden for publishing a book violating the non-disclosure agreements that he was signed with NSA and CIA. Edward Snowden is a former Central Intelligence Agency (CIA) employee and National Security Agency (NSA) in 2013. The lawsuit does not stop him in the publication of […]
MITRE has released a list of Top 25 Most Dangerous Software Errors (CWE Top 25) that are widely spread and leads to serious vulnerabilities. The list was generated based on the vulnerabilities published within the National Vulnerability Database. These vulnerabilities are easily exploitable and allow an attacker to get complete control over the system. Attackers […]
A super portable botnet framework with a Django-based C2 server. The client is written in C++, with alternate clients written in Rust, Bash, and Powershell. C2 Server The botnet’s C2 server utilizes the Django framework as the backend. It is far from the most efficient web server, but this is offset by the following: Django […]
A tool to automate Active Directory enumeration. Tool Prereq This tool requires that you have a runas /netonly shell. Functions Start-PreReqCheck Install-Tools Start-ADEnum Start-PreReqCheck This function determines if the current Windows 10 OS is 1809+ and installs all the prerequisites. The list of prerequisites includes the following: Identifies if current Windows 10 host is on […]
Cybersecurity is an evolving market, and organizations are always advised to keep their network armed and secured against cybercriminals. Considering the recent sophisticated cyberattacks, Airforce is one key area to explore. US Cyber Command along with NSA does have a competitive cybersecurity advantage in the global market of cybersecurity. The United States is additionally one […]
BOtB (Break out the Box) is a container analysis and exploitation tool designed to be used by pentesters and engineers while also being CI/CD friendly with common CI/CD technologies. What does it do? BOtB is a CLI tool which allows you to: Exploit common container vulnerabilities Perform common container post exploitation actions Provide capability when […]
Security researchers disclosed a new attack dubbed Simjacker, that can be exploited by sending an SMS containing a specific type of spyware codes. The vulnerability found to be actively exploited for more than 2 years by a private company that works for the government to monitor the individuals. How the Simjacker Attack Works The Simjacker […]
A command-line tool to generate war payloads for penetration testing / red teaming purposes, written in ruby. Features Preexisting payloads. (try -l/–list) cmd_get filebrowser bind_shell reverse_shell reverse_shell_ui Configurable backdoor. (try –host/–port) Control over payload name. To avoid malicious name after deployment to bypass URL name signatures. Installation $ gem install godofwar Usage $ godofwar -h […]
Phishing Simulation mainly aims to increase phishing awareness by providing an intuitive tutorial and customized assessment (without any actual setup – no domain, no infrastructure, no actual email address) to assess people’s action on any given situation and gives ability to understand what is the current awareness posture. What? One of the objective of organizations […]
Emagnet is a very powerful tool to capture email addresses and passwords from leaked databases uploaded on pastebin. It’s almost impossible to find leaked passwords when they are out of list on pastebin.com. Either they have been deleted by pastebin’s techs or the uploads is just one in the crowd. To be honest it’s easier […]
Cangibrina is a multi platform tool which aims to obtain the admin Dashboard of sites using brute-force over wordlist, google, nmap, and robots.txt Requirements: Python 2.7 mechanize PySocks beautifulsoup4 html5lib Nmap (–nmap) TOR (–tor) Install: Linux git clone https://github.com/fnk0c/cangibrina.git cd cangibrina pip install -r requirements.txt Usage usage: cangibrina.py [-h] -u U [-w W] [-t T] […]
BlackArch Linux is an Arch Linux-based distribution for penetration testers and security researchers. The repository contains 2336 tools. You can install tools individually or in groups. BlackArch Linux is compatible with existing Arch installs. ChangeLog: added more than 150 new tools added terminus font for all WMs (thanks to psf for i3-wm bugfixes) included linux […]
SysmonX is an open-source, community-driven, and drop-in replacement version of Sysmon that provides a modularized architecture with the purpose of enabling the infosec community to: Extend the Sysmon data collection sources and create new security events Extend the Sysmon ability to correlate events. Effectively enabling new logical operations between events and the creation of advanced […]
According to the indictment, the defendants allegedly ran an entity called Jetflicks, an online, subscription-based service headquartered in Las Vegas that permitted users to stream and, at times, download copyrighted TV programs without the permission of the relevant copyright owners. The defendants reproduced tens of thousands of copyrighted TV episodes without authorization, and distributed the […]
Wi-Fi tools keep getting more and more accessible to beginners, and the Ehtools Framework is a framework of serious penetration tools that can be explored easily from within it. This powerful and simple tool can be used for everything from installing new add-ons to grabbing a WPA handshake in a matter of seconds. Plus, it’s […]
ArmourBird CSF – Container Security Framework is an extensible, modular, API-first framework build for regular security monitoring of docker installations and containers against CIS and other custom security checks. ArmourBird CSF has a client-server architecture and is thus divided into two components: a) CSF Client This component is responsible for monitoring the docker installations, containers, […]
MoP (“Master of Puppets”) is an open source framework for reverse engineers who wish to create and operate trackers for new malware found in the wild for research purpose. To make it simple – MoP framework takes care of all the generic malware tracker stuff so the reverse engineer is left with pure reverse engineering […]
If comparision gives you a idea why you should use findomain instead of another tools. The domain used for the test was microsoft.com in the following BlackArch virtual machine: Host: KVM/QEMU (Standard PC (i440FX + PIIX, 1996) pc-i440fx-3.1) Kernel: 5.2.6-arch1-1-ARCH CPU: Intel (Skylake, IBRS) (4) @ 2.904GHz Memory: 139MiB / 3943MiB The tool used to […]
When performing OSINT reconnaissance against a target, it’s often very difficult to accurately define the scope. There are so many sources of information and so many diverse types of data. It quickly becomes overwhelming. While there are many excellent OSINT tools already available to the discerning OSINTer, their focus is usually on breadth of collection. […]
Sudomy is a subdomain enumeration tool, created using a bash script, to analyze domains and collect subdomains in fast and comprehensive way. Features For recent time, Sudomy has these 9 features: Easy, light, fast and powerful. Bash script is available by default in almost all Linux distributions. By using bash script multiprocessing feature, all processors […]