Browsing category
CryptonDie is a ransomware developed for study purposes. Options –key key used to encrypt and decrypt files, default is random string(recommended) –dir Home directory for the attack, default is / –encrypt Encrypt all files –decrypt Decrypt all files –verbose Active verbose mode, default is False Example: python3 cryptondie.py –web-service http://127.0.0.1:5000 –dir /var/www/ –encrypt –verbose […]
Syhunt Community is a web and now mobile application security scanner. Syhunt is able to scan any kind of application source code for potential security vulnerabilities, pinpointing the exact lines of the code that need to be patched. Or you can simply enter a start URL and get detailed vulnerability information – Syhunt is […]
DumpsterFire Toolset – “Security Incidents In A Box!” The DumpsterFire Toolset is a modular, menu-driven, cross-platform tool for building repeatable, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Turn […]
HRShell: An advanced HTTP(S) Reverse Shell built with Flask HRShell is an HTTPS/HTTP reverse shell built with flask. It’s compatible with python 3.x and has been successfully tested on: Linux ubuntu 18.04 LTS, Kali Linux 2019.3 macOS Mojave Windows 7/10 Features It’s stealthy TLS support Either using on-the-fly certificates or By specifying a cert/key […]
Clone me! Clone or download the project: git clone https://github.com/CosasDePuma/SecurityNotFound.git SecurityNotFound cd SecurityNotFound “Installation” The src/404.php file should be located on the target server. That server must have the ability to execute .php files. Here is an example of some of the most common routes on which servers are located: # Windows (Xampp) C:Xampphtdocs […]
FAT is a toolkit built in order to help security researchers analyze and identify vulnerabilities in IoT and embedded device firmware. This is built in order to use for the “Offensive IoT Exploitation” training conducted by Attify. Note: As of now, it is simply a script to automate Firmadyne which is a tool used […]
Rebel framework is an advanced and easy to use penetration testing framework.You can use it to automate the automation itself. START git clone https://github.com/rebellionil/rebel-framework.git cd rebel-framework bash setup.sh bash rebel.sh MODULES SCREENSHOTS DEMOS SUPPORTED DISTRIBUTIONS Distribution Version Check supported dependencies already installed status Kali Linux 4.4.0 yes yes working Parrot OS […]
This tool launches attack on k8s cluster from within. That means you already need to have an access with permission to deploy pods in a cluster to run it. After running the kube-alien pod it tries to takeover cluster’s nodes by adding your public key to node’s /root/.ssh/authorized_keys file by using this image https://github.com/nixwizard/dockercloud-authorizedkeys […]
flare-emu marries IDA Pro’s binary analysis capabilities with Unicorn’s emulation framework to provide the user with an easy to use and flexible interface for scripting emulation tasks. It is designed to handle all the housekeeping of setting up a flexible and robust emulator for its supported architectures so that you can focus on solving […]
The Memory Process File System is an easy and convenient way of accessing physical memory as files a virtual file system. Easy trivial point and click memory analysis without the need for complicated commandline arguments! Access memory content and artifacts via files in a mounted virtual file system or via a feature rich application […]
A File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool. FDsploit menu: $ python fdsploit.py -h _____ ____ _ _ _ | __| ___ ___| |___|_| |_ | __| | |_ -| . | | . | | _| |__| |____/|___| _|_|___|_|_| |_|…ver. 1.2 Author: Christoforos Petrou (game0ver) ! usage: fdsploit.py [-u | -f […]
Automated Application Generation for Stack Overflow Types on Wireless Routers. Router exploits shovel is an automated application generation tool for stack overflow types on wireless routers. The tool implements the key functions of exploits, it can adapt to the length of the data padding on the stack, generate the ROP chain, generate the encoded […]
Anteater is an open framework to prevent the unwanted merging of nominated strings, filenames, binaries, depreciated functions, staging enviroment code / credentials etc. Anything that can be specified with regular expression syntax, can be sniffed out by anteater. You tell anteater exactly what you don’t want to get merged, and anteater looks after the […]
SKA allows you to implement a very simple and fast karma attack. You can sniff probe requests to choice the fake AP name or, if you want, you could insert manually the name of the AP (evil twin attack). When the target has connected to your WLAN you could active the HTTP redirection and […]
Tachyon is a fast web application security reconnaissance tool. It is specifically meant to crawl web application and look for left over or non-indexed files with the addition of reporting pages or scripts leaking internal data. User Requirements Linux Python 3.5.2 User Installation Install: $ mkdir tachyon $ python3 -m venv tachyon/ $ cd […]
A sugared version of RottenPotatoNG, with a bit of juice, i.e. another Local Privilege Escalation tool, from a Windows Service Accounts to NT AUTHORITYSYSTEM SummaryRottenPotatoNG and its variants leverages the privilege escalation chain based on BITS service having the MiTM listener on 127.0.0.1:6666 and when you have SeImpersonate or SeAssignPrimaryToken privileges. During a Windows […]
ArmourBird CSF – Container Security Framework is an extensible, modular, API-first framework build for regular security monitoring of docker installations and containers against CIS and other custom security checks. ArmourBird CSF has a client-server architecture and is thus divided into two components: a) CSF Client This component is responsible for monitoring the docker installations, […]
Mitaka is a browser extension for OSINT search which can: Extract & refang IoC from a selected block of text. E.g. example[.]com to example.com, test[at]example.com to [email protected], hxxp://example.com to http://example.com, etc. Search / scan it on various engines. E.g. VirusTotal, urlscan.io, Censys, Shodan, etc. Features Supported IOC types name desc. e.g. text Freetext any […]
Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using the APIs exposed by cloud providers, Scout Suite gathers configuration data for manual inspection and highlights risk areas. Rather than going through dozens of pages on the web consoles, Scout Suite presents a clear view of […]
Grapl is an open source platform for Detection and Response (D&R). The position that Grapl takes is that Graphs provide a more natural experience than raw logs for many common D&R use cases. In short, Grapl will take raw logs, convert them into graphs, and merge those graphs into a Master Graph. It will […]
metame is a simple metamorphic code engine for arbitrary executables. From Wikipedia: Metamorphic code is code that when run outputs a logically equivalent version of its own code under some interpretation. This is used by computer viruses to avoid the pattern recognition of anti-virus software. metame implementation works this way: Open a given binary […]