Browsing category
SysAnalyzer is an open-source application that was designed to give malcode analysts an automated tool to quickly collect, compare, and report on the actions a binary took while running on the system.A full installer for the application is available and can be downloaded here. The application supports windows 2000 – windows 10. Including x64 […]
Kirjuri is a simple php/mysql web application for managing physical forensic evidence items. It is intended to be used as a workflow tool from receiving, booking, note-taking and possibly reporting findings. It simplifies and helps in case management when dealing with a large (or small!) number of devices submitted for forensic analysis. Kirjuri requires […]
It is utmost important for any security engineer to understand their network first before securing it and it becomes a daunting task to have a ‘true’ understanding of a widespread network. In a mid to large level organisation’s network having a network architecture diagram doesn’t provide the complete understanding and manual verification is a […]
BOtB is a container analysis and exploitation tool designed to be used by pentesters and engineers while also being CI/CD friendly with common CI/CD technologies. What does it do? BOtB is a CLI tool which allows you to: Exploit common container vulnerabilities Perform common container post exploitation actions Provide capability when certain tools or […]
Set of tools for creating/injecting payload into images. Useful references for better understanding of pixload and its use-cases: Bypassing CSP using polyglot JPEGs Hacking group using Polyglot images to hide malvertising attacks Encoding Web Shells in PNG IDAT chunks An XSS on Facebook via PNGs & Wonky Content Types Revisiting XSS payloads in PNG IDAT chunks […]
FudgeC2 is a campaign orientated Powershell C2 framework built on Python3/Flask – Designed for team collaboration, client interaction, campaign timelining, and usage visibility.Note: FudgeC2 is currently in alpha stage, and should be used with caution in non-test environments. Setup Installation To quickly install & run FudgeC2 on a Linux host run the following: git […]
Introduction Dr. ROBOT is a tool for Domain Reconnaissance and Enumeration. By utilizing containers to reduce the overhead of dealing with dependencies, inconsistency across operating sytems, and different languages, Dr. ROBOT is built to be highly portable and configurable. Use Case: Gather as many public facing servers that a target organization possesses. Querying DNS resources […]
Mondoo is infrastructure and security analytics your cloud-native applications. By removing the code literacy, we strive to make infrastructure operations and it’s state accessible to all. It works with bare-metal, VMs, clouds, containers and Kubernetes. Quick Start Install mondoo: Workstation export MONDOO_REGISTRATION_TOKEN=’changeme’ curl -sSL http://mondoo.io/download.sh | bash Service export MONDOO_REGISTRATION_TOKEN=’changeme’ curl -sSL http://mondoo.io/install.sh | bash […]
Stardox is an advanced github stargazers information gathering tool. It scraps Github for information and display them in list tree view. It can be used for collecting information of your’s/someones repository stargazers details. What data it fetchs : Total repsitories Total stars Total Followers Total Following Stargazer’s Email P.S: Many new things will be […]
Standalone python script for generating reverse shells easily and automating the boring stuff like URL encoding the command and setting up a listener. Download git clone https://github.com/t0thkr1s/revshellgen Install The script has 2 dependencies: pyperclip colorama You can install these by typing: python3 setup.py install Disclaimer This tool is only for testing and academic purposes […]
gitGraber is a tool developed in Python3 to monitor GitHub to search and find sensitive data for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe… How it work ? It’s important to understand that gitGraber is not designed to check history of repositories, many tools can already doing […]
BlackArch Linux is an Arch Linux-based distribution for penetration testers and security researchers. The repository contains 2336 tools. You can install tools individually or in groups. BlackArch Linux is compatible with existing Arch installs. ChangeLog: added more than 150 new tools added terminus font for all WMs (thanks to psf for i3-wm bugfixes) included […]
The risk level regarding Active Directory security has changed. Several vulnerabilities have been made popular with tools like mimikatz or sites likes adsecurity.org. Ping Castle is a tool designed to assess quickly the Active Directory security level with a methodology based on risk assessment and a maturity framework. It does not aim at a […]
Phishing Simulation mainly aims to increase phishing awareness by providing an intuitive tutorial and customized assessment (without any actual setup – no domain, no infrastructure, no actual email address) to assess people’s action on any given situation and gives ability to understand what is the current awareness posture What? One of the objective of […]
stegify is a simple command line tool capable of fully transparent hiding any file within an image. This technique is known as LSB (Least Significant Bit) steganography. Demonstration Carrier Data Results The Result file contains the Data file hidden in it. And as you can see it is fully transparent. Install $ go get […]
DetExploit is software that detect vulnerable applications and not-installed important OS updates on the system, and notify them to user. As we know, most of cyberattacks uses vulnerability that is released out year before. I thought this is huge problem, and this kind of technology should be more powerful than technology that will detect […]
PostShell is a post-exploitation shell that includes both a bind and a back connect shell. It creates a fully interactive TTY which allows for job control. The stub size is around 14kb and can be compiled on any Unix like system. Why not use a traditional Backconnect/Bind Shell? PostShell allows for easier post-exploitation by […]
POC tools accompanying the blog Abusing Exchange: One API call away from Domain Admin. Requirements These tools require impacket. You can install it from pip with pip install impacket, but it is recommended to use the latest version from GitHub. privexchange.py This tool simply logs in on Exchange Web Services to subscribe to push notifications. […]
Web Application Pentesting is a method of identifying, analyzing and Report the vulnerabilities which are existing in the Web application including buffer overflow, input validation, code Execution, Bypass Authentication, SQL Injection, CSRF, Cross-site scripting in the target web Application which is given for Penetration Testing. Repeatable Testing and Conduct a serious method One of the […]
Big corporations trying to improve the user experience by making everything around simplify, increasing performance and connections with “IoT’s”. Today with the Android operating system installed on the most robust smartphones, we have their strengths and weaknesses. A Linux system, have their limitations and permissions. The user that makes the “Root” on the mobile device, […]
Web Application Pentesting Tools are more often used by security industries to test the vulnerabilities of web-based applications. Here you can find the Comprehensive Web Application Pentesting ToolsWeb Application Penetration Testing list that covers Performing Penetration testing Operation in all the Corporate Environments. Web Application Pentesting Tools Organization OWASP – The Open Web Application Security Project […]