Browsing category
frida-wshook is an analysis and instrumentation tool which uses frida.re to hook common functions often used by malicious script files which are run using WScript/CScript. The tool intercepts Windows API functions and doesn’t implement function stubs or proxies within the targeted scripting language. This allows it to support analyzing a few different script types such […]
MalwLess is an open source tool that allows you to simulate system compromise or attack behaviours without running processes or PoCs. The tool is designed to test Blue Team detections and SIEM correlation rules. It provides a framework based on rules that anyone can write, so when a new technique or attack comes out you […]
testssl.sh is a free command line tool which checks a server’s service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws. Key features Clear output: you can tell easily whether anything is good or bad Ease of installation: It works for Linux, OSX/Darwin, FreeBSD, NetBSD, OpenBSD (needs bash) […]
Slither is a Solidity static analysis framework written in Python 3. It runs a suite of vulnerability detectors, prints visual information about contract details, and provides an API to easily write custom analyses. Slither enables developers to find vulnerabilities, enhance their code comphrehension, and quickly prototype custom analyses. Features Detects vulnerable Solidity code with low […]
The interactive web server. HTTPLabs let you inspect HTTP requests and forge responses. Install Golang go get github.com/gchaincl/httplab go install github.com/gchaincl/httplab/cmd/httplab Archlinux yaourt httplab Snap FIXME On systems where snap is supported: snap install httplab Binary distribution Each release provides pre-built binaries for different architectures, you can download them here: https://github.com/gchaincl/httplab/releases/latest Help Usage of httplab: […]
Just a simple (poorly written) Python script that aimlessly “browses” the internet by starting at pre-defined rootURLs and randomly “clicking” links on pages until the pre-defined clickDepth is met. I created this as a noise generator to use for an Incident Response / Network Defense simulation. The only issue is that my simulation environment uses […]
WPScan is a free, for non-commercial use, black box WordPress vulnerability scanner written for security professionals and blog maintainers to test the security of their sites. INSTALL Prerequisites: Ruby >= 2.2.2 – Recommended: 2.3.3 Curl >= 7.21 – Recommended: latest – FYI the 7.29 has a segfault RubyGems – Recommended: latest From RubyGems: gem install […]
What is SSRF vulnerability? Server Side Request Forgery (SSRF) is a type of vulnerability class where attacker sends crafted request from a vulnerable web application, including the unauthorised access to the internal resources behind the firewall which are inaccessible directly from the external network. Installation git clone https://github.com/ariya/phantomjs.git cd phantomjs chmod +x build.py ./build.py Usage […]
Domain Hijacking is a well-known security issue that can be carried in many different ways. In addition to social engineering or unauthorized access to the domain owner’s account, the exploitation of neglected DNS records configured for cloud services is increasingly common. In the latter case, a threat actor (TA) can potentially take control of a […]
Often during the penetration test engagement the security analyst faces the problem of identifying privilege escalation attack vectors on tested Linux machine(s). One of viable attack vectors is using publicly known Linux exploit to gain root privileges on tested machine. Of course in order to do that the analyst needs to identify the right PoC […]
XVNA is an extreme vulnerable node application coded in Nodejs(Expressjs)/MongoDB that helps security enthusiasts to learn application security. it’s not counseled to host this application online as it is intended to be Vulnerable. We tend to suggest hosting this application in native setting and sharpening your application security skills with any tools of your own […]
OWASP JoomScan (short for [Joom]la Vulnerability [Scan]ner) is an opensource project in perl programming language to detect Joomla CMS vulnerabilities and analysis them. WHY OWASP JOOMSCAN ? If you want to do a penetration test on a Joomla CMS, OWASP JoomScan is Your best shot ever! This Project is being faster than ever and updated with the latest Joomla vulnerabilities. INSTALL git clone […]
Modern applications leverage the availability of existing components for use as building blocks in application development. By using existing components, organizations can dramatically decrease time-to-market. Reusing existing components however, comes at a cost. Organizations that build on top of existing components assume risk for software they did not create. Vulnerabilities in third-party components are inherited […]
This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn’t be able to. […]
Wapiti allows you to audit the security of your websites or web applications. It performs “black-box” scans (it does not study the source code) of the web application by crawling the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets the list of URLs, forms and […]
A simple shell script to tell if your Linux installation is vulnerable against the 3 “speculative execution” CVEs: CVE-2017-5753 bounds check bypass (Spectre Variant 1) Impact: Kernel & all software Mitigation: recompile software and kernel with a modified compiler that introduces the LFENCE opcode at the proper positions in the resulting code Performance impact of […]
Speculative optimizations execute code in a non-secure manner leaving data traces in microarchitecture such as cache. Refer to the paper by Lipp et. al 2017 for details: https://meltdownattack.com/meltdown.pdf. Can only dump linux_proc_banner at the moment, since requires accessed memory to be in cache and linux_proc_banner is cached on every read from /proc/version. Might work with […]
WhatWaf is an advanced firewall detection tool who’s goal is to give you the idea of “There’s a WAF?”. WhatWaf works by detecting a firewall on a web application, and attempting to detect a bypass (or two) for said firewall, on the specified target. Features Ability to run on a single URL with the -u/–url […]
makin is to make initial malware assessment little bit easier, It helps to reveal a debugger detection techniques used by a sample. Supports x64 and x86 How does it work?makin opens a sample as a debuggee and injects asho.dll, asho.dll hooks several functions at ntdll.dll library and after parameters checkings, it sends the corresponding message to […]
Droidefense (originally named atom: analysis through observation machine)* is the codename for android apps/malware analysis/reversing tool. It was built focused on security issues and tricks that malware researcher have on they every day work. For those situations on where the malware has anti-analysis routines, Droidefense attemps to bypass them in order to get to the […]
Transform your Shellcode to Assembly (ARM, ARM64, MIPS, PPC, X86) Replace in shellcodetoasm.py with your shellcode. shellcode = ” Installation git clone https://github.com/blacknbunny/ShellcodeToAssembly.git && cd ShellcodeToAssembly/ && pip install -r requirements.txt && python2 shellcodetoasm.py Modules manual installation pip install -r requirements.txt it can be pip2 install -r requirements.txt Usage python2 shellcodetoasm.py [returnbit] [architecture] For example python2 […]