Browsing tag
RogueWinRM is a local privilege escalation exploit that allows to escalate from a Service account (with SeImpersonatePrivilege) to Local System account if WinRM service is not running (default on Win10 but NOT on Windows Server 2019). Briefly, it will listen for incoming connection on port 5985 faking a real WinRM service. It’s just a […]
Swiss army knife Webserver in Golang. Keep simple like the python SimpleHTTPServer but with many features. Usage Help $ ./webserver -help web subcommand -bind string Bind Port (default “8080”) -certificate string HTTPS certificate : openssl req -new -x509 -sha256 -key server.key -out server.crt -days 365 -gzip Enables gzip/zlib compression (default true) -help Print usage […]
yet another dirbuster Common Command line options -a <user agent string> – specify a user agent string to send in the request -c <http cookies> – use this to specify any cookies that you might need (simulating auth). header. -f – force processing of a domain with wildcard results. -l – show the length […]
FAT is a toolkit built in order to help security researchers analyze and identify vulnerabilities in IoT and embedded device firmware. This is built in order to use for the “Offensive IoT Exploitation” training conducted by Attify. Note: As of now, it is simply a script to automate Firmadyne which is a tool used […]
The Memory Process File System is an easy and convenient way of accessing physical memory as files a virtual file system. Easy trivial point and click memory analysis without the need for complicated commandline arguments! Access memory content and artifacts via files in a mounted virtual file system or via a feature rich application […]
Automated Application Generation for Stack Overflow Types on Wireless Routers. Router exploits shovel is an automated application generation tool for stack overflow types on wireless routers. The tool implements the key functions of exploits, it can adapt to the length of the data padding on the stack, generate the ROP chain, generate the encoded […]
A sugared version of RottenPotatoNG, with a bit of juice, i.e. another Local Privilege Escalation tool, from a Windows Service Accounts to NT AUTHORITYSYSTEM SummaryRottenPotatoNG and its variants leverages the privilege escalation chain based on BITS service having the MiTM listener on 127.0.0.1:6666 and when you have SeImpersonate or SeAssignPrimaryToken privileges. During a Windows […]
Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using the APIs exposed by cloud providers, Scout Suite gathers configuration data for manual inspection and highlights risk areas. Rather than going through dozens of pages on the web consoles, Scout Suite presents a clear view of […]
An interactive multi-user web based javascript shell. It was initially created in order to debug remote esoteric browsers during experiments and research. This tool can be easily attached to XSS (Cross Site Scripting) payload to achieve browser remote code execution (similar to the BeeF framework). Version 2.0 is created entirely from scratch, introducing new exciting […]
An RTSP stream access tool that comes with its library Cameradar allows you to Detect open RTSP hosts on any accessible target host Detect which device model is streaming Launch automated dictionary attacks to get their stream route (e.g.: /live.sdp) Launch automated dictionary attacks to get the username and password of the cameras Retrieve a […]
dawnscanner is a source code scanner designed to review your ruby code for security issues. dawnscanner is able to scan plain ruby scripts (e.g. command line applications) but all its features are unleashed when dealing with web applications source code. dawnscanner is able to scan major MVC (Model View Controller) frameworks, out of the box: […]
Manticore is a symbolic execution tool for analysis of binaries and smart contracts. Note: Beginning with version 0.2.0, Python 3.6+ is required. Features Input Generation: Manticore automatically generates inputs that trigger unique code paths Crash Discovery: Manticore discovers inputs that crash programs via memory safety violations Execution Tracing: Manticore records an instruction-level trace of execution […]
DeepSearch is a simple command line tool for bruteforce directories and files in websites. Installation $ git clone https://github.com/m4ll0k/DeepSearch.git deepsearch $ cd deepsearch $ pip3 install requests $ python3 deepsearch.py Screenshots UsageBasic: python3 deepsearch.py -u http://testphp.vulnweb.com/ -e php -w wordlist.txt Force extension for every wordlist entry (support one extension): python3 deepsearch.py -u http://testphp.vulnweb.com/ -e php […]
Console Application designed to interact with SharpSploit released by @cobbr_io SharpSploit is a tool written by @cobbr_io that combines many techniques/C# code from the infosec community and combines it into one sweet DLL. It’s awesome so check it out! Description SharpSploit Console is just a quick proof of concept binary to help penetration testers or […]
Nubia is a lightweight framework for building command-line applications with Python. It was originally designed for the “logdevice interactive shell (aka. ldshell)” at Facebook. Since then it was factored out to be a reusable component and several internal Facebook projects now rely on it as a quick and easy way to get an intuitive shell/cli […]
Reconnaissance Swiss Army Knife Main Features Wizard + CLA interface Can extracts targets from STDIN (piped input) and act upon them All the information is extracted with APIs, no direct contact is made to the target Utilities Censys: Uses censys.io to gather massive amount of information about an IP address. NS Lookup: Does name server […]
Have you ever needed to replace some text in a file really quickly? Then you have to open up your text editor, find the line, and then type out your replacement. What if you have to do that many times? What if it isn’t also exactly the same thing and you have to run multiple searches […]
Linux and other UNIX-like operating systems have many tools for processing text on the command line. Without these tools (find complete Linux command list here), we would be forced to write down the output of one command and type it into the next so we could isolate the bits we actually need and not pipe the entire output into an unexpecting […]
Hindsight is a free tool for analyzing web artifacts. It started with the browsing history of the Google Chrome web browser and has expanded to support other Chromium-based applications (with more to come!). Hindsight can parse a number of different types of web artifacts, including URLs, download history, cache records, bookmarks, autofill records, saved passwords, […]
Scout2 is a security tool that lets AWS administrators assess their environment’s security posture. Using the AWS API, Scout2 gathers configuration data for manual inspection and highlights high-risk areas automatically. Rather than pouring through dozens of pages on the web, Scout2 supplies a clear view of the attack surface automatically. Note: Scout2 is stable and […]
Automate SSH communication with firewalls, switches, etc. Description These scripts are designed to automate sending commands to a Cisco ASA firewall. The intended purpose here is to eliminate the need to manually log in to a firewall to make changes. This code can be run directly via command line or it can be incorporated into […]