Browsing tag
Easier network scanning with NetAss2 (Network Assessment Assistance Framework). Make it easy for Pentester to do penetration testing on network. Dependencies nmap (tool) zmap (tool) Installation git clone https://github.com/zerobyte-id/NetAss2.git cd NetAss2 sudo chmod +x install.bash sudo ./install.bash Run netass2 Existing Menu – HOST DISCOVERY- PORT SCAN ON SINGLE HOST- MASSIVE PORT SCAN VIA DISCOVERED HOSTS- […]
Subdomain Scan With Ping Method. Flags Value Description –hostname example.com Domain for scan. –output Records the output with the domain name. –list /tmp/lists/example.txt Lister for subdomains. Installation go get github.com/tismayil/rsdl clone repo and build ( go build rsdl.go ) Used Repos. GO Spinner : github.com/briandowns/spinner – [ go get github.com/briandowns/spinner ] GO Ping : github.com/sparrc/go-ping […]
IMPORTANTWhen using source or by downloading the code directly from the repository, it is important to run the database upgrade script if you experience any errors referring to missing tables or columns in the database.Changes to the database are committed to the cacti.sql file which is used for new installations and committed to the installer […]
A script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated. This script (optionally) accepts GCP user/service account credentials and a keyword. Then, a list of permutations will be generated from that keyword which will then be used to scan for the existence of […]
threat_note is a web application built by Defense Point Security to allow security researchers the ability to add and retrieve indicators related to their research. As of right now this includes the ability to add IP Addresses, Domains and Threat Actors, with more types being added in the future.This app fills the gap between various […]
PowerShell Script to perform a quick AD audit _____ ____ _____ _ _ _| _ | | _ |_ _ _| |_| |_| | | | | | | | . | | _||__|__|____/ |__|__|___|___|_|_| by phillips321 If you have any decent powershell one liners that could be used in the script please let me […]
SGX-Step is an open-source framework to facilitate side-channel attack research on Intel SGX platforms. SGX-Step consists of an adversarial Linux kernel driver and user space library that allow to configure untrusted page table entries and/or x86 APIC timer interrupts completely from user space. Our research results have demonstrated several new and improved enclaved execution attacks […]
DFIRtriage is a tool intended to provide Incident Responders with rapid host data. Written in Python, the code has been compiled to eliminate the dependency of python on the target host. The tool will run a variety of commands automatically upon execution. The acquired data will reside in the root of the execution directory. DFIRTriage […]
vulnerability scanner tool is using nmap and nse scripts to find vulnerabilitiesThis tool puts an additional value into vulnerability scanning with nmap. It uses NSE scripts which can add flexibility in terms of vulnerability detection and exploitation. Below there are some of the features that NSE scripts provide Network discovery More sophisticated version detection Vulnerability […]
Sojobo is an emulator for the B2R2 framework. It was created to easier the analysis of potentially malicious files. It is totally developed in .NET so you don’t need to install or compile any other external libraries (the project is self contained).With Sojobo you can: Emulate a (32 bit) PE binary Inspect the memory of […]
Sparrow-wifi has been built from the ground up to be the next generation 2.4 GHz and 5 GHz Wifi spectral awareness tool. At its most basic it provides a more comprehensive GUI-based replacement for tools like inSSIDer and linssid that runs specifically on linux. In its most comprehensive use cases, sparrow-wifi integrates wifi, software-defined radio […]
Donut generates x86 or x64 shellcode from VBScript, JScript, EXE, DLL (including .NET Assemblies) files. This shellcode can be injected into an arbitrary Windows processes for in-memory execution. Given a supported file type, parameters and an entry point where applicable (such as Program.Main), it produces position-independent shellcode that loads and runs entirely from memory. A […]
EyeWitness is designed to take screenshots of websites provide some server header info, and identify default credentials if known.EyeWitness is designed to run on Kali Linux. It will auto detect the file you give it with the -f flag as either being a text file with URLs on each new line, nmap xml output, or […]
Github search is quite powerful and useful feature and can be used to search sensitive data on the repositories. Collection of github dorks that can reveal sensitive personal and/or organizational information such as private keys, credentials, authentication tokens, etc. This list is supposed to be useful for assessing security and performing pen-testing of systems. GitHub […]
HomePwn is a framework that provides features to audit and pentesting devices that company employees can use in their day-to-day work and inside the same working environment. It is designed to find devices in the home or office, take advantage of certain vulnerabilities to read or send data to those devices. With a strong library […]
XRay is a tool for network OSINT gathering, its goal is to make some of the initial tasks of information gathering and network mapping automatic. How Does it Work?XRay is a very simple tool, it works this way: It’ll bruteforce subdomains using a wordlist and DNS requests. For every subdomain/ip found, it’ll use Shodan to […]