Clik here to view.
XML External Entity (XXE) Injection Payload List
In this section, we'll explain what XML external entity injection is, describe some common examples, explain how to find and exploit various kinds of XXE injection, and summarize how to prevent XXE...
View ArticleClik here to view.
ATFuzzer - Dynamic Analysis Of AT Interface For Android Smartphones
"Opening Pandora's Box through ATFuzzer: Dynamic Analysis of AT Interface for Android Smartphones" is accepted to the 35th Annual Computer Security Applications Conference (ACSAC) 2019....
View ArticleClik here to view.
Netstat2Neo4J - Create Cypher Create Statements For Neo4J Out Of Netstat...
Graphs help to spot anomalies and patterns in large datasets.This script takes netstat information from multiple hosts and formats them in a way to make them importable into Neo4j.Neo4j can be queried...
View ArticleClik here to view.
BaseQuery - A Way To Organize Public Combo-Lists And Leaks In A Way That You...
Your private data is being traded and sold all over the internet as we speak. Tons of leaks come out on a daily basis which can make you feel powerless. The majority of user-passwords and other...
View ArticleClik here to view.
Attack Monitor - Endpoint Detection And Malware Analysis Software
Attack Monitor is Python application written to enhance security monitoring capabilites of Windows 7/2008 (and all later versions) workstations/servers and to automate dynamic analysis of...
View ArticleClik here to view.
Mordor - Re-play Adversarial Techniques
The Mordor project provides pre-recorded security events generated by simulated adversarial techniques in the form of JavaScript Object Notation (JSON) files for easy consumption. The pre-recorded data...
View ArticleClik here to view.
Subdomain3 - A New Generation Of Tool For Discovering Subdomains
Subdomain3 is a new generation of tool , It helps penetration testers to discover more information in a shorter time than other tools.The information includes subdomains, IP, CDN, and so on. Please...
View ArticleClik here to view.
CCAT - Cloud Container Attack Tool For Testing Security Of Container...
Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.Quick referenceWhere to get help: the Pacu/CloudGoat/CCAT Community Slack, or Stack OverflowWhere to file...
View ArticleClik here to view.
Goblin - An Impish, Cross-Platform Binary Parsing Crate, Written In Rust
Documentationhttps://docs.rs/goblin/changelogUsageGoblin requires rustc 1.31.1.Add to your Cargo.toml[dependencies]goblin = "0.1"Featuresawesome crate namezero-copy, cross-platform, endian-aware,...
View ArticleClik here to view.
ANDRAX v4 DragonFly - Penetration Testing on Android
ANDRAX is a Penetration Testing platform developed specifically for Android smartphones, ANDRAX has the ability to run natively on Android so it behaves like a common Linux distribution, But more...
View ArticleClik here to view.
CAPE - Malware Configuration And Payload Extraction
CAPE is a malware sandbox. It is derived from Cuckoo and is designed to automate the process of malware analysis with the goal of extracting payloads and configuration from malware. This allows CAPE to...
View ArticleClik here to view.
Sooty - The SOC Analysts All-In-One CLI Tool To Automate And Speed Up Workflow
Sooty is a tool developed with the task of aiding SOC analysts with automating part of their workflow. One of the goals of Sooty is to perform as much of the routines checks as possible, allowing the...
View ArticleClik here to view.
Nessus Map - Parse .Nessus File(S) And Shows Output In Interactive UI
Nessus XML PraserRequirementsPython3DjangoTested onUbuntu 18.04What it doesVulnerability based parsingService based parsingHost bases parsingUnsupported OS parsingGenerate Executive Summary of...
View ArticleClik here to view.
Burp Suite Secret Finder - Burp Suite Extension To Discover Apikeys/Tokens...
Burp Suite extension to discover a apikey/tokens from HTTP response.Installdownload SecretFinderwget https://raw.githubusercontent.com/m4ll0k/BurpSuite-Secret_Finder/master/SecretFinder.pyorgit clone...
View ArticleClik here to view.
aSYNcrone - A SYN Flood DDoS Tool
aSYNcrone is a SYN Flood DDoS Attack Tool!Usage:git clone https://github.com/fatih4842/aSYNcrone.gitcd aSYNcronegcc aSYNcrone.c -o aSYNcrone./aSYNcrone <source IP> <source port>...
View ArticleClik here to view.
LinuxCheck - Linux Information Collection Script
A small linux information collection script is mainly used for emergency response. It can be used under Debian or Centos.FeaturesCPU TOP10, memory TOP10CPU usageboot timeHard disk space informationUser...
View ArticleClik here to view.
Codecat - Tool To Help In Manual Analysis In Codereview
CodeCat is a open source tool to help you in codereview, to find/track sinks and this points follow regex rules...How too install, step by step:Go to CodeCat directory, install backend and frontend...
View ArticleClik here to view.
SharpHide - Tool To Create Hidden Registry Keys
Just a nice persistence trick to confuse DFIR investigation. Uses NtSetValueKey native API to create a hidden (null terminated) registry key. This works by adding a null byte in front of the...
View ArticleClik here to view.
CORStest - A Simple CORS Misconfiguration Scanner
A simple CORS misconfiguration scannerBased on the research of James KettleCORStest is a quick & dirty Python 2 tool to find Cross-Origin Resource Sharing (CORS) misconfigurations. It takes a text...
View ArticleClik here to view.
Seeker v1.2.1 - Accurately Locate Smartphones Using Social Engineering
Concept behind Seeker is simple, just like we host phishing pages to get credentials why not host a fake page that requests your location like many popular location based websites. Read more on...
View Article