Clik here to view.
WdToggle - A Beacon Object File (BOF) For Cobalt Strike Which Uses Direct...
A Proof of Concept Cobalt Strike Beacon Object File which uses direct system calls to enable WDigest credential caching and circumvent Credential Guard (if enabled).Additional guidance can be found in...
View ArticleClik here to view.
StandIn - A Small .NET35/45 AD Post-Exploitation Toolkit
StandIn is a small AD post-compromise toolkit. StandIn came about because recently at xforcered we needed a .NET native solution to perform resource based constrained delegation. However, StandIn...
View ArticleClik here to view.
Halogen - Automatically Create YARA Rules From Malicious Documents
Halogen is a tool to automate the creation of yara rules against image files embedded within a malicious document.Halogen helppython3 halogen.py -husage: halogen.py [-h] [-f FILE] [-d DIR] [-n NAME]...
View ArticleClik here to view.
OWASP ASST (Automated Software Security Toolkit) - A Novel Open Source Web...
OWASP ASST (Automated Software Security Toolkit) | A Novel Open Source Web Security Scanner.Note: AWSS is the older name of ASSTIntroductionWeb applications have become an integral part of everyday...
View ArticleClik here to view.
Fake-Sms - A Simple Command Line Tool Using Which You Can Skip Phone Number...
A simple command line tool using which you can skip phone number based SMS verification by using a temporary phone number that acts like a proxy.Note-1: This is just an experimental tool, do not use...
View ArticleClik here to view.
Threatspec - Continuous Threat Modeling, Through Code
Threatspec is an open source project that aims to close the gap between development and security by bringing the threat modelling process further into the development process. This is achieved by...
View ArticleClik here to view.
Teatime - An RPC Attack Framework For Blockchain Nodes
Teatime is an RPC attack framework aimed at making it easy to spot misconfigurations in blockchain nodes. It detects a large variety of issues, ranging from information leaks to open accounts, and...
View ArticleClik here to view.
SharpSphere - .NET Project For Attacking vCenter
SharpSphere gives red teamers the ability to easily interact with the guest operating systems of virtual machines managed by vCenter. It uses the vSphere Web Services API and exposes the following...
View ArticleClik here to view.
PyBeacon - A Collection Of Scripts For Dealing With Cobalt Strike Beacons In...
PyBeacon is a collection of scripts for dealing with Cobalt Strike's encrypted traffic.It can encrypt/decrypt beacon metadata, as well as parse symmetric encrypted taskingsScripts includedThere is a...
View ArticleClik here to view.
CertEagle - Asset monitoring utility using real time CT log feeds
In Bugbounties “If you are not first , then you are last” there is no such thing as silver or a bronze medal , Recon plays a very crucial part and if you can detect/Identify a newly added asset earlier...
View ArticleClik here to view.
Kubestriker - A Blazing Fast Security Auditing Tool For Kubernetes
Kubestriker performs numerous in depth checks on kubernetes infra to identify the security misconfigurations and challenges that devops engineers/developers are likely to encounter when using...
View ArticleClik here to view.
uEmu - Tiny Cute Emulator Plugin For IDA Based On Unicorn.
uEmu is a tiny cute emulator plugin for IDA based on unicorn engine.Supports following architectures out of the box: x86, x64, ARM, ARM64, MIPS, MIPS64What is it GOOD for?Emulate bare metal code...
View ArticleClik here to view.
Chameleon - Customizable Honeypots For Monitoring Network Traffic, Bots...
Customizable honeypots for monitoring network traffic, bots activities and username\password credentials (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, RDP, VNC, SMB, SOCKS5, Redis, TELNET and...
View ArticleClik here to view.
packetStrider - A Network Packet Forensics Tool For SSH
packetStrider for SSH is a packet forensics tool that aims to provide valuable insight into the nature of SSH traffic, shining a light into the corners of SSH network traffic where golden nuggets of...
View ArticleClik here to view.
Procrustes - A Bash Script That Automates The Exfiltration Of Data Over Dns...
A bash script that automates the exfiltration of data over dns in case we have a blind command execution on a server where all outbound connections except DNS are blocked. The script currently supports...
View ArticleClik here to view.
Sub404 - A Python Tool To Check Subdomain Takeover Vulnerability
Sub 404 is a tool written in python which is used to check possibility of subdomain takeover vulnerabilty and it is fast as it is Asynchronous.WhyDuring recon process you might get a lot of...
View ArticleClik here to view.
HiddenEyeReborn - HiddenEye With Completely New Codebase And Better Features Set
HiddenEye: Reborn is my second try on doing multi-featured tool for human mistakes exploitation. Currently, HE: RE has mainly phishing features. But we are planning on adding more, you can follow...
View ArticleClik here to view.
Writehat - A Pentest Reporting Tool Written In Python
WriteHat is a reporting tool which removes Microsoft Word (and many hours of suffering) from the reporting process. Markdown --> HTML --> PDF. Created by penetration testers, for penetration...
View ArticleClik here to view.
Go-RouterSocks - Router Sock. One Port Socks For All The Others.
The next step after compromising a machine is to enumerate the network behind. Many tools exist to expose a socks port on the attacker's machine and send all the traffic through a tunnel to the...
View ArticleClik here to view.
Gitls - Enumerate Git Repository URL From List Of URL / User / Org
Enumerate git repository URL from list of URL / User / Org. Friendly to pipelineThis tool is available when the repository, such as github, is included in the bugbounty scope. Sometimes specified as an...
View Article