Clik here to view.
Godehashed - Tool That Uses The Dehashed.Com API To Search For Compromised...
A golang tool that uses the dehashed.com API to search for compromised assets. Results can then be compiled into a CSV for further analysis.Dehashed APIYou must supply the tool an api key. See...
View ArticleClik here to view.
CTF-Party - A Ruby Library To Enhance And Speed Up Script/Exploit Writing For...
A library to enhance and speed up script/exploit writing for CTF players (or security researchers, bug bounty hunters, pentesters but mostly focused on CTF) by patching the String class to add a short...
View ArticleClik here to view.
Kraker - Distributed Password Brute-Force System That Focused On Easy Use
Kraker is a distributed password brute-force system that allows you to run and manage the hashcat on different servers and workstations, focused on easy of use. There were two main goals during the...
View ArticleClik here to view.
OSCP-Exam-Report-Template-Markdown - Markdown Templates For Offensive...
I created an Offensive Security Exam Report Template in Markdown so LaTeX, Microsoft Office Word, LibreOffice Writer are no longer needed during your Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP...
View ArticleClik here to view.
Gitrecon - OSINT Tool To Get Information From A Github Profile And Find...
OSINT tool to get information from a github profile and find GitHub user's email addresses leaked on commits.How does this work?GitHub uses the email address associated with a GitHub account to link...
View ArticleClik here to view.
Smogcloud - Find Cloud Assets That No One Wants Exposed
Find exposed AWS cloud assets that you did not know you had. A comprehensive asset inventory is step one to any capable security program. We made smogcloud to enable security engineers, penetration...
View ArticleClik here to view.
Retoolkit - Reverse Engineer's Toolkit
This is a collection of tools you may like if you are interested on reverse engineering and/or malware analysis on x86 and x64 Windows systems. After installing this toolkit you'll have a folder in...
View ArticleClik here to view.
cve_manager_VS - A Collection Of Python Apps And Shell Scripts To Email An...
A collection of python apps and shell scripts to email an xlsx spreadsheet of new vulnerabilities in the NIST CVE database and their associated products on a daily schedule. The spreadsheet can then be...
View ArticleClik here to view.
Obfuscation_Detection - Collection Of Scripts To Pinpoint Obfuscated Code
Automatically detect control-flow flattening and other state machines Author:Â Tim BlazytkoDescription:Scripts and binaries to automatically detect control-flow flattening and other state machines in...
View ArticleClik here to view.
Search-That-Hash - Searches Hash APIs To Crack Your Hash Quickly, If Hash Is...
The Fastest Hash Cracking Systempip3 install search-that-hash && sthTired of going to every website to crack your hash? Search-That-Hash automates this process in less than 2 seconds....
View ArticleClik here to view.
CallObfuscator - Obfuscate Specific Windows Apis With Different APIs
Obfuscate (hide) the PE imports from static/dynamic analysis tools.TheoryThis's pretty forward, let's say I've used VirtualProtect and I want to obfuscate it with Sleep, the tool will manipulate the...
View ArticleClik here to view.
BadOutlook - (Kinda) Malicious Outlook Reader
A simple PoC which leverages the Outlook Application Interface (COM Interface) to execute shellcode on a system based on a specific trigger subject line.By utilizing the...
View ArticleClik here to view.
Boomerang - A Tool To Expose Multiple Internal Servers To Web/Cloud
Boomerang is a tool to expose multiple internal servers to web/cloud using HTTP+TCP Tunneling. The Server will expose 2 ports on the Cloud. One will be where tools like proxychains can connect over...
View ArticleClik here to view.
KICS - Find Security Vulnerabilities, Compliance Issues, And Infrastructure...
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.KICS stands for Keeping...
View ArticleClik here to view.
Android_Hid - Use Android As Rubber Ducky Against Another Android Device
Use Android as Rubber Ducky against another Android deviceHID attack using AndroidUsing Android as Rubber Ducky against Android. This is not a new technique, just a demo how to perform HID attack using...
View ArticleClik here to view.
ClearURLs - An Add-On Based On The New WebExtensions Technology And Will...
ClearURLs is an add-on based on the new WebExtensions technology and is optimized for Firefox and Chrome based browsers.This extension will automatically remove tracking elements from URLs to help...
View ArticleClik here to view.
InveighZero - Windows C# LLMNR/mDNS/NBNS/DNS/DHCPv6 Spoofer/Man-In-The-Middle...
InveighZero is a C# LLMNR/NBNS/mDNS/DNS/DHCPv6 spoofer and man-in-the-middle tool designed to assist penetration testers/red teamers that find themselves limited to a Windows system. This version...
View ArticleClik here to view.
Rubeus - C# Toolset For Raw Kerberos Interaction And Abuses
Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpy's Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUX's MakeMeEnterpriseAdmin project...
View ArticleClik here to view.
Seatbelt - A C# Project That Performs A Number Of Security Oriented...
Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.@andrewchiles' HostEnum.ps1 script and...
View ArticleClik here to view.
SharpDPAPI - A C# Port Of Some Mimikatz DPAPI Functionality
SharpDPAPI is a C# port of some DPAPI functionality from @gentilkiwi's Mimikatz project.I did not come up with this logic, it is simply a port from Mimikatz in order to better understand the process...
View Article