Clik here to view.
UnhookMe - An Universal Windows API Resolver And Unhooker Addressing Problem...
In the era of intrusive AVs and EDRs that introduce hot-patches to the running processes for their enhanced optics requirements, modern adversaries must have a robust tool to slide through these...
View ArticleClik here to view.
Karton - Distributed Malware Processing Framework Based On Python, Redis And...
Distributed malware processing framework based on Python, Redis and MinIO.The ideaKarton is a robust framework for creating flexible and lightweightmalware analysis backends. It can be used to connect...
View ArticleClik here to view.
Jarm - Active Transport Layer Security (TLS) server fingerprinting tool
Please read the initial JARM blog post for more information.JARM is an active Transport Layer Security (TLS) server fingerprinting tool.JARM fingerprints can be used to:Quickly verify that all servers...
View ArticleClik here to view.
Wsh - Web Shell Generator And Command Line Interface
wsh (pronounced woosh) is a web shell generator and command line interface. This started off as just an http client since interacting with webshells is a pain. There's a form, to send a command you...
View ArticleClik here to view.
AlanFramework - A Post-Exploitation Framework
Alan Framework is a post-exploitation framework useful during red-team activities.If you find my tool useful, please consider to sponsor me. Sponsored users have access to early releases and non public...
View ArticleClik here to view.
Http-Request-Smuggling - HTTP Request Smuggling Detection Tool
HTTP request smuggling is a high severity vulnerability which is a technique where an attacker smuggles an ambiguous HTTP request to bypass security controls and gain unauthorized access to performs...
View ArticleClik here to view.
jwtXploiter - A Tool To Test Security Of Json Web Token
A tool to test security of JSON Web Tokens. Test a JWT against all known CVEs;Tamper with the token payload: changes claims and subclaims values.Exploit known vulnerable header claims (kid, jku,...
View ArticleClik here to view.
Nimplant - A Cross-Platform Implant Written In Nim
Nimplant is a cross-platform (Linux & Windows) implant written in Nim as a fun project to learn about Nim and see what it can bring to the table for red team tool development. Currently, Nimplant...
View ArticleClik here to view.
NinjaDroid - Ninja Reverse Engineering On Android APK Packages
NinjaDroid is a simple tool to reverse engineeringAndroid APK packages.Published at: https://snapcraft.io/ninjadroid$ snap install ninjadroid --channel=betaOverviewNinjaDroid uses AXMLParser together...
View ArticleClik here to view.
Bantam - A PHP Backdoor Management And Generation tool/C2 Featuring End To...
An advanced PHP backdoor management tool, with a lightweight server footprint, multi-threaded communication, and an advanced payload generation and obfuscation tool. Features end to end encryption with...
View ArticleClik here to view.
Tko-Subs - A Tool That Can Help Detect And Takeover Subdomains With Dead DNS...
This tool allows:To check whether a subdomain can be taken over because it has:a dangling CNAME pointing to a CMS provider (Heroku, Github, Shopify, Amazon S3, Amazon CloudFront, etc.) that can be...
View ArticleClik here to view.
Raider - Web Authentication Testing Framework
This is a framework designed to test authentication for web applications. While web proxies like ZAProxy and Burpsuite allow authenticated tests, they don't provide features to test the authentication...
View ArticleClik here to view.
CamPhish - Grab Cam Shots From Target'S Phone Front Camera Or PC Webcam Just...
Grab cam shots from target's phone front camera or PC webcam just sending a link. What is CamPhish?CamPhish is techniques to take cam shots of target's phone fornt camera or PC webcam. CamPhish Hosts a...
View ArticleClik here to view.
PickleC2 - A Post-Exploitation And Lateral Movements Framework
PickleC2 is a post-exploitation and lateral movements framework.DocumentationReadTheDocsOverviewPickleC2 is a simple C2 framework written in python3 used to help the community in Penetration Testers in...
View ArticleClik here to view.
ReverseSSH - Statically-linked Ssh Server With Reverse Shell Functionality...
A statically-linked ssh server with a reverse connection feature for simple yet powerful remote access. Most useful during HackTheBox challenges, CTFs or similar.Has been developed and was extensively...
View ArticleClik here to view.
SGXRay - Automating Vulnerability Detection for SGX Apps
Intel SGX protects isolated application logic and sensitive data inside an enclave with hardware-based memory encryption. To use such hardware-based security mechanism requires a strict programming...
View ArticleClik here to view.
AuraBorealisApp - Do You Know What's In Your Python Packages? A Tool For...
AuraBorealis is a web application for visualizing anomalous and potentially malicious code in Python package registries. It uses security audit data produced by scanning the Python Package Index (PyPI)...
View ArticleClik here to view.
Jsleak - A Go Code To Detect Leaks In JS Files Via Regex Patterns
jsleak is a tool to identify sensitive data in JS files through regex patterns. Although it's built for this, you can use it to identify anything as long as you have a regex pattern for it.How to...
View ArticleClik here to view.
Allstar - GitHub App To Set And Enforce Security Policies
Allstar is a GitHub App installed on organizations or repositories to set and enforce security policies. Its goal is to be able to continuously monitor and detect any GitHub setting or repository file...
View ArticleClik here to view.
REW-sploit - Emulate And Dissect MSF And *Other* Attacks
REW-sploitThe tool has been presented at Black-Hat Arsenal USA 2021https://www.blackhat.com/us-21/arsenal/schedule/index.html#rew-sploit-dissecting-metasploit-attacks-24086Slides of presentation are...
View Article