Kali
Following are the ReconDog main features, Wizard + CLA interface Can extracts targets from STDIN (piped input) and act upon them All the information is extracted with APIs, no direct contact is made to the target ReconDog Utilities Censys: Uses censys.io to gather massive amount of information about an IP address. NS Lookup: Does name server …
Continue reading “ReconDog – Reconnaissance Swiss Army Knife”
AutoRDPwn is a script created in Powershell and designed to automate the Shadow attack on Microsoft Windows computers. This vulnerability allows a remote attacker to view his victim’s desktop without his consent, and even control it on request. For its correct operation, it is necessary to comply with the requirements described in the user guide. …
Pentest Machine automates some pentesting work via an nmap XML file. As soon as each command finishes it writes its output to the terminal and the files in output-by-service/ and output-by-host/. Runs fast-returning commands first. Please send me protocols/commands/options that you would like to see included. HTTP whatweb WPScan (only if whatweb returns a WordPress …
Continue reading “Pentest Machine – Automates Some Pentest Jobs Via Nmap xml File”
XXRF Shots is useful for testing SSRF vulnerability. Server Side Request Forgery or SSRF is a type of vulnerability class where attacker sends crafted request from a vulnerable web application, including the unauthorised access to the internal resources behind the firewall which are inaccessible directly from the external network. XXRF Shots Installation git clone https://github.com/ariya/phantomjs.gitcd …
Continue reading “XXRF Shots – Useful For Testing SSRF Vulnerability”
EKFiddle is a framework based on the Fiddler web debugger to study Exploit Kits, malvertising and malicious traffic in general. Enable C# scripting (Windows only) Launch Fiddler, and go to Tools -> Options In the Scripting tab, change the default (JScript.NET) to C#. Change default text editor (optional) In the same Tools -> Options menu, …
Framework for Digiduck Development Boards running ATTiny85 processors and micronucleus bootloader! DigiDuck Installation DigiDuck Framework (Referred to as DDF) is really simple to start and setup! There are no third party modules required for DDF! All you need to do is make sure you have Python 3.6+ (I used this to develop it but it …
Clrinject injects C# EXE or DLL Assembly into any CLR runtime and AppDomain of another process. The injected assembly can then access static instances of the injectee process’s classes and therefore affect it’s internal state. Also ReadDocker Tor Hidden Service Nginx – Easily Setup A Hidden Service Inside The Tor Network Clrinject Usage clrinject-cli.exe -p …
The sandsifter audits x86 processors for hidden instructions and hardware bugs, by systematically generating machine code to search through a processor’s instruction set, and monitoring execution for anomalies. Sandsifter has uncovered secret processor instructions from every major vendor; ubiquitous software bugs in disassemblers, assemblers, and emulators; flaws in enterprise hypervisors; and both benign and security-critical …
Continue reading “Sandsifter – The x86 Processor Fuzzer For Hidden Instructions & Hardware Bugs”
Docker tor hidden service nginx is a tool to easily setup a hidden service inside the Tor network. Generate the skeleton configuration for you hidden service, replace for your hidden service pattern name. Example, if you want to your hidden service contain the word ‘boss’, just use this word as argument. You can use regular …
Dnsdiag is a DNS Diagnostics and Performance Measurement Tools. Ever been wondering if your ISP is hijacking your DNS traffic? Ever observed any misbehavior with your DNS responses? Ever been redirected to wrong address and suspected something is wrong with your DNS? Here we have a set of tools to perform basic audits on your …
Continue reading “Dnsdiag – DNS Diagnostics and Performance Measurement Tools”