Author Archives: R K

debugHunter : Discover Hidden Debugging Parameters And Uncover Web Application Secrets

debugHunter is used to discover hidden debugging parameters and uncover web application secrets This Chrome extension scans websites for debugging parameters and notifies you when it finds a URL with modified responses. The extension utilizes a binary search algorithm to efficiently determine the parameter responsible for the change in the response. Features Installation Option 1: …

Continue reading “debugHunter : Discover Hidden Debugging Parameters And Uncover Web Application Secrets”

Pinacolada : Wireless Intrusion Detection System For Hak5’s WiFi Coconut

Pinacolada is a Wireless Intrusion Detection System for Hak5’s WiFi Coconut. Pinacolada looks for typical IEEE 802.11 attacks and then informs you about them as quickly as possible. All this with the help of Hak5’s WiFi Coconut, which allows it to listen for threats on all 14 channels in the 2.4GHz range simultaneously. Supported 802.11 …

Continue reading “Pinacolada : Wireless Intrusion Detection System For Hak5’s WiFi Coconut”

QuadraInspect : Android Framework Providing A Powerful Tool For Analyzing The Security Of Android Applications

QuadraInspect is an Android framework that integrates AndroPass, APKUtil, and MobFS, providing a powerful tool for analyzing the security of Android applications. The security of mobile devices has become a critical concern due to the increasing amount of sensitive data being stored on them. With the rise of Android OS as the most popular mobile …

Continue reading “QuadraInspect : Android Framework Providing A Powerful Tool For Analyzing The Security Of Android Applications”

Reportly : An AzureAD User Activity Report Tool

Reportly is an AzureAD user activity report tool. About the tool This is a tool that will help blue teams during a cloud incident. When running the tool, the researcher will enter as input a suspicious user and a time frame and will receive a report detailing the following: Example_video Usage When running the tool, …

Continue reading “Reportly : An AzureAD User Activity Report Tool”

WindowSpy : A Cobalt Strike Beacon Object File Meant For Targetted User Surveillance

WindowSpy is a Cobalt Strike Beacon Object File meant for targetted user surveillance. The goal of this project was to trigger surveillance capabilities only on certain targets, e.g. browser login pages, confidential documents, vpn logins etc. The purpose was to increase stealth during user surveillance by preventing detection of repeated use of surveillance capabilities e.g. …

Continue reading “WindowSpy : A Cobalt Strike Beacon Object File Meant For Targetted User Surveillance”

SilentMoonwalk – PoC Implementation Of A Fully Dynamic Call Stack Spoofer

SilentMoonwalk is a PoC Implementation of a fully dynamic call stack spoofer. TL;DR SilentMoonwalk is a PoC implementation of a fully dynamic call stack spoofer, implementing a technique to remove the original caller from the call stack, using ROP to desynchronize unwinding from control flow. Authors This PoC is the result of a joint research …

Continue reading “SilentMoonwalk – PoC Implementation Of A Fully Dynamic Call Stack Spoofer”

Mimicry : Security Tool For Active Deception In Exploitation And Post-Exploitation

Mimicry is a security tool developed by Chaitin Technology for active deception in exploitation and post-exploitation. Active deception can live migrate the attacker to the honeypot without awareness. We can achieve a higher security level at a lower cost with Active deception. Demo Quick Start 1. Make sure docker, docker-compose is installed correctly on the …

Continue reading “Mimicry : Security Tool For Active Deception In Exploitation And Post-Exploitation”

Wifi_Db : Script To Parse Aircrack-ng Captures To A SQLite Database

Wifi_Db is a script to parse Aircrack-ng captures into a SQLite database and extract useful information like handshakes(in 22000 hashcat format), MGT identities, interesting relations between APs, clients and it’s Probes, WPS information and a global view of all the APs seen. Features Install From DockerHub (RECOMMENDED) docker pull r4ulcl/wifi_db Manual installation Debian based systems …

Continue reading “Wifi_Db : Script To Parse Aircrack-ng Captures To A SQLite Database”

Seekr : A Multi-Purpose OSINT Toolkit With A Neat Web-Interface

Seekr is a multi-purpose toolkit for gathering and managing OSINT-data with a sleek web interface. Our desktop view enables you to have all of your favourite OSINT tools integrated in one. The backend is written in Go with BadgerDB as database and it offers a wide range of features for data collection, organization, and analysis. …

Continue reading “Seekr : A Multi-Purpose OSINT Toolkit With A Neat Web-Interface”

Grepmarx : A Source Code Static Analysis Platform For AppSec Enthusiasts

Grepmarx is a web application providing a single platform to quickly understand, analyze and identify vulnerabilities in possibly large and unknown code bases. Features SAST (Static Analysis Security Testing) capabilities: SCA (Software Composition Analysis) capabilities: Extra Screenshots Scan customization Analysis workbench Rule pack edition Execution Grepmarx is provided with a configuration to be executed in …

Continue reading “Grepmarx : A Source Code Static Analysis Platform For AppSec Enthusiasts”