Category Archives: Hacking Tools

MultCheck : A User-Friendly, Open-Source Malware AV Testing Tool

An innovative, open-source tool designed to streamline malware analysis by testing the effectiveness of multiple antivirus (AV) engines simultaneously. Developed by the resourceful @Pengrey, MultCheck stands out for its user-friendly interface and customizable framework, allowing users to easily integrate new AV engines as needed. Whether you’re a cybersecurity professional or an enthusiast, MultCheck provides a …

Continue reading “MultCheck : A User-Friendly, Open-Source Malware AV Testing Tool”

IAT-Tracer V2 : Streamlining API Function Tracing For Enhanced Cybersecurity

IAT-Tracer V2 is a plugin for Tiny-Tracer framework (by @hasherezade) for automatically detecting and resolving functions’ parameters out of the IAT or trace logs (.tag files) of PE files. The plugin has a GUI that allows the user to choose what imported or called functions to trace and watch and then automatically fills the parameters (library, function’s …

Continue reading “IAT-Tracer V2 : Streamlining API Function Tracing For Enhanced Cybersecurity”

Cloud_Enum – Advancing Cloud Security Through Multi-Cloud OSINT Tools

I built this tool in 2019 for a pentest involving Azure, as no other enumeration tools supported it at the time. It grew from there, and I learned a lot while adding features. Building tools is fun, but maintaining tools is hard. I haven’t actively used this tool myself in a while, but I’ve done …

Continue reading “Cloud_Enum – Advancing Cloud Security Through Multi-Cloud OSINT Tools”

Pwnat : Bridging NAT Barriers Without Port Forwarding

pwnat, by Samy Kamkar, is a tool that allows any client behind a NAT to communicate with a server behind a separate NAT with no port forwarding and no DMZ setup on any routers in order to directly communicate with each other. There is no middle man, no proxy, no third party, no UPnP required, no spoofing, no DNS …

Continue reading “Pwnat : Bridging NAT Barriers Without Port Forwarding”

apkInspector – A Comprehensive Tool For APK Analysis And Evasion Detection

apkInspector is a tool designed to provide detailed insights into the zip structure of APK files, offering the capability to extract content and decode the AndroidManifest.xml file. What sets APKInspector apart is its adherence to the zip specification during APK parsing, eliminating the need for reliance on external libraries. This independence, allows APKInspector to be …

Continue reading “apkInspector – A Comprehensive Tool For APK Analysis And Evasion Detection”

MSC Dropper – A Python Tool For Custom MSC File Creation And Payload Execution

MSC Dropper is a Python script designed to automate the creation of MSC (Microsoft Management Console) files with customizable payloads for arbitrary execution. This tool leverages a method discovered by Samir (@SBousseaden) from Elastic Security Labs, termed #GrimResource, which facilitates initial access and evasion through mmc.exe. Overview The script allows users to generate MSC files that …

Continue reading “MSC Dropper – A Python Tool For Custom MSC File Creation And Payload Execution”

Atexec-Pro : Advanced Features And Usage For Remote Command Execution

Modified based on atexec.py. The TSCH service is used by default(need port 135 a dynamic high port), port 445 is no longer required. ATSVC need port 445 The technology is mainly based on this article by zcgonvh. Features Note: functions upload, download and execute-assembly currently only support files up to 1MB in size. All functions do not bypass AMSI. Usage Example GetShell

jwt_tool : Unlocking JWT Security With The JSON Web Token Toolkit

Discover the power of jwt_tool, a comprehensive toolkit designed for the robust testing of JSON Web Tokens (JWTs). Perfect for pentesters and developers, this toolkit offers a variety of functions, from validating token authenticity to exploiting known vulnerabilities. Dive into the capabilities of jwt_tool and enhance your security skills and knowledge. Its functionality includes: Audience …

Continue reading “jwt_tool : Unlocking JWT Security With The JSON Web Token Toolkit”

LogHunter – A Revolutionary Tool For Session Detection via Event Logs

Opsec tool for finding user sessions by analyzing event log files through RPC (MS-EVEN). I was once doing a very complex project where there were over 1000 hosts in the infrastructure. I needed to detect the user session. Running Invoke-UserHunter would have been a huge mistake. That’s when I came up with the idea that …

Continue reading “LogHunter – A Revolutionary Tool For Session Detection via Event Logs”

Freeway – A Comprehensive Guide To WiFi Penetration Testing With Python

“Freeway” is a Python-based tool designed to enhance WiFi penetration testing and network security. Utilizing the capabilities of Scapy, it equips ethical hackers and security professionals with the necessary tools to audit and secure networks. Explore its robust features like packet monitoring, deauthentication attacks, and more to sharpen your cybersecurity skills. 1. Overview Freeway is a …

Continue reading “Freeway – A Comprehensive Guide To WiFi Penetration Testing With Python”