PwnDoc – Streamlining Pentest Reporting For Efficient Vulnerability Management
.webp "PwnDoc – Streamlining Pentest Reporting For Efficient Vulnerability Management")
PwnDoc is a pentest reporting application making it simple and easy to write your findings and generate a customizable Docx report.The main goal is to have more time to Pwn and less time to Doc by mutualizing data like vulnerabilities between users. Documentation Installation Data Vulnerabilities Audits Templating Features Multiple Language support Multiple Data support Great Customization Manage reusable Audit and Vulnerability Data Create Custom Sections Add custom fields to Vulnerabilities Vulnerabilities Management Multi-User reporting Docx Report Generation Docx Template...
Bypass Fuzzer – Exploring A Powerful Tool For Testing End Point Security
.webp "Bypass Fuzzer – Exploring A Powerful Tool For Testing End Point Security")
This tool performs various checks via headers, path normalization, verbs, etc. to attempt to bypass ACL's or URL validation. It will output the response codes and length for each request, in a nicely organized, color coded way so things are reaable. I implemented a "Smart Filter" that lets you mute responses that look the same after a certain number of times. You...
SSH3 – Faster And Rich Secure Shell Using HTTP/3
.webp "SSH3 – Faster And Rich Secure Shell Using HTTP/3")
SSH3 is a complete revisit of the SSH protocol, mapping its semantics on top of the HTTP mechanisms. In a nutshell, SSH3 uses QUIC+TLS1.3 for secure channel establishment and the HTTP Authorization mechanisms for user authentication. Among others, SSH3 allows the following improvements: Significantly faster session establishment New HTTP authentication methods such as OAuth 2.0 and OpenID Connect in addition to classical SSH authentication Robustness to port scanning attacks: your...
EasyEASM : Your Zero-Dollar Solution For Attack Surface Management
Easy EASM is just that... the easiest to set-up tool to give your organization visibility into its external facing assets. The industry is dominated by $30k vendors selling "Attack Surface Management," but OG bug bounty hunters and red teamers know the truth. External ASM was born out of the bug bounty scene. Most of these $30k vendors use this open-source...
PMKID WPA2 Cracker – Decrypting WPA2 WiFi Networks The Easy Way
.webp "PMKID WPA2 Cracker – Decrypting WPA2 WiFi Networks The Easy Way")
This program is a tool written in Python to recover the pre-shared key of a WPA2 WiFi network without any de-authentication or requiring any clients to be on the network. It targets the weakness of certain access points advertising the PMKID value in EAPOL message 1. Program Usage python pmkidcracker.py -s <SSID> -ap <APMAC> -c <CLIENTMAC> -p <PMKID> -w <WORDLIST> -t...
CloudRecon – Uncovering Hidden Cloud Assets With SSL Certificate Analysis
In the ever-evolving landscape of cybersecurity, red teamers and bug hunters are constantly seeking new tools to aid in their campaigns and hunts. CloudRecon, a powerful suite of tools presented at DEFCON 31 by Gunnar Andrews and Jason Haddix, is one such solution. This article explores how CloudRecon empowers security professionals to discover ephemeral and development assets within cloud...
PipeViewer – Exploring Windows Named Pipes For Security And Permissions
.webp "PipeViewer – Exploring Windows Named Pipes For Security And Permissions")
PipeViewer is a GUI tool that allows users to view details about Windows Named pipes and their permissions. It is designed to be useful for security researchers who are interested in searching for named pipes with weak permissions or testing the security of named pipes. With PipeViewer, users can easily view and analyze information about named pipes on their...
MetaHub – Revolutionizing Vulnerability Management With Contextual Impact Evaluation
.webp "MetaHub – Revolutionizing Vulnerability Management With Contextual Impact Evaluation")
MetaHub is an automated contextual security findings enrichment and impact evaluation tool for vulnerability management. You can use it with AWS Security Hub or any ASFF-compatible security scanner. Stop relying on useless severities and switch to impact scoring definitions based on YOUR context. Table Of Contents Description Quick Run Context Impact High Level Architecture Use Cases Configuration Run with Python Run with Docker Run with Lambda Run with Security Hub Custom Action AWS...
Nysm : Unveiling The Art Of Stealthy eBPF Post-Exploitation Containers
.webp "Nysm : Unveiling The Art Of Stealthy eBPF Post-Exploitation Containers")
In the ever-evolving landscape of cybersecurity, offensive tools based on eBPF (Extended Berkeley Packet Filter) have gained popularity, from credential stealers to rootkits. This article delves into the realm of "Nysm," a stealthy post-exploitation container designed to make eBPF-based offensive tools invisible to the watchful eyes of System Administrators. Nysm not only conceals eBPF but also shields a wide...
Exploring Best EDR Of The Market (BEOTM) : Unveiling User-Mode Evasion Techniques and Defensive Strategies
BestEDROfTheMarket is a naive user-mode EDR (Endpoint Detection and Response) project, designed to serve as a testing ground for understanding and bypassing EDR's user-mode detection methods that are frequently used by these security solutions.These techniques are mainly based on a dynamic analysis of the target process state (memory, API calls, etc.), Feel free to check this short article I wrote...
.webp "MobSF Remote Code Execution (CVE-2024-21633) – Uncovering Vulnerabilities In Mobile Security Framework")