Mantis: The Comprehensive Command-Line Framework for Asset Discovery and Security Scanning
.webp "Mantis: The Comprehensive Command-Line Framework for Asset Discovery and Security Scanning")
Mantis is a command-line framework designed to automate the workflow of asset discovery, reconnaissance, and scanning. It takes the top-level domains as input, then seamlessly progresses to discovering corresponding assets, including subdomains and certificates. The tool performs reconnaissance on active assets and concludes with a comprehensive scan for vulnerabilities, secrets, misconfigurations and phishing domains - all powered by a...
llamafile: Streamlining Access to Large Language Models with Single-File Executables for Local Deployment
llamafile lets you distribute and run LLMs with a single file. (announcement blog post) Our goal is to make open source large language models much more accessible to both developers and end users. We're doing that by combining llama.cpp with Cosmopolitan Libc into one framework that collapses all the complexity of LLMs down to a single-file executable (called a "llamafile") that runs locally on...
Free Threat Intel/IOC Feeds: Maximizing Cybersecurity Efficacy with Open-Source Intelligence Integration
This repository contains Open Source freely usable Threat Intel feeds that can be used without additional requirements. The CSV ThreatIntelFeeds is stored in a structured manner based on the Vendor, Description, Category and URL. The vendors offering ThreatIntelFeeds are described below. The following feed categories are available: SSL IP DNS URL MD5 SHA1 SHA256 CVEID The content is served as is. When using the content in a business environment the...
Hayabusa: Revolutionizing Windows Event Log Analysis with Rapid Forensics and Advanced Threat Hunting Capabilities
.webp "Hayabusa: Revolutionizing Windows Event Log Analysis with Rapid Forensics and Advanced Threat Hunting Capabilities")
Hayabusa is a Windows event log fast forensics timeline generator and threat hunting tool created by the Yamato Security group in Japan. Hayabusa means "peregrine falcon" in Japanese and was chosen as peregrine falcons are the fastest animal in the world, great at hunting and highly trainable. It is written in Rust and supports multi-threading in order to be as fast as possible. We have provided a tool to convert Sigma rules into...
EvilSlackbot: A Cutting-Edge Tool for Enhancing Slack Workspace Security through Red Team and Phishing Simulations
It's impossible to say enough about how important cybersecurity is in this digital age, where teamwork tools like Slack are essential for business communication. The fact that thousands of businesses use Slack for daily tasks makes the platform vulnerable to cyber dangers. With that, let's talk about EvilSlackbot, the cutting-edge hacking tool. EvilSlackbot is a powerful system for running...
IMDSPOOF: Enhancing Cloud Security with Deceptive AWS IMDS Endpoint Spoofing
.webp "IMDSPOOF: Enhancing Cloud Security with Deceptive AWS IMDS Endpoint Spoofing")
IMDSPOOF is a cyber deception tool that spoofs an AWS IMDS service. One way that attackers are able to escalate privileges or move laterally in a cloud environment is by retrieving AWS Access keys from the IMDS service endpoint located at http://169.254.169.254/latest/meta-data/iam/security-credentials/<user>. This tool spoofs that endpoint and redirects traffic sent to 169.254.169.254 to a local webserver that serves fake data. This can be...
Telerecon: The OSINT Framework for Deep Telegram Analysis
.webp "Telerecon: The OSINT Framework for Deep Telegram Analysis")
Telerecon is a comprehensive OSINT reconnaissance framework for researching, investigating, and scraping Telegram. For example: Input a target username, and Telerecon efficiently crawls across multiple chats gathering profile metadata, account activity, user messages, extracting potential selectors, ideological indicators, identifying named entities, constructing a network map of possible associates, and a EXIF metadata geo-map, amongst various other analytics. Other features of Telerecon...
Commix: The Command Injection Exploiter for Penetration Testing
It stands for "comm and injection exploiter." Commix is a state-of-the-art open-source tool made for penetration testers and other cybersecurity experts. Anastasios Stasinopoulos made Commix, a tool that automatically finds and takes advantage of command injection weaknesses, which is a key part of testing the security of web applications. This article goes into detail about how to install Commix...
Instagram Location Search: Navigating and Scraping Proximal Points with Ease
Find out how powerful Instagram Location Search is. It's a flexible Python tool that makes it easier to find and analyze Instagram places. This app lets you map coordinates in downtown Tucson or anywhere else, and it gives different output formats, from CSV to GeoJSON, so you can do useful geospatial analysis. Instagram position Search is a must-have tool...
Active Directory Canaries: Advanced Detection and Prevention of AD Enumeration
.webp "Active Directory Canaries: Advanced Detection and Prevention of AD Enumeration")
Active Directory Canaries is a detection primitive for Active Directory enumeration (or recon) techniques. It abuses the concept of DACL Backdoors, introduced by Specter Ops researchers Andy Robins (@_wald0) and Will Schroeder (@harmj0y) back in 2017 in their white paper "An ACE Up the Sleeve". The purpose of this project is to publish and maintain the deployment PowerShell script that automates...
