CMLoot : Find Interesting Files Stored On (System Center) Configuration Manager (SCCM/CM) SMB Shares
.png "CMLoot : Find Interesting Files Stored On (System Center) Configuration Manager (SCCM/CM) SMB Shares")
CMLoot was created to easily find interesting files stored on System Center Configuration Manager (SCCM/CM) SMB shares. The shares are used for distributing software to Windows clients in Windows enterprise environments and can contains scripts/configuration files with passwords, certificates (pfx), etc. Most SCCM deployments are configured to allow all users to read the files on the shares, sometimes it...
RedditC2 : Abusing Reddit API To Host The C2 Traffic
RedditC2 is an abusing Reddit API To Host The C2 Traffic, Since Most Of The Blue-Team Members Use Reddit, It Might Be A Great Way To Make The Traffic Look Legit : Use of this project is for Educational/ Testing purposes only. Using it on unauthorised machines is strictly forbidden. If somebody is found to use it for illegal/ malicious...
Noseyparker : Find Secrets And Sensitive Information In Textual Data And Git History
.png "Noseyparker : Find Secrets And Sensitive Information In Textual Data And Git History")
Nosey Parker is a command-line tool that finds secrets and sensitive information in textual data. It is useful both for offensive and defensive security testing. Key features: It supports scanning files, directories, and the entire history of Git repositories It uses regular expression matching with a set of 95 patterns chosen for high signal-to-noise based on experience and feedback from offensive security...
MSI Dump : A Tool That Analyzes Malicious MSI Installation
.png "MSI Dump : A Tool That Analyzes Malicious MSI Installation")
MSI Dump is a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner. On Macro-enabled Office documents we can quickly use oletools mraptor to determine whether document is malicious. If we want to dissect it further, we could bring in oletools olevba or oledump. To dissect malicious MSI files, so far we had only...
How to Use Social Engineering Toolkit(SET) – A Complete Guide
The Social Engineering Toolkit (SET) is a Kali Linux operating system software program. SET is a powerful tool for conducting various social engineering attacks, including phishing, spear-phishing, and other social engineering attacks. Multiple attack vectors: SET provides a variety of attack vectors, including email, SMS, USB, and more. Easy customization: SET makes it easy to customize the attack payloads to suit...
Fingerprintx : Standalone Utility For Service Discovery On Open Ports!
.png "Fingerprintx : Standalone Utility For Service Discovery On Open Ports!")
Fingerprintx is a standalone Utility For Service Discovery On Open Ports! fingerprintx is a utility similar to httpx that also supports fingerprinting services like as RDP, SSH, MySQL, PostgreSQL, Kafka, etc. fingerprintx can be used alongside port scanners like Naabu to fingerprint a set of ports identified during a port scan. For example, an engineer may wish to scan an...
Apk.Sh : Automating Repetitive Tasks Pulling, Decoding, Rebuilding And Patching An APK
.png "Apk.Sh : Automating Repetitive Tasks Pulling, Decoding, Rebuilding And Patching An APK")
Apk.sh makes reverse engineering Android apps easier, automating some repetitive tasks like pulling, decoding, rebuilding and patching an APK. apk.sh is a Bash script that makes reverse engineering Android apps easier, automating some repetitive tasks like pulling, decoding, rebuilding and patching an APK. Features apk.sh basically uses apktool to disassemble, decode and rebuild resources and some bash to automate the frida...
Decider : Process Of Mapping Adversary Behaviors To The MITRE ATT&CK Framework
.png "Decider : Process Of Mapping Adversary Behaviors To The MITRE ATT&CK Framework")
Decider is a Web Application That Assists Network Defenders, Analysts, And Researcher In The Process Of Mapping Adversary Behaviors To The MITRE ATT&CK Framework. Notifications Manual installation for Ubuntu & CentOS is much nicer. Scroll down to Manual Install for details! Will be adding information about hardware requirements soon What is it? The Short A web application that assists network defenders, analysts, and researchers in the...
ThunderCloud : Cloud Exploit Framework
.png "ThunderCloud : Cloud Exploit Framework")
ThunderCloud is a Cloud Exploit Framework. Usage python3 tc.py -h _______ _ _ _____ _ ...
Waf-Bypass : Check Your WAF Before An Attacker Does
.png "Waf-Bypass : Check Your WAF Before An Attacker Does")
WAF bypass Tool is an open source tool to analyze the security of any WAF for False Positives and False Negatives using predefined and customizable payloads. Check your WAF before an attacker does. WAF Bypass Tool is developed by Nemesida WAF team with the participation of community. How to run Note: It is forbidden to use for illegal and illegal purposes....
