Seekr : A Multi-Purpose OSINT Toolkit With A Neat Web-Interface
.png "Seekr : A Multi-Purpose OSINT Toolkit With A Neat Web-Interface")
Seekr is a multi-purpose toolkit for gathering and managing OSINT-data with a sleek web interface. Our desktop view enables you to have all of your favourite OSINT tools integrated in one. The backend is written in Go with BadgerDB as database and it offers a wide range of features for data collection, organization, and analysis. Whether you're a researcher,...
Grepmarx : A Source Code Static Analysis Platform For AppSec Enthusiasts
.png "Grepmarx : A Source Code Static Analysis Platform For AppSec Enthusiasts")
Grepmarx is a web application providing a single platform to quickly understand, analyze and identify vulnerabilities in possibly large and unknown code bases. Features SAST (Static Analysis Security Testing) capabilities: Multiple languages support: C/C++, C#, Go, HTML, Java, Kotlin, JavaScript, TypeScript, OCaml, PHP, Python, Ruby, Bash, Rust, Scala, Solidity, Terraform, Swift Multiple frameworks support: Spring, Laravel, Symfony, Django, Flask, Node.js, jQuery, Express, Angular... 1600+...
Power of Ecommerce Fraud Prevention Tools
In today's digital age, online businesses are becoming increasingly vulnerable to fraud. With the rise of e-commerce, cybercriminals have found new ways to exploit vulnerabilities in payment systems and steal sensitive information from unsuspecting customers. As an online business owner, it is your responsibility to protect your customers' data and prevent fraudulent activities on your platform. This is where e-commerce...
Shoggoth – Asmjit Based Polymorphic Encryptor
.png "Shoggoth – Asmjit Based Polymorphic Encryptor")
Shoggoth is an open-source project based on C++ and asmjit library used to encrypt given shellcode, PE, and COFF files polymorphically. Shoggoth will generate an output file that stores the payload and its corresponding loader in an obfuscated form. Since the content of the output is position-independent, it can be executed directly as a shellcode. While the payload is executing,...
CMLoot : Find Interesting Files Stored On (System Center) Configuration Manager (SCCM/CM) SMB Shares
.png "CMLoot : Find Interesting Files Stored On (System Center) Configuration Manager (SCCM/CM) SMB Shares")
CMLoot was created to easily find interesting files stored on System Center Configuration Manager (SCCM/CM) SMB shares. The shares are used for distributing software to Windows clients in Windows enterprise environments and can contains scripts/configuration files with passwords, certificates (pfx), etc. Most SCCM deployments are configured to allow all users to read the files on the shares, sometimes it...
RedditC2 : Abusing Reddit API To Host The C2 Traffic
RedditC2 is an abusing Reddit API To Host The C2 Traffic, Since Most Of The Blue-Team Members Use Reddit, It Might Be A Great Way To Make The Traffic Look Legit : Use of this project is for Educational/ Testing purposes only. Using it on unauthorised machines is strictly forbidden. If somebody is found to use it for illegal/ malicious...
Noseyparker : Find Secrets And Sensitive Information In Textual Data And Git History
.png "Noseyparker : Find Secrets And Sensitive Information In Textual Data And Git History")
Nosey Parker is a command-line tool that finds secrets and sensitive information in textual data. It is useful both for offensive and defensive security testing. Key features: It supports scanning files, directories, and the entire history of Git repositories It uses regular expression matching with a set of 95 patterns chosen for high signal-to-noise based on experience and feedback from offensive security...
MSI Dump : A Tool That Analyzes Malicious MSI Installation
.png "MSI Dump : A Tool That Analyzes Malicious MSI Installation")
MSI Dump is a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner. On Macro-enabled Office documents we can quickly use oletools mraptor to determine whether document is malicious. If we want to dissect it further, we could bring in oletools olevba or oledump. To dissect malicious MSI files, so far we had only...
How to Use Social Engineering Toolkit(SET) – A Complete Guide
The Social Engineering Toolkit (SET) is a Kali Linux operating system software program. SET is a powerful tool for conducting various social engineering attacks, including phishing, spear-phishing, and other social engineering attacks. Multiple attack vectors: SET provides a variety of attack vectors, including email, SMS, USB, and more. Easy customization: SET makes it easy to customize the attack payloads to suit...
Fingerprintx : Standalone Utility For Service Discovery On Open Ports!
.png "Fingerprintx : Standalone Utility For Service Discovery On Open Ports!")
Fingerprintx is a standalone Utility For Service Discovery On Open Ports! fingerprintx is a utility similar to httpx that also supports fingerprinting services like as RDP, SSH, MySQL, PostgreSQL, Kafka, etc. fingerprintx can be used alongside port scanners like Naabu to fingerprint a set of ports identified during a port scan. For example, an engineer may wish to scan an...
