ODAT : Oracle Database Attacking Tool
ODAT (Oracle Database Attacking Tool) is an open source penetration testing tool that tests the security of Oracle Databases remotely. Usage examples of ODAT: You have an Oracle database listening remotely and want to find valid SIDs and credentials in order to connect to the database You have a valid Oracle account on a database and want to escalate your privileges to...
Slicer : Tool To Automate The Boring Process Of APK Recon
Slicer is a tool to automate the recon process on an APK file. Slicer accepts a path to an extracted APK file and then returns all the activities, receivers, and services which are exported and have null permissions and can be externally provoked. Note: The APK has to be extracted via jadx or apktool. Summary Why? I started bug bounty like 3 weeks...
Nuvola : Tool To Dump & Perform Automatic And Manual Security Analysis On AWS
.png "Nuvola : Tool To Dump & Perform Automatic And Manual Security Analysis On AWS"){kind=logo}
nuvola (with the lowercase n) is a tool to dump and perform automatic and manual security analysis on AWS environments configurations and services using predefined, extensible and custom rules created using a simple Yaml syntax. The general idea behind this project is to create an abstracted digital twin of a cloud platform. For a more concrete example: nuvola reflects the...
Dismember : Scan Memory For Secrets And More
Dismember is a command-line toolkit for Linux that can be used to scan the memory of all processes (or particular ones) for common secrets and custom regular expressions, among other things. It will eventually become a full /proc toolkit. Using the grep command, it can match a regular expression across all memory for all (accessible) processes. This could be used to...
4 Tips and Tricks for Phone Numbers and SMS Using Kali Linux
Kali Linux is a tool that’s well suited to pen testing, and this extends beyond the usual arena of IT security research and ethical hacking. Making use of this distro to tinker with phone numbers and text messages is an excellent example of this, and can be useful for businesses that want to protect themselves from malicious third parties that...
SCMKit : Source Code Management Attack Toolkit
Source Code Management Attack Toolkit - SCMKit is a toolkit that can be used to attack SCM systems. SCMKit allows the user to specify the SCM system and attack module to use, along with specifying valid credentials (username/password or API key) to the respective SCM system. Currently, the SCM systems that SCMKit supports are GitHub Enterprise, GitLab Enterprise and...
Unblob : Extract Files From Any Kind Of Container Formats
Unblob is an accurate, fast, and easy-to-use extraction suite. It parses unknown binary blobs for more than 30 different archive, compression, and file-system formats, extracts their content recursively, and carves out unknown chunks that have not been accounted for. Unblob is free to use, licensed with the MIT license. It has a Command Line Interface and can be used as...
AutoSSRF : Smart Context-Based SSRF Vulnerabiltiy Scanner
AutoSSRF is your best ally for identifying SSRF vulnerabilities at scale. Different from other ssrf automation tools, this one comes with the two following original features : Smart fuzzing on relevant SSRF GET parameters When fuzzing, autoSSRF only focuses on the common parameters related to SSRF (?url=, ?uri=, ..) and doesn’t interfere with everything else. This ensures that the original...
Evilgophish : Evilginx2 + Gophish
Combination of evilginx2 and GoPhish. Prerequisites You should have a fundamental understanding of how to use GoPhish, evilginx2, and Apache2. Disclaimer I shall not be responsible or liable for any misuse or illegitimate use of this software. This software is only to be used in authorized penetration testing or red team engagements where the operator(s) has(ve) been given explicit written permission to carry...
Collect-MemoryDump : Automated Creation Of Windows Memory Snapshots For DFIR
Collect-MemoryDump is automated Creation of Windows Memory Snapshots for DFIR. Collect-MemoryDump.ps1 is PowerShell script utilized to collect a Memory Snapshot from a live Windows system (in a forensically sound manner). Features Checks for Hostname and Physical Memory Size before starting memory acquisition Checks if you have enough free disk space to save memory dump file Collects a Raw Physical Memory Dump w/ DumpIt,...
.webp "Toutatis – The Ultimate Tool For Extracting Data From Instagram Profiles")
