Nim-RunPE : A Nim Implementation Of Reflective PE-Loading From Memory
.png "Nim-RunPE : A Nim Implementation Of Reflective PE-Loading From Memory")
Nim-RunPE , is a Nim implementation of reflective PE-Loading from memory. The base for this code was taken from RunPE-In-Memory - which I ported to Nim. You'll need to install the following dependencies: nimble install ptr_math winim I did test this with Nim Version 1.6.2 only, so use that version for testing or I cannot guarantee no errors when using another version. Compile If you want...
GraphCrawler : GraphQL Automated Security Testing Toolkit
.png "GraphCrawler : GraphQL Automated Security Testing Toolkit")
Graph Crawler is the most powerful automated testing toolkit for any GraphQL endpoint. Version 1.2 is out NEW: Can search for endpoints for you using Escape Technology's powerful Graphinder tool. Just point it towards a domain and add the '-e' option and Graphinder will do subdomain enumeration + search popular directories for GraphQL endpoints. After all this GraphCrawler will take over and work...
Gohide : Tunnel Port To Port Traffic Over An Obfuscated Channel With AES-GCM Encryption
.png "Gohide : Tunnel Port To Port Traffic Over An Obfuscated Channel With AES-GCM Encryption")
Gohide, Tunnel port to port traffic via an obfuscated channel with AES-GCM encryption. Obfuscation Modes Session Cookie HTTP GET (http-client)Set-Cookie Session Cookie HTTP/2 200 OK (http-server)WebSocket Handshake "Sec-WebSocket-Key" (websocket-client)WebSocket Handshake "Sec-WebSocket-Accept" (websocket-server)No obfuscation, just use AES-GCM encrypted messages (none) AES-GCM is enabled by default for each of the options above. Usage root@WOPR-KALI:/opt/gohide-dev# ./gohide -hUsage of ./gohide:-f stringlisten fake server -r x.x.x.x:xxxx (ip/domain:port) (default "0.0.0.0:8081")-key...
ForceAdmin : Create Infinite UAC Prompts Forcing A User To Run As Admin
.png "ForceAdmin : Create Infinite UAC Prompts Forcing A User To Run As Admin")
ForceAdmin is a c# payload builder, creating infinate UAC pop-ups until the user allows the program to be ran. The inputted commands are ran via powershell calling cmd.exe and should be using the batch syntax. Why use? Well some users have UAC set to always show, so UAC bypass techniques are not possible. However - this attack will force...
Coercer : A Python Script To Automatically Coerce A Windows Server To Authenticate On An Arbitrary Machine
.png "Coercer : A Python Script To Automatically Coerce A Windows Server To Authenticate On An Arbitrary Machine")
Coercer is a python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 9 methods. Features Automatically detects open SMB pipes on the remote machine. Calls one by one all the vulnerable RPC functions to coerce the server to authenticate on an arbitrary machine. Analyze mode with --analyze, which only lists the vulnerable protocols and functions listening, without performing...
noPac : Exploiting CVE-2021-42278 And CVE-2021-42287 To Impersonate DA From Standard Domain User
.png "noPac : Exploiting CVE-2021-42278 And CVE-2021-42287 To Impersonate DA From Standard Domain User")
noPac, Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user. Usage SAM THE ADMIN CVE-2021-42278 + CVE-2021-42287 chainpositional arguments:usernameAccount used to authenticate to DC.optional arguments:-h, --help show this help message and exit--impersonate IMPERSONATEtarget username that will be impersonated (thru S4U2Self) for quering the ST. Keep in mind this will only work if the identity provided in this scripts is...
Aura : Python Source Code Auditing And Static Analysis On A Large Scale
Aura is a static analysis framework developed as a response to the ever-increasing threat of malicious packages and vulnerable code published on PyPI. Project goals: provide an automated monitoring system over uploaded packages to PyPI, alert on anomalies that can either indicate an ongoing attack or vulnerabilities in the codeenable an organization to conduct automated security audits of the source code...
BeatRev : POC For Frustrating/Defeating Malware Analysts
.png "BeatRev : POC For Frustrating/Defeating Malware Analysts")
BeatRev is a POC For Frustrating/Defeating Malware Analysts. The first time the malware runs on a victim it AES encrypts the actual payload(an RDLL) using environmental data from that victim. Each subsequent time the malware is ran it gathers that same environmental info, AES decrypts the payload stored as a byte array within the malware, and runs it. If...
ApacheTomcatScanner : A Python Script To Scan For Apache Tomcat Server Vulnerabilities
.png "ApacheTomcatScanner : A Python Script To Scan For Apache Tomcat Server Vulnerabilities")
ApacheTomcatScanner is a python script to scan for Apache Tomcat server vulnerabilities. Features Multithreaded workers to search for Apache tomcat servers. Multiple target source possible: Retrieving list of computers from a Windows domain through an LDAP query to use them as a list of targets. Reading targets line by line from a file. Reading individual targets (IP/DNS/CIDR) from -tt/--target option. Custom list of ports to test. Tests for /manager/html access and...
Aced : Tool to parse and resolve a single targeted Active Directory principal’s DACL
Aced is a tool to parse and resolve a single targeted Active Directory principal's DACL. Aced will identify interesting inbound access allowed privileges against the targeted account, resolve the SIDS of the inbound permissions, and present that data to the operator. Additionally, the logging features of pyldapsearch have been integrated with Aced to log the targeted principal's LDAP attributes locally which...
