Cirrusgo : A Fast Tool To Scan SAAS, PAAS App Written In Go
.png "Cirrusgo : A Fast Tool To Scan SAAS, PAAS App Written In Go")
Cirrusgo is a fast tool to scan SAAS,PAAS App written in Go SAAS App Support : salesforcecontentful (next version) Note flag -o output not working install : golang 1.18Ver go install -v github.com/Ph33rr/cirrusgo/cmd/cirrusgo@latestorgo install -v github.com/Ph33rr/CirrusGo/cmd/cirrusgo@latest Help cirrusgo --help _ _ / /() _ _ / // / / // // // / / // // / / _ / / / // / / / / //...
Kage : Graphical User Interface For Metasploit Meterpreter And Session Handler
.png "Kage : Graphical User Interface For Metasploit Meterpreter And Session Handler"){kind=logo}
Kage (ka-geh) is a tool inspired by AhMyth designed for Metasploit RPC Server to interact with meterpreter sessions and generate payloads.For now it only supports windows/meterpreter & android/meterpreter. Getting Started Please follow these instructions to get a copy of Kage running on your local machine without any problems. Prerequisites Metasploit-framework must be installed and in your PATH:MsfrpcdMsfvenomMsfdb Installing You can install Kage binaries from here. for developers to run the app from source code: Download source...
SaaS security: Achieving a clean IAM System Audit
Identity and access management (IAM) is a set of regulations, which make it easier to oversee electronic or digital identities. It is essentially the basis of Cloud Identity Governance for SaaS and IaaS environments To ensure that these online identities are effectively managed, modern automated Cloud Identity Governance solutions exist as part of Cloud Infrastructure Entitlements Management solutions. These solutions monitor IAM identities...
PR-DNSd : Passive-Recursive DNS Daemon
PR-DNSd is a Passive-Recursive DNS daemon. Quickstart go get github.com/korc/PR-DNSdsudo setcap cap_net_bind_service,cap_sys_chroot=ep go/bin/PR-DNSdgo/bin/PR-DNSd -upstream 9.9.9.9:53 -listen 127.0.0.1:53echo nameserver 127.0.0.1 | sudo tee /etc/resolv.confdig google.comdig -x $(dig +short google.com) Use cases run as local host DNS service, to fix your netstat/tcpview/lsof etc. outputas enterprise-internal DNS server, to also be able to do meaningful EDR/IR and log analysisas cloud service, to also collect Passive DNS data from...
SilentHound : Quietly Enumerate An Active Directory Domain Via LDAP Parsing Users, Admins, Groups, Etc.
.png "SilentHound : Quietly Enumerate An Active Directory Domain Via LDAP Parsing Users, Admins, Groups, Etc.")
SilentHound Quietly enumerate an Active Directory Domain via LDAP parsing users, admins, groups, etc. Created by Nick Swink from Layer 8 Security. Installation Using pipenv (recommended method) sudo python3 -m pip install --user pipenvgit clone https://github.com/layer8secure/SilentHound.gitcd silenthoundpipenv install From requirements.txt (legacy) This method is not recommended because python-ldap can cause many dependency errors. Install dependencies with pip: python3 -m pip install -r requirements.txtpython3 silenthound.py -h Usage $ pipenv run python silenthound.py -husage:...
5 Reasons Why You Should Choose a Career in Cybersecurity
While technology introduces many solutions for online data transfer and management, it also gives rise to risks associated with data security, which is why the ratio of cyber attacks is increasing day by day. To combat this issue, the IT world needs more cyber security experts able to prevent and deal with such malicious practices efficiently. Numerous educational platforms...
Maldev-For-Dummies : A Workshop About Malware Development
Maldev-For-Dummies is a Workshop About Malware Development. With antivirus (AV) and Enterprise Detection and Response (EDR) tooling becoming more mature by the minute, the red team is being forced to stay ahead of the curve. Gone are the times of execute-assembly and dropping unmodified payloads on disk - if you want your engagements to last longer than a week you will have...
TerraformGoat : “Vulnerable By Design” Multi Cloud Deployment Tool
TerraformGoat is selefra research lab's "Vulnerable by Design" multi cloud deployment tool. Currently supported cloud vendors include Alibaba Cloud, Tencent Cloud, Huawei Cloud, Amazon Web Services, Google Cloud Platform, Microsoft Azure. Scenarios IDCloud Service CompanyTypes Of Cloud ServicesVulnerable Environment1Alibaba CloudNetworkingVPC Security Group Open All Ports2Alibaba CloudNetworkingVPC Security Group Open Common Ports3Alibaba CloudObject StorageBucket HTTP Enable4Alibaba CloudObject StorageObject ACL Writable5Alibaba CloudObject StorageObject ACL...
Pretender : Your MitM Sidekick For Relaying Attacks Featuring DHCPv6 DNS Takeover As Well As mDNS
pretender is a tool developed by RedTeam Pentesting to obtain machine-in-the-middle positions via spoofed local name resolution and DHCPv6 DNS takeover attacks. pretender primarily targets Windows hosts, as it is intended to be used for relaying attacks but can be deployed on Linux, Windows and all other platforms Go supports. Name resolution queries can be answered with arbitrary IPs for situations where...
Doenerium : Fully Undetected Grabber (Grabs Wallets, Passwords, Cookies, Modifies Discord Client Etc.)
.png "Doenerium : Fully Undetected Grabber (Grabs Wallets, Passwords, Cookies, Modifies Discord Client Etc.)")
Doenerium is a Fully Undetected Grabber (Grabs Wallets, Passwords, Cookies, Modifies Discord Client Etc.) Features Stealer Discord Token Discord Info - Username, Phone number, Email, Billing, Nitro Status & Backup Codes Discord Friends with rare badges Grabs crypto wallets - Zcash Armory Bytecoin Jaxx Exodus Ethereum Electrum AtomicWallet Guarda Coinomi Browser (Chrome, Opera, Firefox, OperaGX, Edge, Brave, Yandex) - Passwords, Cookies, Autofill & History (Searches for specific keywords such as PayPal, Coinbase etc. in them) Screenshot(s) Injects itself...
