Dismember : Scan Memory For Secrets And More
Dismember is a command-line toolkit for Linux that can be used to scan the memory of all processes (or particular ones) for common secrets and custom regular expressions, among other things. It will eventually become a full /proc toolkit. Using the grep command, it can match a regular expression across all memory for all (accessible) processes. This could be used to...
4 Tips and Tricks for Phone Numbers and SMS Using Kali Linux
Kali Linux is a tool that’s well suited to pen testing, and this extends beyond the usual arena of IT security research and ethical hacking. Making use of this distro to tinker with phone numbers and text messages is an excellent example of this, and can be useful for businesses that want to protect themselves from malicious third parties that...
SCMKit : Source Code Management Attack Toolkit
Source Code Management Attack Toolkit - SCMKit is a toolkit that can be used to attack SCM systems. SCMKit allows the user to specify the SCM system and attack module to use, along with specifying valid credentials (username/password or API key) to the respective SCM system. Currently, the SCM systems that SCMKit supports are GitHub Enterprise, GitLab Enterprise and...
Unblob : Extract Files From Any Kind Of Container Formats
Unblob is an accurate, fast, and easy-to-use extraction suite. It parses unknown binary blobs for more than 30 different archive, compression, and file-system formats, extracts their content recursively, and carves out unknown chunks that have not been accounted for. Unblob is free to use, licensed with the MIT license. It has a Command Line Interface and can be used as...
AutoSSRF : Smart Context-Based SSRF Vulnerabiltiy Scanner
AutoSSRF is your best ally for identifying SSRF vulnerabilities at scale. Different from other ssrf automation tools, this one comes with the two following original features : Smart fuzzing on relevant SSRF GET parameters When fuzzing, autoSSRF only focuses on the common parameters related to SSRF (?url=, ?uri=, ..) and doesn’t interfere with everything else. This ensures that the original...
Evilgophish : Evilginx2 + Gophish
Combination of evilginx2 and GoPhish. Prerequisites You should have a fundamental understanding of how to use GoPhish, evilginx2, and Apache2. Disclaimer I shall not be responsible or liable for any misuse or illegitimate use of this software. This software is only to be used in authorized penetration testing or red team engagements where the operator(s) has(ve) been given explicit written permission to carry...
Collect-MemoryDump : Automated Creation Of Windows Memory Snapshots For DFIR
Collect-MemoryDump is automated Creation of Windows Memory Snapshots for DFIR. Collect-MemoryDump.ps1 is PowerShell script utilized to collect a Memory Snapshot from a live Windows system (in a forensically sound manner). Features Checks for Hostname and Physical Memory Size before starting memory acquisition Checks if you have enough free disk space to save memory dump file Collects a Raw Physical Memory Dump w/ DumpIt,...
RDPHijack-BOF : Perform Local/Remote RDP Session Hijacking
Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking. With a valid access token / kerberos ticket (e.g., golden ticket) of the session owner, you will be able to hijack the session remotely without dropping any beacon/tool on the target server. To enumerate sessions locally/remotely, you could use Quser-BOF. Screenshot Usage Usage: bof-rdphijack ...
TeamFiltration : Cross-Platform Framework For Enumerating, Spraying, Exfiltrating, And Backdooring O365 AAD Accounts
TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts. See the TeamFiltration wiki page for an introduction into how TeamFiltration works and the Quick Start Guide for how to get up and running! This tool has been used internally since January 2021 and was publicly released in my talk "Taking a Dumb In The Cloud"...
Prefetch-Hash-Cracker : A Small Util To Brute-Force Prefetch Hashes
During the forensic analysis of a Windows machine, you may find the name of a deleted prefetch(Prefetch-Hash-Cracker) file. While its content may not be recoverable, the filename itself is often enough to find the full path of the executable for which the prefetch file was created. Using the tool The following fields must be provided: Executable nameIncluding the extension. It will be...
