TestSSL.SH : Testing TLS/SSL Encryption Anywhere On Any Port
.png "TestSSL.SH : Testing TLS/SSL Encryption Anywhere On Any Port")
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws. Key features Clear output: you can tell easily whether anything is good or bad.Machine readable output (CSV, two JSON formats)No need to install or to configure something. No gems, CPAN, pip or the like.Works...
Lunar : UNIX Security Auditing Tool
.png "Lunar : UNIX Security Auditing Tool")
lunar, Lockdown UNix Auditing and Reporting Version Current version 8.0.5 Refer to lunar.sh and changelog for more up to date version information Introduction This scripts generates a scored audit report of a Unix host's security. It is based on the CIS and other frameworks. Where possible there are references to the CIS and other benchmarks in the code documentation. Why a shell script? I wanted...
Psudohash : Password List Generator That Focuses On Keywords Mutated By Commonly Used Password Creation Patterns
.png "Psudohash : Password List Generator That Focuses On Keywords Mutated By Commonly Used Password Creation Patterns")
psudohash is a password list generator for orchestrating brute force attacks. It imitates certain password creation patterns commonly used by humans, like substituting a word's letters with symbols or numbers, using char-case variations, adding a common padding before or after the word and more. It is keyword-based and highly customizable. Pentesting Corporate Environments System administrators and other employees often use a...
How Does A VPN Work, Is It Safe?
Cybercrime has been on the rise alongside technological developments. There is a constant threat to your privacy since hackers are always developing more sophisticated methods of accessing sensitive information. Virtual private networks (VPNs) are frequently suggested as a means to protect your online privacy, but scepticism persists. Is it safe to use a VPN? The answer is typically true if...
The rise of online poker
As one of the most popular traditional casino games of all time, poker gaming has been around for decades and is loved by people across the globe. With the latest technological developments, poker is now available to more people than ever thanks to advanced wifi connections and new technologies that have made poker an incredibly interactive online game that...
pyFlipper : Unoffical Flipper Zero Cli Wrapper Written In Python
pyFlipper, is a Unoffical Flipper Zero cli wrapper written in Python. Functions and characteristics Flipper serial CLI wrapper Websocket client interface Setup instructions $ git clone https://github.com/wh00hw/pyFlipper.git$ cd pyFlipper$ python3 -m venv venv$ source venv/bin/activate$ pip install -r requirements.txt Tested on Python 3.8.10 on Linux 5.4.0 x86_64 Python 3.9.10 on Windows 10 Python 3.10.5 on Android 12 (Termux + OTGSerial2WebSocket NO ROOT REQUIRED) Usage/Examples Connection from pyflipper import PyFlipperLocal serial portflipper = PyFlipper(com="/dev/ttyACM0")ORRemote...
bloodyAD : Active Directory Privilege Escalation Framework
.png "bloodyAD : Active Directory Privilege Escalation Framework")
bloodyAD.py is an Active Directory privilege escalation swiss army knife Description This tool can perform specific LDAP/SAMR calls to a domain controller in order to perform AD privesc. bloodyAD supports authentication using cleartext passwords, pass-the-hash, pass-the-ticket or certificates and binds to LDAP services of a domain controller to perform AD privesc. It is designed to be used transparently with a SOCKS proxy. Installation First if you run...
Slicer : Automate The Boring Process Of APK Recon
Slicer accepts a path to an extracted APK file and then returns all the activities, receivers, and services which are exported and have null permissions and can be externally provoked. Note: The APK has to be extracted via jadx or apktool. Features Check if the APK has set the android:allowbackup to trueCheck if the APK has set the android:debuggable to true.Return all the activities, services and broadcast receivers which are exported and have...
SharpNamedPipePTH : Pass The Hash To A Named Pipe For Token Impersonation
SharpNamedPipePTH is a C# tool to use Pass-the-Hash for authentication on a local Named Pipe for user Impersonation. You need a local administrator or SEImpersonate rights to use this. There is a blog post for explanation: https://s3cur3th1ssh1t.github.io/Named-Pipe-PTH/ It is heavily based on the code from the project Sharp-SMBExec. I faced certain Offensive Security project situations in the past, where I already had the...
PSAsyncShell : PowerShell Asynchronous TCP Reverse Shell
.png "PSAsyncShell : PowerShell Asynchronous TCP Reverse Shell")
PSAsyncShell is an Asynchronous TCP Reverse Shell written in pure PowerShell. Unlike other reverse shells, all the communication and execution flow is done asynchronously, allowing to bypass some firewalls and some countermeasures against this kind of remote connections. Additionally, this tool features command history, screen wiping, file uploading and downloading, information splitting through chunks and reverse Base64 URL encoded traffic. Requirements PowerShell 4.0 or...
