Verdict-as-a-Service : Analyze files for malicious content
Verdict-as-a-Service (VaaS) is a service that provides a platform for scanning files for malware and other threats. It allows easy integration in your application. With a few lines of code, you can start scanning files for malware. ATTENTION: All SDKs are currently prototypes and under heavy construction! Integration of Malware Detection Easily integrate malware detection into any kind of application, service or platform. Create a command...
FISSURE : Frequency Independent SDR-based Signal Understanding and Reverse Engineering
FISSURE is an open-source RF and reverse engineering framework designed for all skill levels with hooks for signal detection and classification, protocol discovery, attack execution, IQ manipulation, vulnerability analysis, automation, and AI/ML. The framework was built to promote the rapid integration of software modules, radios, protocols, signal data, scripts, flow graphs, reference material, and third-party tools. FISSURE is a...
Crosslinked : LinkedIn Enumeration Tool
CrossLinked is a LinkedIn enumeration tool that uses search engine scraping to collect valid employee names from an organization. This technique provides accurate results without the use of API keys, credentials, or accessing LinkedIn directly! Install Install the last stable release from PyPi: pip3 install crosslinked Or, install the most recent code from GitHub: git clone https://github.com/m8sec/crosslinkedcd crosslinkedpython3 setup install Prerequisite CrossLinked assumes the organization's account...
Exegol : Fully Featured And Community-Driven Hacking Environment
Exegol is a community-driven hacking environment, powerful and yet simple enough to be used by anyone in day to day engagements. Script kiddies use Kali Linux, real pentesters use Exegol, megachads maintain it. Wrapper & images Exegol is two things in one. Try it, and you'll stop using your old, unstable and risky environment, no more Kali Linux as host or...
DeathSleep : A PoC Implementation For An Evasion Technique To Terminate The Current Thread And Restore
DeathSleep, a PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementing page protection changes during no execution. Intro Sleep and obfuscation methods are well known in the maldev community, with different implementations, they have the objective of hiding from memory scanners while sleeping, usually changing page protections and even adding cool...
SecureCodeBox : Automate A Bunch Of Security-Testing Tools Out Of The Box
secureCodeBox is a kubernetes based, modularized toolchain for continuous security scans of your software project. Its goal is to orchestrate and easily automate a bunch of security-testing tools out of the box. Purpose of this Project The typical way to ensure application security is to hire a security specialist (aka penetration tester) at some point in your project to check the application...
DongTai : Open-Source Passive Interactive Security Testing (IAST) Product
DongTai IAST is an open-source passive interactive security testing (IAST) product. It uses dynamic hooks and taint tracking algorithms to achieve universal vulnerability detection and multiples request associated with vulnerability detection (including but not limited to unauthorized vulnerabilities, overpower vulnerabilities), Third-party component vulnerability detection, etc. Currently, applications in Java and Python are supported for vulnerability detection. Project structure .├── deploy├── dongtai_common common functions and classes for...
Kubeeye : Audit Tool For Kubernetes
KubeEye is an inspection tool for Kubernetes to discover Kubernetes resources (by OPA ), cluster components, cluster nodes (by Node-Problem-Detector) and other configurations are meeting with best practices, and giving suggestions for modification. KubeEye supports custom inspection rules and plugins installation. Through KubeEye Operator, you can view the inspection results and modification suggestions by the graphical display on the web page. Architecture KubeEye get cluster resource...
XLL_Phishing : XLL Phishing Tradecraft
XLL_Phishing, With Microsoft's recent announcement regarding the blocking of macros in documents originating from the internet (email AND web download), attackers have began aggressively exploring other options to achieve user driven access (UDA). There are several considerations to be weighed and balanced when looking for a viable phishing for access method: Complexity - The more steps that are required on the user's...
unblob : Extract files from any kind of container formats
unblob is an accurate, fast, and easy-to-use extraction suite. It parses unknown binary blobs for more than 30 different archive, compression, and file-system formats, extracts their content recursively, and carves out unknown chunks that have not been accounted for. Unblob is free to use, licensed with the MIT license. It has a Command Line Interface and can be used as a Python library.This turns unblob into the perfect companion for extracting, analyzing, and reverse...