Pax : CLI Tool For PKCS7 Padding Oracle Attacks
Pax, Exploit padding oracles for fun and profit! Pax (PAdding oracle eXploiter) is a tool for exploiting padding oracles in order to: Obtain plaintext for a given piece of CBC encrypted data.Obtain encrypted bytes for a given piece of plaintext, using the unknown encryption algorithm used by the oracle. This can be used to disclose encrypted session information, and often to bypass...
SCodeScanner : Stands For Source Code Scanner Where The User Can Scans The Source Code For Finding The Critical Vulnerabilities
SCodeScanner stands for Source Code scanner where the user can scans the source code for finding the Critical Vulnerabilities. The main objective for this scanner is to find the vulnerabilities inside the source code before code gets published in Prod. Features Supported PHP LanguageSupported YAML LanguagePass results to bug tracking services like Jira also Slack (Sending files to group to multiple people at once).Gives results...
evilgophish : Combination Of Evilginx2 And GoPhish
evilgophish is a combination Of Evilginx2 And GoPhish As a penetration tester or red teamer, you may have heard of evilginx2 as a proxy man-in-the-middle framework capable of bypassing two-factor/multi-factor authentication. This is enticing to us to say the least, but when trying to use it for social engineering engagements, there are some issues off the bat. I will highlight the two main...
xmap : Performing Internet-wide IPv6 & IPv4 Network Research Scanning
xmap a tool for Performing Internet-wide IPv6 & IPv4 Network Research Scanning Installing and Building XMap Installing via Package Manager XMap operates on GNU/Linux, macOS, and BSD. Installing with the most OS package managers is not integrated yet. OSFedora 19+ or EPEL 6+-Debian 8+ or Ubuntu 14.04+-Gentoo-macOS (using Homebrew)-Arch Linux- Building from Source Installing XMap Dependencies XMap has the following dependencies: CMake - Cross-platform, open-source build systemGMP - Free library for...
gokart : Static Analysis Tool For Securing Go code
GoKart is a static analysis tool for Go that finds vulnerabilities using the SSA (single static assignment) form of Go source code. It is capable of tracing the source of variables and function arguments to determine whether input sources are safe, which reduces the number of false positives compared to other Go security scanners. For instance, a SQL query...
EyeWitness : Take Screenshots Of Websites
EyeWitness is designed to take screenshots of websites provide some server header info, and identify default credentials if known. EyeWitness is designed to run on Kali Linux. It will auto detect the file you give it with the -f flag as either being a text file with URLs on each new line, nmap xml output, or nessus xml output. The...
RDPHijack : Uses WinStationConnect API to Perform local/Remote RDP session hijacking
Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking. With a valid access token / kerberos ticket (e.g., golden ticket) of the session owner, you will be able to hijack the session remotely without dropping any beacon/tool on the target server. To enumerate sessions locally/remotely, you could use Quser-BOF. Usage Usage: bof-rdphijack Command...
Cyber Security And Mental Health
It is no secret that the internet can be a dark and dangerous place. Whether you’re just spending some leisure time on social media or gambling online, it is important to be vigilant. Every day we read stories in the news about cyber attacks and cyber bullying. These stories usually involve young people who have been the victim of...
NimGetSyscallStub : Get Fresh Syscalls From A Fresh Ntdll.Dll Copy
NimGetSyscallStub, Get fresh Syscalls from a fresh ntdll.dll copy. This code can be used as an alternative to the already published awesome tools NimlineWhispers and NimlineWhispers2 by @ajpc500 or ParallelNimcalls. The advantage of grabbing Syscalls dynamically is, that the signature of the Stubs is not included in the file and you don't have to worry about changing Windows versions. To compile the shellcode execution template run the following: nim...
OSRipper : AV Evading OSX Backdoor And Crypter Framework
OSripper is a fully undetectable Backdoor generator and Crypter which specialises in OSX M1 malware. It will also work on windows but for now there is no support for it and it IS NOT FUD for windows (yet at least) and for now i will not focus on windows. You can also PM me on discord for support or to...