kics : Find security vulnerabilities, compliance issues, and infrastructure misconfigurations
.png "kics : Find security vulnerabilities, compliance issues, and infrastructure misconfigurations")
KICS, which stands for Keeping Infrastructure as Code Secure, is an essential component of every cloud-native project and is open source. Use KICS by Checkmarx to identify security flaws, legal compliance problems, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code. How it Works KICS's built-in extensibility is what makes it so strong and well-liked. Achieving this extensibility entails: Queries...
SharpImpersonation : A User Impersonation Tool – Via Token Or Shellcode Injection
.png "SharpImpersonation : A User Impersonation Tool – Via Token Or Shellcode Injection")
SharpImpersonation is a User Impersonation Tool - Via Token Or Shellcode Injection. This was a learning by doing project from my side. Well known techniques are used to built just another impersonation tool with some improvements in comparison to other public tools. The code base was taken from: https://github.com/0xbadjuju/Tokenvator A blog post for the intruduction can be found here: https://s3cur3th1ssh1t.github.io/SharpImpersonation-Introduction/ List user processes List only elevated...
SDomDiscover : A Easy-To-Use Python Tool To Perform DNS Recon
.png "SDomDiscover : A Easy-To-Use Python Tool To Perform DNS Recon")
SDomDiscover a easy-to-use python tool to perform dns recon, subdomain enumeration and much more The purpouse of this tool is helping bug haunters and pentesters during reconnaissance If you want to know more about the tool you can read my own post in my blog (written in spanish) Installation It can be used in any system with python3 You can easily install AORT using pip: pip3 install...
Pinecone : A WLAN Red Team Framework
.png "Pinecone : A WLAN Red Team Framework"){kind=logo}
Pinecone is a WLAN networks auditing tool, suitable for red team usage. It is extensible via modules, and it is designed to be run in Debian-based operating systems. Pinecone is specially oriented to be used with a Raspberry Pi, as a portable wireless auditing box. This tool is designed for educational and research purposes only. Only use it with explicit...
Nim-RunPE : A Nim Implementation Of Reflective PE-Loading From Memory
.png "Nim-RunPE : A Nim Implementation Of Reflective PE-Loading From Memory")
Nim-RunPE , is a Nim implementation of reflective PE-Loading from memory. The base for this code was taken from RunPE-In-Memory - which I ported to Nim. You'll need to install the following dependencies: nimble install ptr_math winim I did test this with Nim Version 1.6.2 only, so use that version for testing or I cannot guarantee no errors when using another version. Compile If you want...
GraphCrawler : GraphQL Automated Security Testing Toolkit
.png "GraphCrawler : GraphQL Automated Security Testing Toolkit")
Graph Crawler is the most powerful automated testing toolkit for any GraphQL endpoint. Version 1.2 is out NEW: Can search for endpoints for you using Escape Technology's powerful Graphinder tool. Just point it towards a domain and add the '-e' option and Graphinder will do subdomain enumeration + search popular directories for GraphQL endpoints. After all this GraphCrawler will take over and work...
Gohide : Tunnel Port To Port Traffic Over An Obfuscated Channel With AES-GCM Encryption
.png "Gohide : Tunnel Port To Port Traffic Over An Obfuscated Channel With AES-GCM Encryption")
Gohide, Tunnel port to port traffic via an obfuscated channel with AES-GCM encryption. Obfuscation Modes Session Cookie HTTP GET (http-client)Set-Cookie Session Cookie HTTP/2 200 OK (http-server)WebSocket Handshake "Sec-WebSocket-Key" (websocket-client)WebSocket Handshake "Sec-WebSocket-Accept" (websocket-server)No obfuscation, just use AES-GCM encrypted messages (none) AES-GCM is enabled by default for each of the options above. Usage root@WOPR-KALI:/opt/gohide-dev# ./gohide -hUsage of ./gohide:-f stringlisten fake server -r x.x.x.x:xxxx (ip/domain:port) (default "0.0.0.0:8081")-key...
ForceAdmin : Create Infinite UAC Prompts Forcing A User To Run As Admin
.png "ForceAdmin : Create Infinite UAC Prompts Forcing A User To Run As Admin")
ForceAdmin is a c# payload builder, creating infinate UAC pop-ups until the user allows the program to be ran. The inputted commands are ran via powershell calling cmd.exe and should be using the batch syntax. Why use? Well some users have UAC set to always show, so UAC bypass techniques are not possible. However - this attack will force...
Coercer : A Python Script To Automatically Coerce A Windows Server To Authenticate On An Arbitrary Machine
.png "Coercer : A Python Script To Automatically Coerce A Windows Server To Authenticate On An Arbitrary Machine")
Coercer is a python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 9 methods. Features Automatically detects open SMB pipes on the remote machine. Calls one by one all the vulnerable RPC functions to coerce the server to authenticate on an arbitrary machine. Analyze mode with --analyze, which only lists the vulnerable protocols and functions listening, without performing...
noPac : Exploiting CVE-2021-42278 And CVE-2021-42287 To Impersonate DA From Standard Domain User
.png "noPac : Exploiting CVE-2021-42278 And CVE-2021-42287 To Impersonate DA From Standard Domain User")
noPac, Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user. Usage SAM THE ADMIN CVE-2021-42278 + CVE-2021-42287 chainpositional arguments:usernameAccount used to authenticate to DC.optional arguments:-h, --help show this help message and exit--impersonate IMPERSONATEtarget username that will be impersonated (thru S4U2Self) for quering the ST. Keep in mind this will only work if the identity provided in this scripts is...
