Dora : Find Exposed API Keys Based On RegEx And Get Exploitation Methods
.png "Dora : Find Exposed API Keys Based On RegEx And Get Exploitation Methods")
Dora, a tool to Find Exposed API Keys Based On RegEx And Get Exploitation Methods For Some Of Keys That Are Found Features Blazing fast as we are using ripgrep in backendExploit/PoC steps for many of the API key, allowing to write a good report for bug bounty huntingUnlike many other API key finders, dora also shows the path to the file and the line...
Lupo : Malware IOC Extractor. Debugging Module For Malware Analysis Automation
.png "Lupo : Malware IOC Extractor. Debugging Module For Malware Analysis Automation")
Lupo is a Debugging module for Malware Analysis Automation. Working on security incidents that involve malware, we come across situations on a regular basis where we feel the need to automate parts of the analysis process as complete manual analysis is, more often than not, not possible for every case due to many factors (time, skills, scale etc.). I wrote...
Osinteye : Username Enumeration And Reconnaisance Suite
Osinteye is a tool used for Username enumeration & reconnaisance suite. Supported sites PyPI Github TestPypi About.me Instagram DockerHub Installation Clone project: $ git clone https://github.com/rly0nheart/osinteye.git $ cd osinteye $ pip install -r requirements.txt Usage $ python osinteye Or give osintEye execution permission: $ chmod +x osinteye $ ./osinteye Example 1.1; $ python osinteye --instagram Example 1.2; $ ./osinteye --instagram Optional Arguments FlagUsage--pypiget target's information from pypi--testpypiget target's information from testpypi--aboutget target's information from about.me--instagramget target's...
Rip Raw : Small Tool To Analyse The Memory Of Compromised Linux Systems
Rip Raw is a small tool to analyse the memory of compromised Linux systems. It is similar in purpose to Bulk Extractor, but particularly focused on extracting system Logs from memory dumps from Linux systems. This enables you to analyse systems without needing to generate a profile. This is not a replacement for tools such as Rekall and Volatility which...
IOSSecuritySuite : iOS Platform Security And Anti-Tampering Swift Library
%20(1).png "IOSSecuritySuite : iOS Platform Security And Anti-Tampering Swift Library")
iOS Security Suite is an advanced and easy-to-use platform security & anti-tampering library written in pure Swift! If you are developing for iOS and you want to protect your app according to the OWASP MASVS standard, chapter v8, then this library could save you a lot of time. What ISS detects: Jailbreak (even the iOS 11+ with brand new indicators! Attached debugger If an...
BITB : Browser In The Browser (BITB) Templates
BITB is a Browser templates for Browser In The Browser (BITB) attack. Usage Each folder has a index.html file which has 4 variables that must be modified: XX-TITLE-XX - The title that shows up for the page (e.g. Sign in to your account now)XX-DOMAIN-NAME-XX - Domain name you're masquerading as. (e.g. gmail.com)XX-DOMAIN-PATH-XX - Domain path (e.g. /auth/google/login)XX-PHISHING-LINK-XX - Phishing link which will be embedded into the iFrame (e.g. https://example.com) Furthermore,...
O365-Doppelganger : A Quick Handy Script To Harvest Credentials Off Of A User
.png "O365-Doppelganger : A Quick Handy Script To Harvest Credentials Off Of A User")
O365-Doppelganger is NOT a replacement for hardcore phishing activities. There are several other tools which perform OAuth and OTA capture which is not the aim of O365-Doppelganger. O365-Doppelganger is a quick handy script to harvest credentials of a user during Red Teams. This repository is a quick hack of one of my old red team engagement scripts which I've used...
How Crypto Can Be Manipulated: Fake Identities in a Peer-to-Peer Model
Depending on who you ask, cryptocurrency is either a fantastic new era of financial regulation or a confusing mess of gobbledygook. The reality is that it’s both - and its peer-to-peer architecture represents a world-first in currency valuation and control. Sybil attacks occur across all peer-based platforms. It describes the process of an attacker creating and orchestrating multiple fake identities:...
VulFi : Plugin To IDA Pro Which Can Be Used To Assist During Bug Hunting In Binaries
VulFi (Vulnerability Finder) tool is a plugin to IDA Pro which can be used to assist during bug hunting in binaries. Its main objective is to provide a single view with all cross-references to the most interesting functions (such as strcpy, sprintf, system, etc.). For cases where a Hexrays decompiler can be used, it will attempt to rule out calls to these...
Bore : Simple CLI Tool For Making Tunnels To Localhost
%20(1).png "Bore : Simple CLI Tool For Making Tunnels To Localhost")
Bore, a modern simple TCP tunnel in Rust that exposes local ports to a remote server, bypassing standard NAT connection firewalls. That's all it does: no more, and no less. This will expose your local port at localhost:8000 to the public internet at bore.pub:<PORT>, where the port number is assigned randomly. Similar to local tunnel and ngrok, except bore is intended to be a highly efficient, unopinionated tool for forwarding...
