LiveTargetsFinder : Generates Lists Of Live Hosts And URLs For Targeting, Automating The Usage Of MassDNS
.png "LiveTargetsFinder : Generates Lists Of Live Hosts And URLs For Targeting, Automating The Usage Of MassDNS")
LiveTargetsFinder, Generates lists of live hosts and URLs for targeting, automating the usage of Massdns, Masscan and nmap to filter out unreachable hosts Given an input file of domain names, this script will automate the usage of MassDNS to filter out unresolvable hosts, and then pass the results on to Masscan to confirm that the hosts are reachable and on...
RESim : Reverse Engineering Software Using A Full System Simulator
RESim is a dynamic system analysis tool that provides detailed insight into processes, programs and data flow within networked computers. RESim simulates networks of computers through use of the Simics' platform’s high fidelity models of processors, peripheral devices (e.g., network interface cards), and disks. The networked simulated computers load and run targeted software copied from images extracted from the...
Cdb : Automate Common Chrome Debug Protocol Tasks To Help Debug Web Applications
.png "Cdb : Automate Common Chrome Debug Protocol Tasks To Help Debug Web Applications")
CDB is a Chrome Debug Protocol utility. The main goal of the tool is to automate common tasks to help debug web applications from the command-line and actively monitor and intercept HTTP requests and responses. This is particularly useful during penetration tests and other types of security assessments and investigations. Quickstart This tool is meant to be used as part of Pown.js but...
Pinecone : A WLAN Red Team Framework
.png "Pinecone : A WLAN Red Team Framework"){kind=logo}
Pinecone is a WLAN networks auditing tool, suitable for red team usage. It is extensible via modules, and it is designed to be run in Debian-based operating systems. Pinecone is specially oriented to be used with a Raspberry Pi, as a portable wireless auditing box. This tool is designed for educational and research purposes only. Only use it with explicit...
Koh : The Token Stealer
.png "Koh : The Token Stealer")
Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage. Some code was inspired by Elad Shamir's Internal-Monologue project (no license), as well as KB180548. For why this is possible and Koh's approeach, see the Technical Background section of this README. For a deeper explanation of the motivation behind Koh and its approach,...
Zenbuster : Multi-threaded URL Enumeration/Brute-Forcing Tool
%20(1).png "Zenbuster : Multi-threaded URL Enumeration/Brute-Forcing Tool")
ZenBuster is a multi-threaded, multi-platform URL enumeration tool written in Python by Zach Griffin (@0xTas). I wrote this tool as a way to deepen my familiarity with Python, and to help increase my understanding of Cybersecurity tooling in general. ZenBuster may not be the fastest or most comprehensive tool of its kind. It is however, simple to use, decently flexible, and...
Kubeaudit : Tool To Audit Your Kubernetes Clusters Against Common Security Controls
Kubeaudit no longer supports APIs deprecated as of Kubernetes v.1.16 release. So, it is now a requirement for clusters to run Kubernetes >=1.16 kubeaudit is a command line tool and a Go package to audit Kubernetes clusters for various different security concerns, such as: run as non-rootuse a read-only root filesystemdrop scary capabilities, don't add new onesdon't run privilegedand more! tldr. kubeaudit makes sure you deploy...
Dumpscan : Tool To Extract And Dump Secrets From Kernel And Windows Minidump Formats
.png "Dumpscan : Tool To Extract And Dump Secrets From Kernel And Windows Minidump Formats")
Dumpscan is a command-line tool designed to extract and dump secrets from kernel and Windows Minidump formats. Kernel-dump parsing is provided by volatility3. Features x509 Public and Private key (PKCS #8/PKCS #1) parsingSymCrypt parsingSupported structuresSYMCRYPT_RSAKEY - Determines if the key structure also has a private keyMatching to public certificates found in the same processMore SymCrypt structures to comeEnvironment variablesCommand line arguments Note: Testing has only been...
Trufflehog : Find Credentials All Over The Place
.png "Trufflehog : Find Credentials All Over The Place")
TruffleHog v3 is a complete rewrite in Go with many new powerful features. We've added over 700 credential detectors that support active verification against their respective APIs.We've also added native support for scanning GitHub, GitLab, filesystems, and S3.Instantly verify private keys against millions of github users and billions of TLS certificates using our Driftwood technology. What is credential verification? For every potential credential that is detected, we've painstakingly implemented...
Bypass-Url-Parser : Tool That Tests Many URL Bypasses To Reach A 40X Protected Page
Bypass-Url-Parser is a Tool that tests MANY url bypasses to reach a 40X protected page. If you wonder why this code is nothing but a dirty curl wrapper, here's why: Most of the python requests do url/path/parameter encoding/decoding, and I hate this.If I submit raw chars, I want raw chars to be sent.If I send a weird path, I want it weird, not normalized. This is surprisingly...
