NimPackt-v1 : Nim-based Assembly Packer And Shellcode Loader For Opsec And Profit
.png "NimPackt-v1 : Nim-based Assembly Packer And Shellcode Loader For Opsec And Profit"){kind=logo}
NimPackt-v1 is among the worst code I have ever written (I was just starting out learning Nim). Because of this, I started on a full rewrite of NimPackt, dubbed 'NimPackt-NG' (currently still private). With this re-write, I decided to open-source the old branch ("NimPackt-v1"). As such, this branch is no longer maintained and comes without any form of warranty...
Wholeaked : A File-Sharing Tool That Allows You To Find The Responsible Person In Case Of A Leakage
Wholeaked is a file-sharing tool that allows you to find the responsible person in case of a leakage. It's written in Go. How? wholeaked gets the file that will be shared and a list of recipients. It creates a unique signature for each recipient and adds it to the file secretly. After then, it can automatically send files to the corresponding...
EvilSelenium : A Tool That Weaponizes Selenium To Attack Chromium Based Browsers
EvilSelenium is a new project that weaponizes Selenium to abuse Chromium-based browsers. The current features right now are: Steal stored credentials (via autofill)Steal cookiesTake screenshots of websitesDump Gmail/O365 emailsDump WhatsApp messagesDownload & exfiltrate filesAdd SSH keys to GitHub Or extend the existing functionality to suit your needs (e.g. Download files from the user's GDrive/OneDrive). Usage EvilSelenium.exe /?/help - Show this help menu.SETUP:/install - Install chromedriver...
LDAP shell : AD ACL Abuse
.png "LDAP shell : AD ACL Abuse")
LDAP shell repository contains a small tool inherited from ldap_shell. Installation These tools are only compatible with Python 3.5+. Clone the repository from GitHub, install the dependencies and you should be good to go: git clone https://github.com/z-Riocool/ldap_shell.gitcd ldap_shellpython3 setup.py install Usage Connection options ldap_shell domain.local/user:passwordldap_shell domain.local/user:password -dc-ip 192.168.1.2ldap_shell domain.local/user -hashes aad3b435b51404eeaad3b435b51404ee:aad3b435b51404eeaad3b435b51404e1export KRB5CCNAME=/home/user/ticket.ccacheldap_shell -k -no-pass domain.local/user Functionality Get Infodump - Dumps the domain.search query - Search users...
Poro : Scan Publicly Accessible Assets On Your AWS Cloud Environment
.png "Poro : Scan Publicly Accessible Assets On Your AWS Cloud Environment")
Poro is a tool to Scan for publicly accessible assets on your AWS environment Services covered by this tool: AWS ELBAPI GatewayS3 BucketsRDS DatabasesEC2 instancesRedshift Databases Poro also check if a tag you specify is applied to identified public resources using --tag-key and --tag-value arguments. Prequisites AWS account with Read Only Access to services listed above.Python 3.Xrequests>=2.22.0boto3>=1.20botocore>= 1.20enlighten>=1 Usage Clone this repositoryConfigure your envionment with active...
Uncover : Quickly Discover Exposed Hosts On The Internet Using Multiple Search Engine
Uncover is a go wrapper using APIs of well known search engines to quickly discover exposed hosts on the internet. It is built with automation in mind, so you can query it and utilize the results with your current pipeline tools. Currently, it supports shodan,shodan-internetdb, censys, and fofa search API. Features Simple and Handy utility to query multiple search engineMultiple Search engine support (Shodan, Censys, Fofa, Shodan-InternetDB)Automatic key/credential randomizationstdin / stdout support...
Skanuvaty : Dangerously Fast DNS/network/port Scanner
Skanuvaty is Dangerously fast dns/network/port scanner, all-in-one. Start with a domain, and we'll find everything about it. Features Finds subdomains from root domainFinds IPs for subdomainsChecks what ports are open on those IPs (Notice: not yet implemented) Outputs a handy .json file with all the data for further investigation. Runs as fast as your computer/network/DNS resolver allows it to be. Test run for 10.000...
Octosuite : Advanced Github OSINT Framework
Octosuite is an open-source lightweight yet advanced osint framework that targets Github users and organizations. With over 10+ features, octosuite only runs on 2 external dependencies (for the GitHub alt) and 1 dependency (for the PyPI package). And returns the gathered intel in a well and highly readable format. Installation Clone from Github git clone https://github.com/rly0nheart/octosuite.git cd octosuite pip install -r requirements.txt Install from PyPI pip...
Gitbleed_Tools : For Extracting Data From Mirrorred Git Repositories
.png "Gitbleed_Tools : For Extracting Data From Mirrorred Git Repositories")
Gitbleed_Tools, this repo contains shell scripts that can be used to download and analyze differences between cloned and mirror Git repositories. For more information about the underlying quirk in Git behavior, please visit read our blog post. What Do These Scripts Do? These scripts will clone a copy of the given Git repository, both as regular clone and mirrored ("--mirror") option. It...
Hcltm : Documenting Your Threat Models With HCL
Hcltm is a tool for Documenting Your Threat Models With HCL. There are many different ways in which a threat model can be documented. From a simple text file, to more in-depth word documents, to fully instrumented threat models in a centralized solution. Two of the most valuable attributes of a threat model are being able to clearly document...
