SharpEventPersist : Persistence By Writing/Reading Shellcode From Event Log
.png "SharpEventPersist : Persistence By Writing/Reading Shellcode From Event Log")
SharpEventPersist is a Persistence by writing/reading shellcode from Event Log. Usage The SharpEventPersist tool takes 4 case-sensitive parameters: -file "C:pathtoshellcode.bin"-instanceid 1337-source Persistence-eventlog "Key Management Service". The shellcode is converted to hex and written to the "Key Management Service", event level is set to "Information" and source is "Persistence".Run the SharpEventLoader tool to fetch shellcode from event log and execute it. Ideally this should...
MITM_Intercept : A Little Bit Less Hackish Way To Intercept And Modify non-HTTP Protocols Through Burp And Others
.png "MITM_Intercept : A Little Bit Less Hackish Way To Intercept And Modify non-HTTP Protocols Through Burp And Others")
MITM_Intercept is a little bit less hackish way to intercept and modify non-HTTP protocols through Burp and others with SSL and TLS interception support. This tool is for researchers and applicative penetration testers that perform thick clients security assesments. An improved version of the fantastic mitm_relay project. The Story As part of our work in the research department of CyberArk Labs, we needed...
Jeeves : Time-Based Blind SQLInjection Finder
.png "Jeeves : Time-Based Blind SQLInjection Finder")
Jeeves is made for looking to Time-Based Blind SQLInjection through recon. Installation & Requirements Installing Jeeves $ go install github.com/ferreiraklet/Jeeves@latest OR $ git clone https://github.com/ferreiraklet/Jeeves.git$ cd Jeeves$ go build jeeves.go$ chmod +x jeeves$ ./jeeves -h Usage & Explanation Single urls echo 'https://redacted.com/index.php?id=your_time_based_blind_payload_here' | jeeves -t payload_timeecho "http://testphp.vulnweb.com/artists.php?artist=" | qsreplace "(select(0)from(select(sleep(5)))v)" | jeeves --payload-time 5echo "http://testphp.vulnweb.com/artists.php?artist=" | qsreplace "(select(0)from(select(sleep(10)))v)" | jeeves -t 10 In --payload-time you must use the...
WhiteBeam : Transparent Endpoint Security
WhiteBeam is a Transparent endpoint security Features Block and detect advanced attacksModern audited cryptography: RustCrypto for hashing and encryptionHighly compatible: Development focused on all platforms (incl. legacy) and architecturesSource available: Audits welcomeReviewed by security researchers with combined 100+ years of experience Installation WhiteBeam is currently unavailable for installation due to backwards-incompatible security enhancements for 0.3. Check back soon! From Packages (Linux) Distro-specific packages have not been released...
Pulsar : Data Exfiltration And Covert Communication Tool
.png "Pulsar : Data Exfiltration And Covert Communication Tool")
Pulsar is a tool for data exfiltration and covert communication that enable you to create a secure data transfer, a bizarre chat or a network tunnel through different protocols, for example you can receive data from tcp connection and resend it to real destination through DNS packets Setting up Pulsar First, getting the code from repository and compile it with following...
PacketStreamer : Distributed Tcpdump For Cloud Native Environments
.png "PacketStreamer : Distributed Tcpdump For Cloud Native Environments")
PacketStreamer is a high-performance remote packet capture and collection tool. It is used by Deepfence's ThreatStryker security observability platform to gather network traffic on demand from cloud workloads for forensic analysis. Primary design goals: Stay light, capture and stream, no additional processingPortability, works across virtual machines, Kubernetes and AWS Fargate. Linux and Windows PacketStreamer sensors are started on the target servers. Sensors capture traffic, apply filters, and...
Blackbird : An OSINT Tool To Search For Accounts By Username In 101 Social Networks
.png "Blackbird : An OSINT Tool To Search For Accounts By Username In 101 Social Networks")
An OSINT tool to search fast for accounts by username across 142 sites. The Lockheed SR-71 "Blackbird" is a long-range, high-altitude, Mach 3+ strategic reconnaissance aircraft developed and manufactured by the American aerospace company Lockheed Corporation. Setup Clone the repository git clone https://github.com/p1ngul1n0/blackbirdcd blackbird Install requirements pip install -r requirements.txt Usage Search by username python blackbird.py -u username Run WebServer python blackbird.py --web Read results file python blackbird.py -f username.json List supportted sites python...
AutoPWN Suite : Project For Scanning Vulnerabilities And Exploiting Systems Automatically
.png "AutoPWN Suite : Project For Scanning Vulnerabilities And Exploiting Systems Automatically")
AutoPWN Suite is a project for scanning vulnerabilities and exploiting systems automatically. Features Fully automatic! (Use -y flag to enable)Detect network IP range without any user input.Vulnerability detection based on version.Web app vulnerability testing. (Only LFI for now)Get information about the vulnerability right from your terminal.Automatically download exploit related with vulnerability.Noise mode for creating a noise on the network.Evasion mode for being sneaky.Automatically...
Offensive-Azure : Collection Of Offensive Tools Targeting Microsoft Azure
.png "Offensive-Azure : Collection Of Offensive Tools Targeting Microsoft Azure")
Offensive-Azure is a Collection of offensive tools targeting Microsoft Azure written in Python to be platform agnostic. The current list of tools can be found below with a brief description of their functionality. ./Device_Code/device_code_easy_mode.pyGenerates a code to be entered by the target userCan be used for general token generation or during a phishing/social engineering campaign../Access_Tokens/token_juggle.pyTakes in a refresh token in...
Socialhunter : Crawls The Website And Finds Broken Social Media Links That Can Be Hijacked
.png "Socialhunter : Crawls The Website And Finds Broken Social Media Links That Can Be Hijacked")
Socialhunter, Crawls the given URL and finds broken social media links that can be hijacked. Broken social links may allow an attacker to conduct phishing attacks. It also can cost a loss of the company's reputation. Broken social media hijack issues are usually accepted on the bug bounty programs. Installation From Binary You can download the pre-built binaries from the releases page and run....
