AutoPWN Suite : Project For Scanning Vulnerabilities And Exploiting Systems Automatically
.png "AutoPWN Suite : Project For Scanning Vulnerabilities And Exploiting Systems Automatically")
AutoPWN Suite is a project for scanning vulnerabilities and exploiting systems automatically. Features Fully automatic! (Use -y flag to enable)Detect network IP range without any user input.Vulnerability detection based on version.Web app vulnerability testing. (Only LFI for now)Get information about the vulnerability right from your terminal.Automatically download exploit related with vulnerability.Noise mode for creating a noise on the network.Evasion mode for being sneaky.Automatically...
Offensive-Azure : Collection Of Offensive Tools Targeting Microsoft Azure
.png "Offensive-Azure : Collection Of Offensive Tools Targeting Microsoft Azure")
Offensive-Azure is a Collection of offensive tools targeting Microsoft Azure written in Python to be platform agnostic. The current list of tools can be found below with a brief description of their functionality. ./Device_Code/device_code_easy_mode.pyGenerates a code to be entered by the target userCan be used for general token generation or during a phishing/social engineering campaign../Access_Tokens/token_juggle.pyTakes in a refresh token in...
Socialhunter : Crawls The Website And Finds Broken Social Media Links That Can Be Hijacked
.png "Socialhunter : Crawls The Website And Finds Broken Social Media Links That Can Be Hijacked")
Socialhunter, Crawls the given URL and finds broken social media links that can be hijacked. Broken social links may allow an attacker to conduct phishing attacks. It also can cost a loss of the company's reputation. Broken social media hijack issues are usually accepted on the bug bounty programs. Installation From Binary You can download the pre-built binaries from the releases page and run....
Nipe : An Engine To Make Tor Network Your Default Gateway
Nipe is an engine to make Tor Network your default gateway. The Tor project allows users to surf the Internet, chat and send instant messages anonymously through its own mechanism. It is used by a wide variety of people, companies and organizations, both for lawful activities and for other illicit purposes. Tor has been largely used by intelligence agencies, hacking...
Sentinel-Attack : Tools To Rapidly Deploy A Threat Hunting Capability On Azure Sentinel
Sentinel ATT&CK aims to simplify the rapid deployment of a threat hunting capability that leverages Sysmon and MITRE ATT&CK on Azure Sentinel Overview Sentinel ATT&CK provides the following tools: An ARM template to automatically deploy Sentinel ATT&CK to your Azure environmentA Sysmon configuration file compatible with Azure Sentinel and mapped to specific ATT&CK techniquesA Sysmon log parser mapped against the OSSEM data model117 ready-to-use Kusto detection rules covering 156 ATT&CK techniquesA Sysmon threat hunting workbook inspired...
AzureRT : A Powershell Module Implementing Various Azure Red Team Tactics
.png "AzureRT : A Powershell Module Implementing Various Azure Red Team Tactics")
AzureRT is a Powershell module implementing various cmdlets to interact with Azure and Azure AD from an offensive perspective. Helpful utilities dealing with access token based authentication, switching from Az to AzureAD and az cli interfaces, easy to use pre-made attacks such as Runbook-based command execution and more. The Most Valuable Cmdlets This toolkit brings lots of various cmdlets. This section highlights the most important & useful ones. Typical...
AWS-Threat-Simulation-and-Detection : Playing Around With Stratus Red Team And SumoLogic
.png "AWS-Threat-Simulation-and-Detection : Playing Around With Stratus Red Team And SumoLogic")
AWS-Threat-Simulation-and-Detection, this repository is a documentation of my adventures with Stratus Red Team - a tool for adversary emulation for the cloud. Stratus Red Team is "Atomic Red Team for the cloud, allowing to emulate offensive attack techniques in a granular and self-contained manner. We run the attacks covered in the Stratus Red Team repository one by one on our AWS account. In order...
Lockc : Making Containers More Secure With eBPF And Linux Security Modules (LSM)
.png "Lockc : Making Containers More Secure With eBPF And Linux Security Modules (LSM)"){kind=logo}
lockc is open source sofware for providing MAC (Mandatory Access Control) type of security audit for container workloads. The main reason why lockc exists is that containers do not contain. Containers are not as secure and isolated as VMs. By default, they expose a lot of information about host OS and provide ways to "break out" from the container. lockc aims to provide more isolation to...
Puwr : SSH Pivoting Script For Expanding Attack Surfaces On Local Networks
.png "Puwr : SSH Pivoting Script For Expanding Attack Surfaces On Local Networks")
Puwr will Easily expand your attack surface on a local network by discovering more hosts, via SSH. Using a machine running a SSH service, Puwr uses a given subnet range to scope out IP's, sending back any successful ping requests it has. This can be used to create a pivoting attack from a compromised machine, by returning you hosts...
Atomic-Operator : A Python Package Is Used To Execute Atomic Red Team Tests
.png "Atomic-Operator : A Python Package Is Used To Execute Atomic Red Team Tests"){kind=logo}
atomic-operator enables security professionals to test their detection and defensive capabilities against prescribed techniques defined within atomic-red-team. By utilizing a testing framework such as atomic-operator, you can identify both your defensive capabilities as well as gaps in defensive coverage. Additionally, atomic-operator can be used in many other situations like: Generating alerts to test productsTesting EDR and other security toolsIdentifying way to perform defensive evasion from an...
