Fastfuz-Chrome-Ext : Site Fast Fuzzing With Chorme Extension
.png "Fastfuz-Chrome-Ext : Site Fast Fuzzing With Chorme Extension")
Fastfuz-Chrome-Ext is a Fast fuzzing websites with chrome extension. Screenshot Install Add Your Custom Files Open files.txtPaste your file or directory name in line by lineHappy Hunting Download
Osmedeus : A Workflow Engine For Offensive Security
.png "Osmedeus : A Workflow Engine For Offensive Security"){kind=spacer}
Osmedeus is a Workflow Engine for Offensive Security. Installation NOTE that you need some essential tools like curl, wget, git, zip and login as root to start bash -c "$(curl -fsSL https://raw.githubusercontent.com/osmedeus/osmedeus-base/master/install.sh)" Build the engine from source Make sure you installed golang >= v1.17 mkdir -p $GOPATH/src/github.com/j3ssiegit clone --depth=1 https://github.com/j3ssie/osmedeus $GOPATH/src/github.com/j3ssie/osmedeuscd $GOPATH/src/github.com/j3ssie/osmedeusmake build Usage Scan Usage:osmedeus scan -f -t osmedeus scan -m -T osmedeus scan -f /path/to/flow.yaml -t osmedeus scan...
PwnKit-Exploit : Proof Of Concept (PoC) CVE-2021-4034
.png "PwnKit-Exploit : Proof Of Concept (PoC) CVE-2021-4034")
PwnKit-Exploit, a local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. Proof of Concept debian@debian:~/PwnKit-Exploit$ makecc -Wall exploit.c -o exploitdebian@debian:~/PwnKit-Exploit$ whoamidebiandebian@debian:~/PwnKit-Exploit$ ./exploitCurrent User before execute exploithacker@victim$whoami: debianExploit written by @luijait (0x6c75696a616974) Enjoy your root if exploit was completed succesfullyroot@debian:/home/debian/PwnKit-Exploit# whoamirootroot@debian:/home/debian/PwnKit-Exploit# Fix CommandUsesudo chmod 0755...
PyShell : Multiplatform Python WebShell
.png "PyShell : Multiplatform Python WebShell")
PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells, the main goal of the tool is to use as little code as possible on the server side, regardless of the language used or the operating system of the server. Thanks to this, you can use...
Authz0 : An Automated Authorization Test Tool
.png "Authz0 : An Automated Authorization Test Tool")
Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials. URLs and Roles are managed as YAML-based templates, which can be automatically created and added through authz0. You can also test based on multiple authentication headers and cookies with a template file created/generated once. Key Features Generate scan template $ authz0 newInclude URLsInclude RolesInclude...
Hacc The Hub : Open Source Self-Hosted Cyber Security Learning Platform
.png "Hacc The Hub : Open Source Self-Hosted Cyber Security Learning Platform")
Hacc The Hub is an open source project that provides cyber security The Hacc The Hub system consists of 3 main parts: Docker: containing all of the boxes creating the environment in which we'll be learning on.The backend: controlling Docker and responsible for starting/destroying individual box in the system and managing the networking that joins them into a unified system.The frontend:...
IOC Scraper : A Fast And Reliable Service That Enables You To Extract IOCs
IOC Scraper utilises IOCPARSER service to fetch IOCs from different vendor Blogs, PDFs, and CSV files. Parsing IOCs is time-consuming process, using current script one can automatically extract and aggregate IOCs easily. Features Defanged IOCs : Supports extracting and defanging IOCs.Whitelist IOCs : Supports custom whitlisting of IOCs.Source Types : Supports variety of sources such as Blogs, PDFs, CSV, and much more. Supported IOC...
Chaya : Advance Image Steganography
.png "Chaya : Advance Image Steganography")
Chaya protects your privacy through steganography, cryptography and compression. It effectively encrypts your payloads using AES-256-GCM cryptography, embeds them using LSB-LPS steganography technique into images and compresses them using FLIF to evade detection by performing lossless compression. Chaya is for your privacy. Chaya is backed by research (I will publish public version whitepaper on xerohack.com), and has proven to be by far the most effective image steganography...
Ocr-Recon : Tool To Find A Particular String In A List Of URLs Using Tesseract’S OCR Capabilities
Ocr-Recon is useful to find a particular string in a list of URLs using tesseract's OCR (Optical Character Recognition) capabilities. Usage Usage: python3 ocr-recon.py list with URLs string to search Download
Litefuzz : A Multi-Platform Fuzzer For Poking At Userland Binaries And Servers
.png "Litefuzz : A Multi-Platform Fuzzer For Poking At Userland Binaries And Servers")
Litefuzz is meant to serve a purpose: fuzz and triage on all the major platforms, support both CLI/GUI apps, network clients and servers in order to find security-related bugs. It simplifies the process and makes it easy to discover security bugs in many different targets, across platforms, while just making a few honest trade-offs. It isn't built for speed, scalability...
