Xepor : Web Routing Framework For Reverse Engineers And Security Researchers
.png "Xepor : Web Routing Framework For Reverse Engineers And Security Researchers")
Xepor (pronounced /ˈzɛfə/, zephyr), a web routing framework for reverse engineers and security researchers. It provides a Flask-like API for hackers to intercept and modify HTTP request and/or HTTP response in a human-friendly coding style. This project is meant to be used with mitmproxy. User write scripts with xepor, and run the script inside mitmproxy with mitmproxy -s your-script.py. If you want to step from PoC to production,...
C2concealer : Command Line Tool That Generates Randomized C2 Malleable Profiles For Use In Cobalt Strike
C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike. Installation chmod u+x install.sh./install.sh Building Docker Image docker build -t C2concealer . Running with Docker docker container run -it -v <cobalt_strike_location>:/usr/share/cobaltstrike/ C2concealer --hostname google.com --variant 3 Example Usage Usage:$ C2concealer --hostname google.com --variant 3Flags:(optional)--hostnameThe hostname used in HTTP client and server side settings. Default is None.--variantAn integer defining the number...
PowerProxy : PowerShell SOCKS Proxy With Reverse Proxy Capabilities
.png "PowerProxy : PowerShell SOCKS Proxy With Reverse Proxy Capabilities")
PowerProxy is a PowerShell SOCKS proxy with reverse proxy capabilities. PowerProxy is written with penetration testers in mind. Reverse proxy functionality is a priority, for traversing networks that block inbound connections. Reverse proxy connections are encrypted by default. Username/Password authentication is supported for Socks 5 connections. Setup Import the script: iex (new-object net.webclient).downloadstring("http://192.168.0.22/PowerProxy.ps1")ORImport-Module 192.168.0.22PublicPowerProxy.ps1 reverse_proxy_handler.py can create temporary SSL certs, which requires OpenSSL. If OpenSSL...
Cyph : Cryptographically Secure Messaging And Social Networking Service
Cyph is a cryptographically secure messaging and social networking service, providing an extreme level of privacy combined with best-in-class ease of use. Cyph’s patented technology — built by former SpaceX engineers, audited by Cure53, and the basis of research presentations at Black Hat and DEF CON — uniquely allows Cyph to solve the major security and usability limitations of conventional solutions. Commands available...
ShadowClone : Unleash The Power Of Cloud
ShadowClone is designed to delegate time consuming tasks to the cloud by distributing the input data to multiple serverless functions (AWS Lambda, Azure Functions etc.) and running the tasks in parallel resulting in huge performance boost! ShadowClone uses IBM's awesome Lithops library to distribute the workloads to serverless functions which is at the core of this tool. Effectively, it is...
Vaas Verdict-as-a-Service SDKs: Analyze Files For Malicious Content
VaaS (Verdict-as-a-Service) is a service that provides a platform for scanning files for malware and other threats. It allows easy integration in your application. With a few lines of code, you can start scanning files for malware. Integration of Malware Detection Easily integrate malware detection into any kind of application, service or platform. Create a command line scanner to find malware with a few...
BirDuster : A Multi Threaded Python Script Designed To Brute Force Directories
.png "BirDuster : A Multi Threaded Python Script Designed To Brute Force Directories")
BirDuster is a Python based knockoff of the original DirBuster. BirDuster is a multi threaded Python application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a web server in a state of default installation is actually not, and has pages and applications hidden within. Installation Use PIP: pip3 install --user BirDuster Clone source: git clone...
DuplicateDump : Dumping LSASS With A Duplicated Handle From Custom LSA Plugin
DuplicateDump is a fork of MirrorDump with following modifications: DInovke implementationLSA plugin DLL written in C++ which could be clean up after dumping LSASS. MirrorDump compile LSA plugin as .NET assembly which would not be unloaded by LSASS process. That's why MirrorDump failed to delete the plugin.PID of dump process (i.e., DuplicateDump) is shared to LSA plugin through named pipePassing value "0"...
Chlonium : Chromium Cookie Import / Export Tool
.png "Chlonium : Chromium Cookie Import / Export Tool")
Chlonium is an application designed for cloning Chromium Cookies. From Chromium 80 and upwards, cookies are encrypted using AES-256 GCM, with a state key which is stored in the Local State file. This state key is encrypted using DPAPI. This is a change from older versions, which used DPAPI to encrypt each cookie item in the cookie database. What this...
NodeSecurityShield : A Developer And Security Engineer Friendly Package For Securing NodeJS Applications
.png "NodeSecurityShield : A Developer And Security Engineer Friendly Package For Securing NodeJS Applications")
NodeSecurityShield is a Developer and Security Engineer friendly package for Securing NodeJS Applications. Inspired by the log4J vulnerability (CVE-2021-44228) which can be exploited because an application can make arbitrary network calls. We felt there is an need for an application to declare what privileges it can have so that exploitation of such vulnerabilities becomes harder. To achieve this, NSS (Node Security Shield) has Resource Access...
