FirmWire : b Full-System Baseband Firmware Emulation Platform
FirmWire is a full-system baseband firmware analysis platform that supports Samsung and MediaTek. It enables fuzzing, root-cause analysis, and debugging of baseband firmware images. See the FirmWire documentation to get started! Installation The recommended way of using FirmWire is by using the supplied Dockerfile. To build the docker file, execute the following commands: git clone https://github.com/FirmWire/FirmWire.gitcd FirmWiregit clone https://github.com/FirmWire/panda.gitThis will take some timedocker build -t firmwire...
LeakedHandlesFinder : Leaked Windows Processes Handles Identification Tool
.png "LeakedHandlesFinder : Leaked Windows Processes Handles Identification Tool")
Leaked Windows processes handles identification tool. Useful for identify new LPE vulnerabilities during a pentest or simply as a new research process. Currently supports exploiting (autopwn) procesess leaked handles spawning a new arbitrary process (cmd.exe default). LHF identifies in realtime inherited handles and gives the researcher explotability tips Presented at rootedcon 2022 https://www.rootedcon.com/ponentes-rooted2022/. Presentation -> Presentation/Exploiting Leaked Handles for LPE.pdf Download
Pybatfish : Python Client For Batfish (Network Configuration Analysis Tool)
Pybatfish is a Python client for Batfish. What is Batfish? Batfish is a network validation tool that provides correctness guarantees for security, reliability, and compliance by analyzing the configuration of network devices. It builds complete models of network behavior from device configurations and finds violations of network policies (built-in, user-defined, and best-practices). A primary use case for Batfish is to validate configuration changes before deployment...
Moonwalk : Cover Your Tracks During Linux Exploitation By Leaving Zero Traces
.png "Moonwalk : Cover Your Tracks During Linux Exploitation By Leaving Zero Traces")
moonwalk is a 400 KB single-binary executable that can clear your traces while penetration testing a Unix machine. It saves the state of system logs pre-exploitation and reverts that state including the filesystem timestamps post-exploitation leaving zero traces of a ghost in the shell. Features Small Executable: Get started quickly with a curl fetch to your target machine.Fast: Performs all session commands including logging, trace clearing, and filesystem operations...
Nanodump : A Crappy LSASS Dumper With No ASCII Art
Nanodump, a flexible tool that creates a minidump of the LSASS process. Features It uses syscalls (with SysWhispers2) for most operations.Syscalls are called from an ntdll address to bypass some syscall detections.It sets the syscall callback hook to NULL.Windows APIs are called using dynamic invoke.You can choose to download the dump without touching disk or write it to a file.The minidump by default has...
BackupOperatorToDA : From An Account Member Of The Group Backup Operators To Domain Admin
.png "BackupOperatorToDA : From An Account Member Of The Group Backup Operators To Domain Admin")
BackupOperatorToDA, From An Account Member Of The Group Backup Operators To Domain Admin Without RDP Or WinRM On The Domain Controller. If you compromise an account member of the group Backup Operators you can become the Domain Admin without RDP or WinRM on the Domain Controller. All credit from filip_dragovic with his inital POC ! I build this project because I wanted to have...
Requests-Ip-Rotator : A Python Library To Utilize AWS API Gateway’s Large IP Pool
Requests-Ip-Rotator is a Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing. This library will allow the user to bypass IP-based rate-limits for sites and services. X-Forwarded-For headers are automatically randomised and applied unless given. This is because otherwise, AWS will send the client's true IP address...
Dora : Find Exposed API Keys Based On RegEx And Get Exploitation Methods
.png "Dora : Find Exposed API Keys Based On RegEx And Get Exploitation Methods")
Dora, a tool to Find Exposed API Keys Based On RegEx And Get Exploitation Methods For Some Of Keys That Are Found Features Blazing fast as we are using ripgrep in backendExploit/PoC steps for many of the API key, allowing to write a good report for bug bounty huntingUnlike many other API key finders, dora also shows the path to the file and the line...
Lupo : Malware IOC Extractor. Debugging Module For Malware Analysis Automation
.png "Lupo : Malware IOC Extractor. Debugging Module For Malware Analysis Automation")
Lupo is a Debugging module for Malware Analysis Automation. Working on security incidents that involve malware, we come across situations on a regular basis where we feel the need to automate parts of the analysis process as complete manual analysis is, more often than not, not possible for every case due to many factors (time, skills, scale etc.). I wrote...
Osinteye : Username Enumeration And Reconnaisance Suite
Osinteye is a tool used for Username enumeration & reconnaisance suite. Supported sites PyPI Github TestPypi About.me Instagram DockerHub Installation Clone project: $ git clone https://github.com/rly0nheart/osinteye.git $ cd osinteye $ pip install -r requirements.txt Usage $ python osinteye Or give osintEye execution permission: $ chmod +x osinteye $ ./osinteye Example 1.1; $ python osinteye --instagram Example 1.2; $ ./osinteye --instagram Optional Arguments FlagUsage--pypiget target's information from pypi--testpypiget target's information from testpypi--aboutget target's information from about.me--instagramget target's...
