Rip Raw : Small Tool To Analyse The Memory Of Compromised Linux Systems
Rip Raw is a small tool to analyse the memory of compromised Linux systems. It is similar in purpose to Bulk Extractor, but particularly focused on extracting system Logs from memory dumps from Linux systems. This enables you to analyse systems without needing to generate a profile. This is not a replacement for tools such as Rekall and Volatility which...
IOSSecuritySuite : iOS Platform Security And Anti-Tampering Swift Library
%20(1).png "IOSSecuritySuite : iOS Platform Security And Anti-Tampering Swift Library")
iOS Security Suite is an advanced and easy-to-use platform security & anti-tampering library written in pure Swift! If you are developing for iOS and you want to protect your app according to the OWASP MASVS standard, chapter v8, then this library could save you a lot of time. What ISS detects: Jailbreak (even the iOS 11+ with brand new indicators! Attached debugger If an...
BITB : Browser In The Browser (BITB) Templates
BITB is a Browser templates for Browser In The Browser (BITB) attack. Usage Each folder has a index.html file which has 4 variables that must be modified: XX-TITLE-XX - The title that shows up for the page (e.g. Sign in to your account now)XX-DOMAIN-NAME-XX - Domain name you're masquerading as. (e.g. gmail.com)XX-DOMAIN-PATH-XX - Domain path (e.g. /auth/google/login)XX-PHISHING-LINK-XX - Phishing link which will be embedded into the iFrame (e.g. https://example.com) Furthermore,...
O365-Doppelganger : A Quick Handy Script To Harvest Credentials Off Of A User
.png "O365-Doppelganger : A Quick Handy Script To Harvest Credentials Off Of A User")
O365-Doppelganger is NOT a replacement for hardcore phishing activities. There are several other tools which perform OAuth and OTA capture which is not the aim of O365-Doppelganger. O365-Doppelganger is a quick handy script to harvest credentials of a user during Red Teams. This repository is a quick hack of one of my old red team engagement scripts which I've used...
How Crypto Can Be Manipulated: Fake Identities in a Peer-to-Peer Model
Depending on who you ask, cryptocurrency is either a fantastic new era of financial regulation or a confusing mess of gobbledygook. The reality is that it’s both - and its peer-to-peer architecture represents a world-first in currency valuation and control. Sybil attacks occur across all peer-based platforms. It describes the process of an attacker creating and orchestrating multiple fake identities:...
VulFi : Plugin To IDA Pro Which Can Be Used To Assist During Bug Hunting In Binaries
VulFi (Vulnerability Finder) tool is a plugin to IDA Pro which can be used to assist during bug hunting in binaries. Its main objective is to provide a single view with all cross-references to the most interesting functions (such as strcpy, sprintf, system, etc.). For cases where a Hexrays decompiler can be used, it will attempt to rule out calls to these...
Bore : Simple CLI Tool For Making Tunnels To Localhost
%20(1).png "Bore : Simple CLI Tool For Making Tunnels To Localhost")
Bore, a modern simple TCP tunnel in Rust that exposes local ports to a remote server, bypassing standard NAT connection firewalls. That's all it does: no more, and no less. This will expose your local port at localhost:8000 to the public internet at bore.pub:<PORT>, where the port number is assigned randomly. Similar to local tunnel and ngrok, except bore is intended to be a highly efficient, unopinionated tool for forwarding...
DDexec : A Technique To Run Binaries Filelessly And Stealthily On Linux Using Dd To Replace The Shell With Another Process
DDexec is a Technique To Run Binaries Filelessly And Stealthily On Linux Using Dd To Replace The Shell With Another Process. In Linux in order to run a program it must exist as a file, it must be accessible in some way through the file system hierarchy (this is just how execve() works). This file may reside on disk or in...
Wpgarlic : A Proof-Of-Concept WordPress Plugin Fuzzer
Wpgarlic is a proof-of-concept WordPress plugin fuzzer used in the research described in https://kazet.cc/2022/02/03/fuzzing-wordpress-plugins.html that helped to discover more than 140 vulnerablities in WordPress plugins installed on almost 15 million sites. If you want to continue the research, start with less popular plugins - if a plugin achieved at least 10k active installs between October 2021 and January 2022, I have most...
Git-Dumper : A Tool To Dump A Git Repository From A Website
.png "Git-Dumper : A Tool To Dump A Git Repository From A Website")
Git-Dumper is a tool to dump a git repository from a website. Install This can be installed easily with pip: pip install git-dumper Usage usage: git-dumper URL DIRDump a git repository from a website.positional arguments:URL urlDIR output directoryoptional arguments:-h, --help show this help message and exit--proxy PROXY use the specified proxy-j JOBS, --jobs JOBS number of simultaneous requests-r RETRY, --retry RETRYnumber of request...
