OpenSquat : Detection Of Phishing Domains And Domain Squatting.
.png "OpenSquat : Detection Of Phishing Domains And Domain Squatting.")
OpenSquat is an opensource Intelligence (OSINT) security tool to identify cyber squatting threats to specific companies or domains, such as: Phishing campaignsDomain squattingTypo squattingBit squattingIDN homograph attacksDoppen ganger domainsOther brand/domain related scams It does support some key features such as: Automatic newly registered domain updating (once a day)Levenshtein distance to calculate word similarityFetches active and known phishing domains (Phishing Database project)IDN homograph attack detectionIntegration...
Win-Brute-Logon : Crack Any Microsoft Windows Users Password Without Any Privilege
Win-Brute-Logon PoC is more what I would call a serious weakness in Microsoft Windows Authentication mechanism than a vulnerability. The biggest issue is related to the lack of privilege required to perform such actions. Indeed, from a Guest account (The most limited account on Microsoft Windows), you can crack the password of any available local users. Find out which users exists using...
Scylla : The Simplistic Information Gathering Engine
.png "Scylla : The Simplistic Information Gathering Engine")
Scylla is an OSINT tool developed in Python 3.6. Scylla lets users perform advanced searches on Instagram & Twitter accounts, websites/webservers, phone numbers, and names. Scylla also allows users to find all social media profiles (main platforms) assigned to a certain username. In continuation, Scylla has shodan support so you can search for devices all over the internet, it...
Jatayu : Stealthy Stand Alone PHP Web Shell
.png "Jatayu : Stealthy Stand Alone PHP Web Shell")
JATAYU a Stealthy Stand Alone PHP Web Shell . FEATURES Http Header Based Authentication.100% Undetectable.Exec Function Changer.Nothing Fancy USAGE GET /test/jatayu.php?fn=1&&cmd=whoamiHost : http://test.comAuthtoken : bb3b1a1f-0447-42a6-955a-88681fb88499 FUNCTIONS PARAMETERFUNCTIONfn=1Calls function shell_exec()fn=2Calls function system()cmd=idExecutes command GENERATE AUTHTOKEN php$r = unpack('v*', fread(fopen('/dev/random', 'r'),16));$apiKey = sprintf('%04x%04x-%04x-%04x-%04x-%04x%04x%04x',$r, $r, $r, $r & 0x0fff | 0x4000,$r & 0x3fff | 0x8000, $r, $r, $r);echo $apiKey;?> Download
Chain-Reactor : An Open Source Framework For Composing Executables
.png "Chain-Reactor : An Open Source Framework For Composing Executables"){kind=logo}
Chain Reactor is an open-source tool for testing detection and response coverage on Linux machines. The tool generates executables that simulate sequences of actions like process creation and network connection. Chain Reactor assumes no prior engineering experience; the tool consumes JSON, so customizing its behavior is as simple as editing a file. Install musl Chain Reactor requires musl, which is an...
Voltron : A Hacky Debugger UI For Hackers
.png "Voltron : A Hacky Debugger UI For Hackers")
Voltron is an extensible debugger UI toolkit written in Python. It aims to improve the user experience of various debuggers (LLDB, GDB, VDB and WinDbg) by enabling the attachment of utility views that can retrieve and display data from the debugger host. By running these views in other TTYs, you can build a customized debugger user interface to suit...
SSR Fire : An Automated SSRF Finder. Just Give The Domain Name And Your Server
SSR Fire is an automated SSRF finder. Just give the domain name and your server and chill! ;) It also has options to find XSS and open redirects. Syntax ./ssrfire.sh -d domain.com -s yourserver.com -f custom_file.txt -c cookies domain.com ---> The domain for which you want to test yourserver.com ---> Your server which detects SSRF. Eg. Burp collaborator custom_file.txt ---> Optional argument. You give your own custom URLs instead...
Hybrid Test Framework : End To End Testing Of Web, API And Security
.png "Hybrid Test Framework : End To End Testing Of Web, API And Security")
Hybrid Test Framework is a framework supports WebUi automation across a variety of browsers like Chrome, Firefox, IE, no only limited to this but extended to test rest api, security and visual testing. Capabilities Cross browser testing supportAdded browserstack support for CrossBrowser testingRunning tests in docker containers selenium gridRunning tests in AWS DeviceFarm selenium gridRunning tests in selenium server in docker...
Talisman : By Hooking Talisman Validates The Outgoing Changeset For Things That Look Suspicious
.png "Talisman : By Hooking Talisman Validates The Outgoing Changeset For Things That Look Suspicious")
Talisman is a tool that installs a hook to your repository to ensure that potential secrets or sensitive information do not leave the developer's workstation. It validates the outgoing changeset for things that look suspicious - such as potential SSH keys, authorization tokens, private keys etc. Installation Talisman supports MAC OSX, Linux and Windows. Talisman can be installed and used in one of...
Boko : Application Hijack Scanner For macOS
Boko.py is an application scanner for macOS that searches for and identifies potential dylib hijacking and weak dylib vulnerabilities for application executables, as well as scripts an application may use that have the potential to be backdoored. The tool also calls out interesting files and lists them instead of manually browsing the file system for analysis. With the active...
