Chain-Reactor : An Open Source Framework For Composing Executables
.png "Chain-Reactor : An Open Source Framework For Composing Executables"){kind=logo}
Chain Reactor is an open-source tool for testing detection and response coverage on Linux machines. The tool generates executables that simulate sequences of actions like process creation and network connection. Chain Reactor assumes no prior engineering experience; the tool consumes JSON, so customizing its behavior is as simple as editing a file. Install musl Chain Reactor requires musl, which is an...
Voltron : A Hacky Debugger UI For Hackers
.png "Voltron : A Hacky Debugger UI For Hackers")
Voltron is an extensible debugger UI toolkit written in Python. It aims to improve the user experience of various debuggers (LLDB, GDB, VDB and WinDbg) by enabling the attachment of utility views that can retrieve and display data from the debugger host. By running these views in other TTYs, you can build a customized debugger user interface to suit...
SSR Fire : An Automated SSRF Finder. Just Give The Domain Name And Your Server
SSR Fire is an automated SSRF finder. Just give the domain name and your server and chill! ;) It also has options to find XSS and open redirects. Syntax ./ssrfire.sh -d domain.com -s yourserver.com -f custom_file.txt -c cookies domain.com ---> The domain for which you want to test yourserver.com ---> Your server which detects SSRF. Eg. Burp collaborator custom_file.txt ---> Optional argument. You give your own custom URLs instead...
Hybrid Test Framework : End To End Testing Of Web, API And Security
.png "Hybrid Test Framework : End To End Testing Of Web, API And Security")
Hybrid Test Framework is a framework supports WebUi automation across a variety of browsers like Chrome, Firefox, IE, no only limited to this but extended to test rest api, security and visual testing. Capabilities Cross browser testing supportAdded browserstack support for CrossBrowser testingRunning tests in docker containers selenium gridRunning tests in AWS DeviceFarm selenium gridRunning tests in selenium server in docker...
Talisman : By Hooking Talisman Validates The Outgoing Changeset For Things That Look Suspicious
.png "Talisman : By Hooking Talisman Validates The Outgoing Changeset For Things That Look Suspicious")
Talisman is a tool that installs a hook to your repository to ensure that potential secrets or sensitive information do not leave the developer's workstation. It validates the outgoing changeset for things that look suspicious - such as potential SSH keys, authorization tokens, private keys etc. Installation Talisman supports MAC OSX, Linux and Windows. Talisman can be installed and used in one of...
Boko : Application Hijack Scanner For macOS
Boko.py is an application scanner for macOS that searches for and identifies potential dylib hijacking and weak dylib vulnerabilities for application executables, as well as scripts an application may use that have the potential to be backdoored. The tool also calls out interesting files and lists them instead of manually browsing the file system for analysis. With the active...
Sharp Cookie Monster : Extracts Cookies From Chrome
Sharp Cookie Monster is a Sharp port of @defaultnamehere's cookie-crimes module - full credit for their awesome work! This C# project will dump cookies for all sites, even those with http Only/secure/session flags. Usage Simply run the binary. SharpCookieMonster.exe An optional first argument sepcifies the site that chrome will initially connect to when launched (default https://www.google.com). An optional second argument specifies the port to launch...
Njsscan : A Semantic Aware SAST Tool That Can Find Insecure Code Patterns In Node.js Applications
.png "Njsscan : A Semantic Aware SAST Tool That Can Find Insecure Code Patterns In Node.js Applications")
Njsscan is a static application testing (SAST) tool that can find insecure code patterns in your node.js applications using simple pattern matcher from libsast and syntax-aware semantic code pattern search tool semgrep. Installation pip install njsscan Requires Python 3.6+ and supports only Mac and Linux Command Line Options $ njsscanusage: njsscan positional arguments:path Path can be file(s) or...
Snaffler : A Tool For Pentesters To Help Find Delicious Candy
Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly, but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment). It might also be useful for other people doing other stuff, but it is explicitly NOT meant to be an "audit" tool. What does it do? Broadly speaking - it gets a list of Windows computers from...
Macrome : Excel Macro Document Reader/Writer For Red Teamers And Analysts
Macrome an Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found here and here. Installation / Building Clone or download this repository, the tool can then be executed using dotnet - for example: dotnet run -- build --decoy-document Docsdecoy_document.xls --payload Docspopcalc.bin or dotnet buildcd bin/Debug/netcoreapp2.0dotnet Macrome.dll deobfuscate --path obfuscated_document.xls Note that a 5.0+ build of dotnet is...
