Mandiant-Azure-AD-Investigator : PowerShell module for detecting artifacts
Mandiant-Azure-AD-Investigator repository contains a PowerShell module for detecting artifacts that may be indicators of UNC2452 and other threat actor activity. Some indicators are "high-fidelity" indicators of compromise, while other artifacts are so called "dual-use" artifacts. Dual-use artifacts may be related to threat actor activity, but also may be related to legitimate functionality. Analysis and verification will be required for...
Pwndora : Massive IPv4 Scanner, Find And Analyze Internet-Connected Devices In Minutes
Pwndora is a massive and fast IPv4 address range scanner, integrated with multi-threading. Using sockets, it analyzes which ports are open, and collects more information about targets. This project allows users to create their own IoT search engine at home, in simple steps, for educational purposes. Features Port scanning with different options and retrieve software banner information.Detect some web technologies and operating...
T-Reqs-HTTP-Fuzzer : A Grammar-Based HTTP Fuzzer
T-Reqs-HTTP-Fuzzer (Two Requests) is a grammar-based HTTP Fuzzer written as a part of the paper titled "T-Reqs: HTTP Request Smuggling with Differential Fuzzing" which was presented at ACM CCS 2021. T-Reqs is for fuzzing HTTP servers by sending mutated HTTP requests with versions 1.1 and earlier. It has three main components: 1) generating inputs, 2) mutating generated inputs and 3) delivering them to the...
Wireshark-Forensics-Plugin : A cross-platform Wireshark plugin that correlates network traffic data
Wireshark-Forensics-Plugin is the most widely used network traffic analyzer. It is an important tool for both live traffic analysis & forensic analysis for forensic/malware analysts. Even though Wireshark provides incredibly powerful functionalities for protocol parsing & filtering, it does not provide any contextual information about network endpoints. For a typical analyst, who has to comb through GBs of PCAP...
Dep-Scan : Fully Open-Source Security Audit For Project Dependencies
dep-scan is a fully open-source security audit tool for project dependencies based on known vulnerabilities, advisories and license limitations. Both local repositories and container images are supported as input. The tool is ideal for CI environments with built-in build breaker logic. If you have just come across this repo, probably the best place to start is to checkout the parent...
Http-Desync-Guardian – Analyze HTTP Requests To Minimize Risks Of HTTP Desync Attacks
Http-Desync-Guardian is to Analyze HTTP Requests To Minimize Risks Of HTTP Desync Attacks. HTTP/1.1 went through a long evolution since 1991 to 2014: HTTP/0.9 – 1991HTTP/1.0 – 1996HTTP/1.1RFC 2068 – 1997RFC 2616 - 1999RFC 7230 - 2014 This means there is a variety of servers and clients, which might have different views on request boundaries, creating opportunities for desynchronization attacks (a.k.a. HTTP Desync). It might seem simple to follow...
Pip-Audit : Audits Python Environments And Dependency Trees For Known Vulnerabilities
pip-audit is a tool for scanning Python environments for packages with known vulnerabilities. It uses the Python Packaging Advisory Database (https://github.com/pypa/advisory-database) via the PyPI JSON API as a source of vulnerability reports. This project is developed by Trail of Bits with support from Google. This is not an official Google product. Features Support for auditing local environments and requirements-style filesSupport for multiple vulnerability services (PyPI, OSV)Support for emitting SBOMs in CycloneDX XML...
goCabrito : Super Organized And Flexible Script For Sending Phishing Campaigns
goCabrito is a super organized and flexible script for sending phishing campaigns. Features Sends to a single emailSends to lists of emails (text)Sends to lists emails with first, last name (csv)Supports attachmentsSplits emails in groupsDelays sending emails between each groupSupport Tags to be placed and replaced in the message's bodyAdd {{name}} tag into the HTML message to be replaced with name...
ReFlutter : Flutter Reverse Engineering Framework
ReFlutter framework helps with Flutter apps reverse engineering using the patched version of the Flutter library which is already compiled and ready for app repacking. This library has snapshot deserialization process modified to allow you perform dynamic analysis in a convenient way. Key features: socket.cc is patched for traffic monitoring and interception;dart.cc is modified to print classes, functions and some fields;contains minor changes...
Driftwood : Private Key Usage Verification
Driftwood is a tool that can enable you to lookup whether a private key is used for things like TLS or as a GitHub SSH key for a user. Driftwood performs lookups with the computed public key, so the private key never leaves where you run the tool. Additionally it supports some basic password cracking for encrypted keys. Installation Three easy ways...
