Fennec : Artifact Collection Tool For *Nix Systems
.png "Fennec : Artifact Collection Tool For *Nix Systems")
Fennec is an artifact collection tool written in Rust to be used during incident response on *nix based systems. fennec allows you to write a configuration file that contains how to collect artifacts. Features A single statically compiled binary Execute any osquery SQL query Execute system commands Parse any text file using regex Ability to collect system logs and files Return data in structured manner Support multiple...
ICMP-TransferTools : Transfer Files To And From A Windows Host Via ICMP In Restricted Network Environments
ICMP-TransferTools is a set of scripts designed to move files to and from Windows hosts in restricted network environments. This is accomplished using a total of 4 different files, consisting of a python server and powershell client for each transfer direction (Download & Upload). The only dependency required is Impacket for one of the python scripts. It can be installed via pip...
Covert-Control : Google Drive, OneDrive And Youtube As Covert-Channels – Control Systems Remotely By Uploading Files To Google Drive, OneDrive, Youtube Or Telegram
Covert-Control systems remotely by uploading files to Google Drive, OneDrive, Youtube or Telegram using Python to create the files and the listeners. It allows to create text files, images, audio or videos, with the commands in cleartext or encrypted using AES. covert-googledrive.py - Control systems uploading files to a public folder in Google Drive.covert-onedrive.py - Control systems uploading files to...
FormatFuzzer : A Framework For High-Efficiency, High-Quality Generation And Parsing Of Binary Inputs
FormatFuzzer is a framework for high-efficiency, high-quality generation and parsing of binary inputs. It takes a binary template that describes the format of a binary input and generates an executable that produces and parses the given binary format. From a binary template for GIF, for instance, FormatFuzzer produces a GIF generator - also known as GIF fuzzer. Generators produced by FormatFuzzer are highly efficient, producing thousands of valid test inputs per second...
Live-Forensicator : Powershell Script To Aid Incidence Response And Live Forensics
.png "Live-Forensicator : Powershell Script To Aid Incidence Response And Live Forensics")
Live Forensicator is part of the Black Widow Toolbox, its aim is to assist Forensic Investigators and Incidence responders in carrying out a quick live forensic investigation. It achieves this by gathering different system information for further review for anomalous behaviour or unexpected data entry, it also looks out for unusual files or activities and points it out to the...
Phantun : Transforms UDP Stream Into (Fake) TCP Streams That Can Go Through Layer 3 &Amp
.png "Phantun : Transforms UDP Stream Into (Fake) TCP Streams That Can Go Through Layer 3 &Amp")
Phantun is a project that obfuscated UDP packets into TCP connections. It aims to achieve maximum performance with minimum processing and encapsulation overhead. It is commonly used in environments where UDP is blocked/throttled but TCP is allowed through. Phantun simply converts a stream of UDP packets into obfuscated TCP stream packets. The TCP stack used by Phantun is designed to pass...
CobaltBus : Cobalt Strike External C2 Integration With Azure Servicebus, C2 Traffic Via Azure Servicebus
.png "CobaltBus : Cobalt Strike External C2 Integration With Azure Servicebus, C2 Traffic Via Azure Servicebus")
CobaltBus is a Cobalt Strike External C2 Integration With Azure Servicebus, C2 traffic via Azure Servicebus Setup Create an Azure Service BusCreate a Shared access policy (Connection string) that can only Send and ListenEdit the static connectionString variable in Beacon C# projects to match the "Primary Connection String" value for the Shared access policy created in step 2.The same variables need...
Odin : Central IoC Scanner Based On Loki
.png "Odin : Central IoC Scanner Based On Loki")
Odin is a central IoC scanner based on Loki. General Info This application Loki latest version and download it on all machines using a powershell script and run it then this app receives the respose from all machines and parse the feed in CSV form. Requirements Python +3.5PyQT5psutilpyparsingzipfile Fetch Odin download and extract the latest version on Loki and start HTTP server to deliver the...
Auto-Elevate : Escalate From A Low-Integrity Administrator Account To NT AUTHORITYSYSTEM
.png "Auto-Elevate : Escalate From A Low-Integrity Administrator Account To NT AUTHORITY\SYSTEM")
Auto-Elevate tool demonstrates the power of UAC bypasses and built-in features of Windows. This utility auto-locates winlogon.exe, steals and impersonates it's process TOKEN, and spawns a new SYSTEM-level process with the stolen token. Combined with UAC bypass method #41 (ICMLuaUtil UAC bypass) from hfiref0x's UACME utility, this utility can auto-elevate a low privileged Administrative account to NT AUTHORITYSYSTEM. The following...
Subdomains.Sh : A Wrapper Around Tools I Use For Subdomain Enumeration On A Given Domain
.png "Subdomains.Sh : A Wrapper Around Tools I Use For Subdomain Enumeration On A Given Domain")
Subdomains.Sh is a wrapper around tools used for subdomain enumeration, to automate the workflow, on a given domain, written in bash. The Workflow Installation Run the installation script: curl -s https://raw.githubusercontent.com/enenumxela/subdomains.sh/main/install.sh | bash - Or run in an ephemeral Docker container: Clone the repository and run cd subdomains.shBuild the container image./docker-subdomains.sh buildAfter build, you can run the script with the same options listed above.Each run will...
