RAUDI : A Repo To Automatically Generate And Keep Updated A Series Of Docker Images
RAUDI (Regularly and Automatically Updated Docker Images) automatically generates and keep updated a series of Docker Images through GitHub Actions for tools that are not provided by the developers. What is RAUDI RAUDI is what will save you from creating and managing a lot of Docker Images manually. Every time a software is updated you need to update the Docker Image if you want to use the...
SpoofThatMail : Bash Script To Check If A Domain Or List Of Domains Can Be Spoofed Based In DMARC Records
SpoofThatMail is a Bash script to check if a domain or list of domains can be spoofed based in DMARC records File with domains: sh SpoofThatMail.sh -f domains.txt One single domain: sh SpoofThatMail.sh -d domain The script may not work if sp param is before p param (currently working on this) Test manually using nslookup -type=txt _dmarc.domain.com Download
WannaRace : WebApp Intentionally Made Vulnerable To Race Condition For Practicing Race Condition
WannaRace is a WebApp intentionally made vulnerable to Race Condition Description Race Condition vulnerability can be practiced in the developed WebApp. Task is to buy a Mega Box using race condition that costs more than available vouchers. Two challenges are made for practice. Challenge B is to be solved when PHPSESSID cookie is present, cookie is auto created when user is...
PasteMonitor : Scrape Pastebin API To Collect Daily Pastes, Setup A Wordlist And Be Alerted By Email When You Have A Match
PasteMonitor is a Scrape Pastebin API to collect daily pastes, setup a wordlist and be alerted by email when you have a match. Description The PasteMonitor tool allows you to perform two main actions (for educational purposes only): Download daily new public pastes Send automatic email alert You can setup a wordlist and be alerted by email when you have a match If your paste...
LACheck : Multithreaded C# .NET Assembly Local Administrative Privilege Enumeration
LACheck is a Multithreaded C# .NET Assembly Local Administrative Privilege Enumeration. Arguments ./LACheck.exe help _ _ _ | | / / | | | || | / | | | |_ _ | | | | / / | | | '_ / _ / | |/ / | | / | || | | | /...
Shellcode-Encryptor : A Simple Shell Code Encryptor/Decryptor/Executor To Bypass Anti Virus
Shellcode-Encryptor is a simple shell code encryptor/decryptor/executor to bypass anti virus. Note: I have completely redone the work flow for creating the bypass, I have found injecting the binary into memory using PowerShell as the most effective method. Purpose To generate a .Net binary containing base64 encoded, AES encrypted shellcode that will execute on a Windows target, bypassing anti-virus. Instructions Use the meterpreter_encryptor.py to create the encrypted...
Mortar : Evasion Technique To Defeat And Divert Detection And Prevention Of Security Products (AV/EDR/XDR)
Mortar is a red teaming evasion technique to defeat and divert detection and prevention of security products. Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions and it has been...
RCLocals : Linux Startup Analyzer
RCLocals is inspired by 'Autoruns' from Sysinternals, RCLocals analyzes all Linux startup possibilities to find backdoors, also performs process integrity verification, scan for DLL injected processes and much more Things covered: ·List GPG keys trusted by the system ·Installed Packages ·File integrity ·Process integrity (process and libraries loaded in a process that not belongs to any installed package) ·Processes with name spoofed (processes that use prctl() to...
Log4J-Detect : Script To Detect The “Log4j” Java Library Vulnerability For A List Of URLs With Multithreading
Log4J-Detect is a script "log4j-detect.py" developed in Python 3 is responsible for detecting whether a list of URLs are vulnerable to CVE-2021-44228. To do so, it sends a GET request using threads (higher performance) to each of the URLs in the specified list. The GET request contains a payload that on success returns a DNS request to Burp Collaborator /...
Rustpad : Multi-Threaded Padding Oracle Attacks Against Any Service
Rustpad is a multi-threaded successor to the classic padbuster, written in Rust. It abuses a Padding Oracle vulnerability to decrypt any cypher text or encrypt arbitrary plain text without knowing the encryption key! Features Decryption of cypher textsEncryption of arbitrary plain textMulti-threading on both block and byte levelModern, real-time and interactive TUI!No-TTY support, so you can just pipe output to a fileSupports Web server oracles...... and Script-based oracles. For...
