Spray365 : Makes Spraying Microsoft Accounts Through Two-Step Password Spraying Approach
Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD). How is Spray365 different from the many other password spraying tools that are already available? Spray365 enables passwords to be sprayed from an "execution plan". While having a pre-generated execution plan that describe the spraying operation well before it occurs has...
SQLbit : Just Another Script For Automatize Boolean-Based Blind SQL Injectionsv
SQLbit is just another script for automatize boolean-based blind SQL injections.Works with SQLite at least, supports using cookies.It uses bitwise comparisons with multithreading to find cell values instead of binary search, which is more efficient. It's able to: Search cell values by columns in a tableSearch characters count in a cells by columns in a tableSearch rows count in a...
Mesh-Kridik : An Open-Source Security Checker That Performs Security Checks On A Kubernetes Cluster
Mesh-Kridik is an open-source security checker that performs various security checks on a Kubernetes cluster with istio service mesh and outputs a security report The security checks tests are the full implementation of istio security best practices The security checks performed on a Kubernetes cluster with istio service mesh and is leveraged by OPA (Open Policy Agent) to enforce security rules, and...
Web Cache Vulnerability Scanner : A Go-based CLI Tool For Testing Web Cache Poisoning
Web Cache Vulnerability Scanner (WCVS) is a fast and versatile CLI scanner for web cache poisoning developed by Hackmanit. The scanner supports many different web cache poisoning techniques, includes a crawler to identify further URLs to test, and can adapt to a specific web cache for more efficient testing. It is highly customizable and can be easily integrated into existing CI/CD pipelines. Features Support for...
MUI : A GUI Plugin For Binary Ninja To Interact And View The Progress Of Manticore
MUI (Manticore User Interface) project, we provide a graphical user interface plugin for Binary Ninja to allow users to easily interact with and view progress of the Manticore symbolic execution engine for analysis of smart contracts and native binaries. ATTENTION This project is under active development and may be unstable or unusable. Please open an issue if you have any difficulties using the existing...
How To Get The User Manuals Of Popular Xiaomi Products
1. Introduction Xiaomi is a Chinese electronics company headquartered in Beijing. It was founded by Lei Jun, who is currently its CEO and co-founder on April 6, 2010. With a market value of $45 billion and over 70 million devices sold in 2015, Xiaomi is the world's 3rd largest smartphone manufacturer. The brand has an avid fan following, which makes it...
Umay : IoT Malware Similarity Analysis Platform
Umay project provides IoT malware similarity analysis based on shared codes. It helps to identify other malwares that have shared code with the analyzed file. In this way, you can have a chance to get an idea about the family of the malware. There are various devices with different architectures in the IoT ecosystem. Static-based methods are more effective...
MultiPotato : Another Potato to get SYSTEM via SeImpersonate privileges
MultiPotato is just another Potato to get SYSTEM via SeImpersonate privileges. But this one is different in terms of It doesn't contain any SYSTEM auth trigger for weaponization. Instead the code can be used to integrate your favorite trigger by yourself.It's not only using CreateProcessWithTokenW to spawn a new process. Instead you can choose between CreateProcessWithTokenW, CreateProcessAsUserW, CreateUser and BindShell. So this project is able to open up...
TrojanSourceFinder : Help Find Trojan Source Vulnerability In Code
TrojanSourceFinder is a Trojan Source vulnerability allows an attacker to make malicious code appear innocent. In general, the attacker tries to lure by passing his code off as a comment (visually). It is a serious threat because it concerns many languages. Projects with multiple "untrusted" sources could be concerned. Install With go Via go install go install github.com/ariary/TrojanSourceFinder/cmd/tsfinder@latest Make sure $GOPATH is in your $PATH From source git clone https://github.com/ariary/TrojanSourceFindercd TrojanSourceFindermake...
Mariana Trench : Security Focused Static Analysis Tool For Android And Java Applications
Mariana Trench is a security focused static analysis platform targeting Android. This guide will walk you through setting up Mariana Trench on your machine and get you to find your first remote code execution vulnerability in a small sample app. These instructions are also available at our website. Prerequisites Mariana Trench requires a recent version of Python. On MacOS you can get a current...
