Autotimeliner : Automagically Extract Forensic Timeline From Volatile Memory Dump

0

Autotimeliner tool will automagically extract forensic timeline from volatile memory dumps. Requirements Python 3Volatilitymactime (from SleuthKit) (Developed and tested on Debian 9.6 with Volatility 2.6-1 and sleuthkit 4.4.0-5) How it works AutoTimeline automates this workflow: Identify correct volatility profile for the memory image.Runs the timeliner plugin against volatile memory dump using volatility.Runs the mftparser volatility plugin, in order to extract $MFT from memory and generate a bodyfile.Runs the shellbags volatility plugin in order to generate...

Droopescan : A Plugin-Based Scanner That Aids Security Researchers

0

Droopescan is a plugin-based scanner that aids security researchers in identifying issues with several CMS. Usage of droopescan for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program. Please...

Exrop : Automatic ROP Chain Generation

0

Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints Requirements : Triton, ROPGadget Only support for x86-64 for now! Features handling non-return gadgets (jmp reg, call reg)set registers (rdi=0xxxxxx, rsi=0xxxxxx)set register to register (rdi=rax)write to memwrite string/bytes to memfunction call (open('/etc/passwd',0))pass register in function call (read('rax', bss, 0x100))avoiding badcharsstack pivoting (Exrop.stack_pivot)syscall (Exrop.syscall)see examples Installation install python (3.6 is recomended...

truffleHog : Searches Through Git Repositories For High Entropy Strings And Secrets

0

truffleHog previously functioned by running entropy checks on git diffs. This functionality still exists, but high signal regex checks have been added, and the ability to suppress entropy checking has also been added. trufflehog --regex --entropy=False https://github.com/dxa4481/truffleHog.git or trufflehog file:///user/dxa4481/codeprojects/truffleHog/ With the --include_paths and --exclude_paths options, it is also possible to limit scanning to a subset of objects in the Git history by defining regular expressions (one...

Get-RBCD-Threaded : Tool To Discover Resource-Based Constrained Delegation Attack Paths

0

Get-RBCD-Threaded is a tool to discover Resource-Based Constrained Delegation attack paths in Active Directory Environments Based almost entirely on wonderful blog posts "Wagging the Dog: Abusing Resource-Based Constrained Delegation to Attack Active Directory" by Elad Shamir and "A Case Study in Wagging the Dog: Computer Takeover" by harmj0y. Read these two blog posts if you actually want to understand what is going on...

Cloudsploit : Cloud Security Posture Management (CSPM)

0

CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts, including: Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), Oracle Cloud Infrastructure (OCI), and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks. Deployment Options CloudSploit is available in two deployment options: Self-Hosted Follow the instructions below...

Dive : A Tool For Exploring Each Layer In A Docker Image

0

Dive is a tool for exploring a docker image, layer contents, and discovering ways to shrink the size of your Docker/OCI image. To analyze a Docker image simply run dive with an image tag/id/digest: dive <your-image-tag> or if you want to build your image then jump straight into analyzing it: dive build -t <some-tag> Building on Macbook (supporting only the Docker container engine) docker run...

Php-Malware-Finder : Detect Potentially Malicious PHP Files

0

PHP-malware-finder does its very best to detect obfuscated/dodgy code as well as files using PHP functions often used in malwares/webshells. The following list of encoders/obfuscators/webshells are also detected: BantamBest PHP ObfuscatorCarbylamineCipher DesignCyklodevJoes Web Tools ObfuscatorP.A.SPHP JiamiPhp Obfuscator EncodeSpinObfWeevely3atomikucobra obfuscatornanonovahotphpencodetenncweb-malware-collectionwebtoolsvn Of course it's trivial to bypass PMF, but its goal is to catch kiddies and idiots, not people with a working brain. If you report...

TerraGoat : Vulnerable Terraform Infrastructure

0

TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments. Introduction TerraGoat was built to enable DevSecOps design and implement a sustainable misconfiguration prevention strategy. It can be used to test a policy-as-code framework like Bridgecrew & Checkov, inline-linters, pre-commit hooks or other code scanning...

LDAP-Password-Hunter : Password Hunter In The LDAP Infamous Database

0

LDAP Password Hunter is a tool which wraps features of getTGT.py (Impacket) and ldapsearch in order to look up for password stored in LDAP database. Impacket getTGT.py script is used in order to authenticate the domain account used for enumeration and save its TGT kerberos ticket. TGT ticket is then exported in KRB5CCNAME variable which is used by ldapsearch...