Hybrid Test Framework : End To End Testing Of Web, API And Security
.png "Hybrid Test Framework : End To End Testing Of Web, API And Security")
Hybrid Test Framework is a framework supports WebUi automation across a variety of browsers like Chrome, Firefox, IE, no only limited to this but extended to test rest api, security and visual testing. Capabilities Cross browser testing supportAdded browserstack support for CrossBrowser testingRunning tests in docker containers selenium gridRunning tests in AWS DeviceFarm selenium gridRunning tests in selenium server in docker...
Talisman : By Hooking Talisman Validates The Outgoing Changeset For Things That Look Suspicious
.png "Talisman : By Hooking Talisman Validates The Outgoing Changeset For Things That Look Suspicious")
Talisman is a tool that installs a hook to your repository to ensure that potential secrets or sensitive information do not leave the developer's workstation. It validates the outgoing changeset for things that look suspicious - such as potential SSH keys, authorization tokens, private keys etc. Installation Talisman supports MAC OSX, Linux and Windows. Talisman can be installed and used in one of...
Boko : Application Hijack Scanner For macOS
Boko.py is an application scanner for macOS that searches for and identifies potential dylib hijacking and weak dylib vulnerabilities for application executables, as well as scripts an application may use that have the potential to be backdoored. The tool also calls out interesting files and lists them instead of manually browsing the file system for analysis. With the active...
Sharp Cookie Monster : Extracts Cookies From Chrome
Sharp Cookie Monster is a Sharp port of @defaultnamehere's cookie-crimes module - full credit for their awesome work! This C# project will dump cookies for all sites, even those with http Only/secure/session flags. Usage Simply run the binary. SharpCookieMonster.exe An optional first argument sepcifies the site that chrome will initially connect to when launched (default https://www.google.com). An optional second argument specifies the port to launch...
Njsscan : A Semantic Aware SAST Tool That Can Find Insecure Code Patterns In Node.js Applications
.png "Njsscan : A Semantic Aware SAST Tool That Can Find Insecure Code Patterns In Node.js Applications")
Njsscan is a static application testing (SAST) tool that can find insecure code patterns in your node.js applications using simple pattern matcher from libsast and syntax-aware semantic code pattern search tool semgrep. Installation pip install njsscan Requires Python 3.6+ and supports only Mac and Linux Command Line Options $ njsscanusage: njsscan positional arguments:path Path can be file(s) or...
Snaffler : A Tool For Pentesters To Help Find Delicious Candy
Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly, but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment). It might also be useful for other people doing other stuff, but it is explicitly NOT meant to be an "audit" tool. What does it do? Broadly speaking - it gets a list of Windows computers from...
Macrome : Excel Macro Document Reader/Writer For Red Teamers And Analysts
Macrome an Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found here and here. Installation / Building Clone or download this repository, the tool can then be executed using dotnet - for example: dotnet run -- build --decoy-document Docsdecoy_document.xls --payload Docspopcalc.bin or dotnet buildcd bin/Debug/netcoreapp2.0dotnet Macrome.dll deobfuscate --path obfuscated_document.xls Note that a 5.0+ build of dotnet is...
FakeLogonScreen : Fake Windows Logon Screen To Steal Passwords
.png "FakeLogonScreen : Fake Windows Logon Screen To Steal Passwords")
FakeLogonScreen is a utility to fake the Windows logon screen in order to obtain the user's password. The password entered is validated against the Active Directory or local machine to make sure it is correct and is then displayed to the console or saved to disk. It can either be executed by simply running the .exe file, or using for...
Shellcodetester : An Application To Test Windows And Linux Shellcodes
Shellcodetester is a tool that tests generated ShellCodes. Usage Example ShellCode Tester Linux Installation git clone https://github.com/helviojunior/shellcodetester.git cd shellcodetester/Linux make Usage Without break-point: shellcodetester With break-point (INT3). The break-point will be inserted before our generated shellcode: shellcodetester --break-point Download
Flare-Qdb : Command-line And Python Debugger For Instrumenting And Modifying Native Software
Flare-qdb is a command-line and scriptable Python-based tool for evaluating and manipulating native program state. It uses Vivisect to set a breakpoint on each queried instruction and executes Python code when hit. flare-qdb frees the analyst to take a nonlinear approach to dynamic analysis that accommodates the questions that arise in the course of normal debugging and static analysis. flare-qdb answers these...
