AFLTriage : Tool To Triage Crashing Input Files Using A Debugger
AFLTriage is a tool to triage crashing input files using a debugger. It is designed to be portable and not require any run-time dependencies, besides libc and an external debugger. It supports triaging crashes generated by any program, not just AFL, but recognizes AFL directories specially, hence the name. Some notable features include: Multiple report formats: text, JSON, and raw debugger JSONParallel crash triageCrash...
O365Spray : Username Enumeration And Password Spraying Tool Aimed At Microsoft O365
O365Spray a username enumeration and password spraying tool aimed at Microsoft Office 365 (O365). This tool reimplements a collection of enumeration and spray techniques researched and identified by those mentioned in Acknowledgments. WARNING: The oAuth2 module for user enumeration is performed by submitting a single authentication attempt per user. If the module is run in conjunction with password spraying in a...
SMBeagle : Fileshare Auditing Tool That Hunts Out All Files It Can See In The Network And Reports If The File Can Be Read And/Or Written
SMBeagle is an (SMB) file share auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elastic search host, or both!? SMBeagle tries to make use of the win32 APIs for maximum speed, but...
Fileless-Xec : Stealth Dropper Executing Remote Binaries Without Dropping Them On Disk
Fileless-Xec is a Stealth Dropper Executing Remote Binaries Without Dropping Them On Disk Pentest use: fileless-xec is used on target machine to stealthy execute a binary file located on attacker machine Short story fileless-xec enable us to execute a remote binary on a local machine directly from memory without dropping them on disk Install From release Linux: curl -lO -L https://github.com/ariary/fileless-xec/releases/latest/download/fileless-xec Windows: curl -lO -L https://github.com/ariary/fileless-xec/releases/latest/download/fileless-xec_windows.exe From source Clone the...
Infrastructure-as-Code (IaC) Management in the Cloud
One of the most critical and vital components today, in the Cloud era, is the Infrastructure as Code (IaC). In this post, I decided to write my paper to explain how infrastructure management as Code in the Cloud in general. Not long ago, the job of a system administrator was not easy. All the hardware and software had to be maintained and...
Kali Intelligence Suite : Shall Aid In The Fast, Autonomous, Central, And Comprehensive Collection Of Intelligence By Executing Standard Penetration Testing Tools
Kali Intelligence Suite (KIS) is an intelligence gathering and data mining tool for penetration testers. It shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by automatically: executing Kali Linux tools (e.g., dnsrecon, gobuster, hydra, nmap, etc.)querying publicly available APIs (e.g., Censys.io, Haveibeenpwned.com, Hunter.io, Securitytrails.com, DNSdumpster.com, Shodan.io, etc.)storing the collected data in a central PostgreSQL database (see...
Swurg : Parse OpenAPI Documents Into Burp Suite For Automating OpenAPI-based APIs Security Assessments
Swurg is a Burp Suite extension designed for OpenAPI testing. The OpenAPI Specification (OAS) defines a standard, programming language-agnostic interface description for REST APIs, which allows both humans and computers to discover and understand the capabilities of a service without requiring access to source code, additional documentation, or inspection of network traffic. When properly defined via OpenAPI, a consumer can...
STEWS : A Security Tool For Enumerating Web Sockets
STEWS is a tool suite for security testing of Web Sockets This research was first presented at OWASP Global AppSec US 2021 Features STEWS provides the ability to: Discover: find WebSockets endpoints on the web by testing a list of domainsFingerprint: determine what WebSockets server is running on the endpointVulnerability Detection: test whether the WebSockets server is vulnerable to a known WebSockets vulnerability The included...
Toutatis : A Tool That Allows You To Extract Information From Instagram Accounts Such As E-Mails, Phone Numbers And More
Toutatis is a tool that allows you to extract information from instagrams accounts such as e-mails, phone numbers and moreFor BTC Donations : 1FHDM49QfZX6pJmhjLE5tB2K6CaTLMZpXZ Prerequisite Python 3 Installation With PyPI pip install toutatis With Github git clone https://github.com/megadose/toutatis.gitcd toutatis/python3 setup.py install Usage toutatis -u username -s instagramsessionid Example Informations about : xxxusernamexxxFull Name : xxxusernamesxx | userID : 123456789Verified : False | Is buisness Account : FalseIs private Account :...
Forbidden : Bypass 4Xx HTTP Response Status Codes
Forbidden is to Bypass 4xx HTTP response status codes. Based on PycURL. Script uses multithreading, and is based on brute forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. To filter out false positives, check each content length manually with the provided cURL command. If it does...
