Geowifi : Search WiFi Geolocation Data By BSSID And SSID On Different Public Databases
Geowifi is a tool to Search WiFi geolocation data by BSSID and SSID on different public databases. Databases WigleAppleOpenWifiMilnikov Prerequisites Python3.In order to display emojis on Windows, it is recommended to install the new Windows terminal. In order to use the Wigle service it is necessary to obtain an API and configure the utils/API.yaml file replacing the value of the "wigle_auth" parameter for the "Encoded for use" data provided by Wigle. This...
GraphQL Cop : Security Auditor Utility For GraphQL APIs
.png "GraphQL Cop : Security Auditor Utility For GraphQL APIs")
GraphQL Cop is a small Python utility to run common security tests against GraphQL APIs. GraphQL Cop is perfect for running CI/CD checks in GraphQL. It is lightweight, and covers interesting security issues in GraphQL. GraphQL Cop allows you to reproduce the findings by providing cURL commands upon any identified vulnerabilities. Requirements Python3Requests Library Detections Alias Overloading (DoS)Batch Queries (DoS)GET based Queries (CSRF)GraphQL Tracing...
Fastfuz-Chrome-Ext : Site Fast Fuzzing With Chorme Extension
.png "Fastfuz-Chrome-Ext : Site Fast Fuzzing With Chorme Extension")
Fastfuz-Chrome-Ext is a Fast fuzzing websites with chrome extension. Screenshot Install Add Your Custom Files Open files.txtPaste your file or directory name in line by lineHappy Hunting Download
Osmedeus : A Workflow Engine For Offensive Security
.png "Osmedeus : A Workflow Engine For Offensive Security"){kind=spacer}
Osmedeus is a Workflow Engine for Offensive Security. Installation NOTE that you need some essential tools like curl, wget, git, zip and login as root to start bash -c "$(curl -fsSL https://raw.githubusercontent.com/osmedeus/osmedeus-base/master/install.sh)" Build the engine from source Make sure you installed golang >= v1.17 mkdir -p $GOPATH/src/github.com/j3ssiegit clone --depth=1 https://github.com/j3ssie/osmedeus $GOPATH/src/github.com/j3ssie/osmedeuscd $GOPATH/src/github.com/j3ssie/osmedeusmake build Usage Scan Usage:osmedeus scan -f -t osmedeus scan -m -T osmedeus scan -f /path/to/flow.yaml -t osmedeus scan...
PwnKit-Exploit : Proof Of Concept (PoC) CVE-2021-4034
.png "PwnKit-Exploit : Proof Of Concept (PoC) CVE-2021-4034")
PwnKit-Exploit, a local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. Proof of Concept debian@debian:~/PwnKit-Exploit$ makecc -Wall exploit.c -o exploitdebian@debian:~/PwnKit-Exploit$ whoamidebiandebian@debian:~/PwnKit-Exploit$ ./exploitCurrent User before execute exploithacker@victim$whoami: debianExploit written by @luijait (0x6c75696a616974) Enjoy your root if exploit was completed succesfullyroot@debian:/home/debian/PwnKit-Exploit# whoamirootroot@debian:/home/debian/PwnKit-Exploit# Fix CommandUsesudo chmod 0755...
PyShell : Multiplatform Python WebShell
.png "PyShell : Multiplatform Python WebShell")
PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells, the main goal of the tool is to use as little code as possible on the server side, regardless of the language used or the operating system of the server. Thanks to this, you can use...
Authz0 : An Automated Authorization Test Tool
.png "Authz0 : An Automated Authorization Test Tool")
Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials. URLs and Roles are managed as YAML-based templates, which can be automatically created and added through authz0. You can also test based on multiple authentication headers and cookies with a template file created/generated once. Key Features Generate scan template $ authz0 newInclude URLsInclude RolesInclude...
Hacc The Hub : Open Source Self-Hosted Cyber Security Learning Platform
.png "Hacc The Hub : Open Source Self-Hosted Cyber Security Learning Platform")
Hacc The Hub is an open source project that provides cyber security The Hacc The Hub system consists of 3 main parts: Docker: containing all of the boxes creating the environment in which we'll be learning on.The backend: controlling Docker and responsible for starting/destroying individual box in the system and managing the networking that joins them into a unified system.The frontend:...
IOC Scraper : A Fast And Reliable Service That Enables You To Extract IOCs
IOC Scraper utilises IOCPARSER service to fetch IOCs from different vendor Blogs, PDFs, and CSV files. Parsing IOCs is time-consuming process, using current script one can automatically extract and aggregate IOCs easily. Features Defanged IOCs : Supports extracting and defanging IOCs.Whitelist IOCs : Supports custom whitlisting of IOCs.Source Types : Supports variety of sources such as Blogs, PDFs, CSV, and much more. Supported IOC...
Chaya : Advance Image Steganography
.png "Chaya : Advance Image Steganography")
Chaya protects your privacy through steganography, cryptography and compression. It effectively encrypts your payloads using AES-256-GCM cryptography, embeds them using LSB-LPS steganography technique into images and compresses them using FLIF to evade detection by performing lossless compression. Chaya is for your privacy. Chaya is backed by research (I will publish public version whitepaper on xerohack.com), and has proven to be by far the most effective image steganography...
