Gh-Dork : Github Dorking Tool
Gh-Dork is a Github Dorking Tool. Supply a list of dorks and, optionally, one of the following: a user (-u)a file with a list of users (-uf)an organization (-org)a file with a list of organizations (-of)a repo (-r) You can also pass: an output directory to store results (-o)a filename to store valid items, if your users or org file may contain...
BloodyAD : An Active Directory Privilege Escalation Framework
BloodyAD is an Active Directory Privilege Escalation Framework, it can be used manually using bloodyAD.py or automatically by combining pathgen.py and autobloody.py. This framework supports NTLM (with password or NTLM hashes) and Kerberos authentication and binds to LDAP/LDAPS/SAMR services of a domain controller to obtain AD privesc. It is designed to be used transparently with a SOCKS proxy. bloodyAD Description This tool can perform specific LDAP/SAMR calls to a...
Ninjas workout : Vulnerable NodeJS Web Application
Ninjas workout is a Vulnerable NodeJS Web Application. Quick Start Download the Repo =>run npm i After Installing all dependency just run the application node app.js or nodemon app.js ADDED BUGS Prototype Pollution No SQL Injection Cross site Scripting Broken Access Control Broken Session Management Weak Regex Implementation Race Condition CSRF -Cross Site Request Forgery Weak Bruteforce Protection User Enumeration Reset Password token leaking in Referrer Reset Password bugs Sensitive Data Exposure Unicode Case Mapping Collision File Upload SSRF XXEOpen Redirection Directory Traversal Insecure...
FACT : A Tool To Collect, Process And Visualise Forensic Data From Clusters Of Machines
FACT is a tool to collect, process and visualise forensic data from clusters of machines running in the cloud or on-premise. Deployment For a basic single-node deployment, we recommend using Docker and Docker Compose. First, read docker-compose.yaml for configuration and requirements. Then, start the stack using: docker-compose up -d Installation To install FACT for deployment Docker Compose Single-node DeploymentKubernetes Multi-node Deployment For a development environment, see the developer documentation Docker Compose Single-node Deployment You...
Xolo : Tool To Crawl, Visualize And Interact With SQL Server Links In A D3 Graph
Xolo is a tool to crawl, visualize and interact with SQL server links in a d3 graph to help in your red/blue/purple/.../risk assessments pentest hacking team exercises. Requirements Requests==2.18.4Flask==0.12.2JsonPypyodbcbeautifulsoup4==4.6.0lxml==4.1.0Example:pip install pypyodbcpython -m pip install pypyodbc Install/Run DownloadDecompressPut it in directoryRun itc:xolo>python main.py…* Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)Open your browser http://127.0.0.1:5000/ Download
Dontgo403 : Tool To Bypass 40X Response Codes
Dontgo403 is a tool to bypass 40X error. Installation git clone https://github.com/devploit/dontgo403; cd dontgo403; go get; go build Customization If you want to edit or add new bypasses, you can add it directly to the specific file in payloads folder and the tool will use it. Options ./dontgo403 -hCommand line application that automates different ways to bypass 40X codes.Usage:dontgo403 Flags:-b, --bypassIp string Try bypass tests with a...
VulnLab : A Web Vulnerability Lab Project
VulnLab is a web vulnerability lab project developed by Yavuzlar. Vulnerabilities SQL InjectionCross Site Scripting (XSS)Command InjectionInsecure Direct Object References (IDOR)Cross Site Request Forgery (CSRF)XML External Entity (XXE)Insecure DeserializationFile UploadFile InclusionBroken Authentication Installation Install with DockerHub If you want to install on DockerHub, just type this command docker run --name vulnlab -d -p 1337:80 yavuzlar/vulnlab:latest Go to http://localhost:1337 Manuel Installation Clone the repo git clone https://github.com/Yavuzlar/VulnLab Build docker image docker build -t...
Http2Smugl : Tool to detect and exploit HTTP request smuggling
Http2Smugl tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion by the frontend server. The scheme is as follows: An attacker sends a crafted HTTP/2 request to the target server, which we call frontend.The request is (presumably) converted to HTTP/1.1 and transmitted to another, backend server. The attacker wants to find such a request...
Whatfiles : Log What Files Are Accessed By Any Linux Process
Whatfiles is a Linux utility that logs what files another program reads/writes/creates/deletes on your system. It traces any new processes and threads that are created by the targeted process as well. Rationale I've long been frustrated at the lack of a simple utility to see which files a process touches from main() to exit. Whether you don't trust a software vendor or are...
Second-Order : Subdomain Takeover Scanner
Second-Order is a Scans web applications for second-order subdomain takeover by crawling the app, and collecting URLs (and other data) that match certain rules, or respond in a certain way. Installation From binary Download a prebuilt binary from the releases page and unzip it. From source Go version 1.17 is recommended go install -v github.com/mhmdiaa/second-order@latest Docker docker pull mhmdiaa/second-order Command line options -target stringTarget URL-config stringConfiguration file (default "config.json")-depth intDepth to...
