T-Reqs-HTTP-Fuzzer : A Grammar-Based HTTP Fuzzer
T-Reqs-HTTP-Fuzzer (Two Requests) is a grammar-based HTTP Fuzzer written as a part of the paper titled "T-Reqs: HTTP Request Smuggling with Differential Fuzzing" which was presented at ACM CCS 2021. T-Reqs is for fuzzing HTTP servers by sending mutated HTTP requests with versions 1.1 and earlier. It has three main components: 1) generating inputs, 2) mutating generated inputs and 3) delivering them to the...
Wireshark-Forensics-Plugin : A cross-platform Wireshark plugin that correlates network traffic data
Wireshark-Forensics-Plugin is the most widely used network traffic analyzer. It is an important tool for both live traffic analysis & forensic analysis for forensic/malware analysts. Even though Wireshark provides incredibly powerful functionalities for protocol parsing & filtering, it does not provide any contextual information about network endpoints. For a typical analyst, who has to comb through GBs of PCAP...
Dep-Scan : Fully Open-Source Security Audit For Project Dependencies
dep-scan is a fully open-source security audit tool for project dependencies based on known vulnerabilities, advisories and license limitations. Both local repositories and container images are supported as input. The tool is ideal for CI environments with built-in build breaker logic. If you have just come across this repo, probably the best place to start is to checkout the parent...
Http-Desync-Guardian – Analyze HTTP Requests To Minimize Risks Of HTTP Desync Attacks
Http-Desync-Guardian is to Analyze HTTP Requests To Minimize Risks Of HTTP Desync Attacks. HTTP/1.1 went through a long evolution since 1991 to 2014: HTTP/0.9 – 1991HTTP/1.0 – 1996HTTP/1.1RFC 2068 – 1997RFC 2616 - 1999RFC 7230 - 2014 This means there is a variety of servers and clients, which might have different views on request boundaries, creating opportunities for desynchronization attacks (a.k.a. HTTP Desync). It might seem simple to follow...
Pip-Audit : Audits Python Environments And Dependency Trees For Known Vulnerabilities
pip-audit is a tool for scanning Python environments for packages with known vulnerabilities. It uses the Python Packaging Advisory Database (https://github.com/pypa/advisory-database) via the PyPI JSON API as a source of vulnerability reports. This project is developed by Trail of Bits with support from Google. This is not an official Google product. Features Support for auditing local environments and requirements-style filesSupport for multiple vulnerability services (PyPI, OSV)Support for emitting SBOMs in CycloneDX XML...
goCabrito : Super Organized And Flexible Script For Sending Phishing Campaigns
goCabrito is a super organized and flexible script for sending phishing campaigns. Features Sends to a single emailSends to lists of emails (text)Sends to lists emails with first, last name (csv)Supports attachmentsSplits emails in groupsDelays sending emails between each groupSupport Tags to be placed and replaced in the message's bodyAdd {{name}} tag into the HTML message to be replaced with name...
ReFlutter : Flutter Reverse Engineering Framework
ReFlutter framework helps with Flutter apps reverse engineering using the patched version of the Flutter library which is already compiled and ready for app repacking. This library has snapshot deserialization process modified to allow you perform dynamic analysis in a convenient way. Key features: socket.cc is patched for traffic monitoring and interception;dart.cc is modified to print classes, functions and some fields;contains minor changes...
Driftwood : Private Key Usage Verification
Driftwood is a tool that can enable you to lookup whether a private key is used for things like TLS or as a GitHub SSH key for a user. Driftwood performs lookups with the computed public key, so the private key never leaves where you run the tool. Additionally it supports some basic password cracking for encrypted keys. Installation Three easy ways...
Inject-Assembly : Inject .NET Assemblies Into An Existing Process
Inject-Assembly is an alternative to traditional fork and run execution for Cobalt Strike. The loader can be injected into any process, including the current Beacon. Long-running assemblies will continue to run and send output back to the Beacon, similar to the behavior of execute-assembly. There are two components of inject-assembly: BOF initializer: A small program responsible for injecting the assembly loader...
Registry-Spy : Cross-platform Registry Browser For Raw Windows Registry Files
Registry-Spy is a free, open-source cross-platform Windows Registry viewer. It is a fast, modern, and versatile explorer for raw registry files. Features include: Fast, on-the-fly parsing means no upfront overheadOpen multiple hives at a timeSearchingHex viewerModification timestamps Requirements Python 3.8+ Installation Download the latest version from the releases page. Alternatively, use one of the following methods. pip (recommended) pip install registryspyregistryspy Manual pip install -r requirements.txtpython setup.py installregistryspy Standalone pip install -r...
