WannaRace : WebApp Intentionally Made Vulnerable To Race Condition For Practicing Race Condition
WannaRace is a WebApp intentionally made vulnerable to Race Condition Description Race Condition vulnerability can be practiced in the developed WebApp. Task is to buy a Mega Box using race condition that costs more than available vouchers. Two challenges are made for practice. Challenge B is to be solved when PHPSESSID cookie is present, cookie is auto created when user is...
PasteMonitor : Scrape Pastebin API To Collect Daily Pastes, Setup A Wordlist And Be Alerted By Email When You Have A Match
PasteMonitor is a Scrape Pastebin API to collect daily pastes, setup a wordlist and be alerted by email when you have a match. Description The PasteMonitor tool allows you to perform two main actions (for educational purposes only): Download daily new public pastes Send automatic email alert You can setup a wordlist and be alerted by email when you have a match If your paste...
LACheck : Multithreaded C# .NET Assembly Local Administrative Privilege Enumeration
LACheck is a Multithreaded C# .NET Assembly Local Administrative Privilege Enumeration. Arguments ./LACheck.exe help _ _ _ | | / / | | | || | / | | | |_ _ | | | | / / | | | '_ / _ / | |/ / | | / | || | | | /...
Shellcode-Encryptor : A Simple Shell Code Encryptor/Decryptor/Executor To Bypass Anti Virus
Shellcode-Encryptor is a simple shell code encryptor/decryptor/executor to bypass anti virus. Note: I have completely redone the work flow for creating the bypass, I have found injecting the binary into memory using PowerShell as the most effective method. Purpose To generate a .Net binary containing base64 encoded, AES encrypted shellcode that will execute on a Windows target, bypassing anti-virus. Instructions Use the meterpreter_encryptor.py to create the encrypted...
Mortar : Evasion Technique To Defeat And Divert Detection And Prevention Of Security Products (AV/EDR/XDR)
Mortar is a red teaming evasion technique to defeat and divert detection and prevention of security products. Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions and it has been...
RCLocals : Linux Startup Analyzer
RCLocals is inspired by 'Autoruns' from Sysinternals, RCLocals analyzes all Linux startup possibilities to find backdoors, also performs process integrity verification, scan for DLL injected processes and much more Things covered: ·List GPG keys trusted by the system ·Installed Packages ·File integrity ·Process integrity (process and libraries loaded in a process that not belongs to any installed package) ·Processes with name spoofed (processes that use prctl() to...
Log4J-Detect : Script To Detect The “Log4j” Java Library Vulnerability For A List Of URLs With Multithreading
Log4J-Detect is a script "log4j-detect.py" developed in Python 3 is responsible for detecting whether a list of URLs are vulnerable to CVE-2021-44228. To do so, it sends a GET request using threads (higher performance) to each of the URLs in the specified list. The GET request contains a payload that on success returns a DNS request to Burp Collaborator /...
Rustpad : Multi-Threaded Padding Oracle Attacks Against Any Service
Rustpad is a multi-threaded successor to the classic padbuster, written in Rust. It abuses a Padding Oracle vulnerability to decrypt any cypher text or encrypt arbitrary plain text without knowing the encryption key! Features Decryption of cypher textsEncryption of arbitrary plain textMulti-threading on both block and byte levelModern, real-time and interactive TUI!No-TTY support, so you can just pipe output to a fileSupports Web server oracles...... and Script-based oracles. For...
SyntheticSun : A Defense-In-Depth Security Automation And Monitoring Framework
SyntheticSun is a defense-in-depth security automation and monitoring framework which utilizes threat intelligence, machine learning, managed AWS security services and, serverless technologies to continuously prevent, detect and respond to threats. You sleep in fragmented glassWith reflections of you,But are you feeling alive?Yeah let me ask you,Are you feeling alive? Synopsis Uses event- and time-based serverless automation (e.g. AWS CodeBuild, AWS Lambda) to...
Msmailprobe : Office 365 And Exchange Enumeration
Msmailprobe is widely known that OWA (Outlook Web app) is vulnerable to time-based user enumeration attacks. This tool leverages all known, and even some lesser-known services exposed by default Exchange installations to enumerate users. It also targets Office 365 for error-based user enumeration. Getting Started If you want to download and compile the simple, non-dependant code, you must first install GoLang!...
