goCabrito : Super Organized And Flexible Script For Sending Phishing Campaigns
goCabrito is a super organized and flexible script for sending phishing campaigns. Features Sends to a single emailSends to lists of emails (text)Sends to lists emails with first, last name (csv)Supports attachmentsSplits emails in groupsDelays sending emails between each groupSupport Tags to be placed and replaced in the message's bodyAdd {{name}} tag into the HTML message to be replaced with name...
ReFlutter : Flutter Reverse Engineering Framework
ReFlutter framework helps with Flutter apps reverse engineering using the patched version of the Flutter library which is already compiled and ready for app repacking. This library has snapshot deserialization process modified to allow you perform dynamic analysis in a convenient way. Key features: socket.cc is patched for traffic monitoring and interception;dart.cc is modified to print classes, functions and some fields;contains minor changes...
Driftwood : Private Key Usage Verification
Driftwood is a tool that can enable you to lookup whether a private key is used for things like TLS or as a GitHub SSH key for a user. Driftwood performs lookups with the computed public key, so the private key never leaves where you run the tool. Additionally it supports some basic password cracking for encrypted keys. Installation Three easy ways...
Inject-Assembly : Inject .NET Assemblies Into An Existing Process
Inject-Assembly is an alternative to traditional fork and run execution for Cobalt Strike. The loader can be injected into any process, including the current Beacon. Long-running assemblies will continue to run and send output back to the Beacon, similar to the behavior of execute-assembly. There are two components of inject-assembly: BOF initializer: A small program responsible for injecting the assembly loader...
Registry-Spy : Cross-platform Registry Browser For Raw Windows Registry Files
Registry-Spy is a free, open-source cross-platform Windows Registry viewer. It is a fast, modern, and versatile explorer for raw registry files. Features include: Fast, on-the-fly parsing means no upfront overheadOpen multiple hives at a timeSearchingHex viewerModification timestamps Requirements Python 3.8+ Installation Download the latest version from the releases page. Alternatively, use one of the following methods. pip (recommended) pip install registryspyregistryspy Manual pip install -r requirements.txtpython setup.py installregistryspy Standalone pip install -r...
Token Universe : An Advanced Tool For Working With Access Tokens And Windows Security Policy
Token Universe is an advanced tool that provides a wide range of possibilities to research Windows security mechanisms. It has a convenient interface for creating, viewing, and modifying access tokens, managing Local Security Authority and Security Account Manager's databases. It allows you to obtain and impersonate different security contexts, manage privileges, auditing settings, and so on. My goal is to create a...
Iptable_Evil : An Evil Bit Backdoor For Iptables
Iptable_Evil is a very specific backdoor for iptables that allows all packets with the evil bit set, no matter the firewall rules. The initial implementation is in iptable_evil.c, which adds a table to iptables and requires modifying a kernel header to insert a spot for it. The second implementation is a modified version of the ip_tables core module and its dependents to allow all Evil packets. I have tested...
Narthex : Modular Personalized Dictionary Generator
Narthex (Greek: Νάρθηξ, νάρθηκας) is a modular & minimal dictionary generator for Unix and Unix-like operating system written in C and Shell. It contains autonomous Unix-style programs for the creation of personalized dictionaries that can be used for password recovery & security assessment. The programs make use of Unix text streams for the collaboration with each other, according to...
Will Technology Be The Boring Factor Added To Fun Physical Games
There was a time when Physical games were all human beings knew and lived by. Spending time outside, running in the sun, or playing in puddles was a fun and exciting time. Now, technology is slowly creeping into the gaming world. We are starting to see physical games being turned into mobile and online versions. For those of us who enjoyed...
Espoofer : An Email Spoofing Testing Tool That Aims To Bypass SPF/DKIM/DMARC
Espoofer is an open-source testing tool to bypass SPF, DKIM, and DMARC authentication in email systems. It helps mail server administrators and penetration testers to check whether the target email server and client are vulnerable to email spoofing attacks or can be abused to send spoofing emails. Why build this tool? Email spoofing is a big threat to both individuals and...
