goEnumBruteSpray : User Enumeration And Password Bruteforce On Azure, ADFS, OWA, O365 And Gather Emails On Linkedin
goEnumBruteSpray is recommended module is o365 for user enumeration and passwords bruteforce / spray . Additional information can be retrieved to avoid account lockout, to know that the password is good but expired, MFA enabled,... Linkedin This module should be used to retrieve a list of email addresses before validating them through a user enumeration module. The company will be searched...
Redherd Framework : A Collaborative And Serverless Framework
RedHerd is a collaborative and serverless framework for orchestrating a geographically distributed group of assets capable of conducting simulating complex offensive cyberspace operations. Getting Started Take a look at the RedHerd documentation for instructions on how to getting started with the framework. Changelog Go to CHANGELOG to see all the version changes. Disclaimer The provided contents and tools are for awareness and research purposes only....
Whoc : A Container Image That Extracts The Underlying Container Runtime
Whoc is a container image that extracts the underlying container runtime and sends it to a remote server. Poke at the underlying container runtime of your favorite CSP container platform! How does it work? As shown by runc CVE-2019-5736, traditional Linux container runtimes expose themselves to the containers they're running through /proc/self/exe. whoc uses this link to read the container runtime...
Whispers : Identify Hardcoded Secrets In Static Structured Text
Whispers is a static code analysis tool designed for parsing various common data formats in search of hardcoded credentials and dangerous functions. Whispers can run in the CLI or you can integrate it in your CI/CD pipeline. Detects PasswordsAPI tokensAWS keysPrivate keysHashed credentialsAuthentication tokensDangerous functionsSensitive files Supported Formats Whispers is intended to be a structured text parser, not a code parser. The following commonly...
Hashdb-Ida : HashDB API Hash Lookup Plugin For IDA Pro
Hashdb-Ida is tool for Malware string hash lookup plugin for IDA Pro. This plugin connects to the OALABS HashDB Lookup Service. Adding New Hash Algorithms The hash algorithm database is open source and new algorithms can be added on GitHub here. Pull requests are mostly automated and as long as our automated tests pass the new algorithm will be usable on HashDB within...
Etl-Parser : Event Trace Log File Parser In Pure Python
Etl-Parser is a pure Python 3 parser library for ETL Windows log files. ETL is the default format for ETW as well as the default format for the Kernel logger. etl-parser has no system dependencies, and will work well on both Windows and Linux. Since this format is not documented, we merged information from the blog of Geoff Chappel and reverse engineering activities conducted by Airbus CERT team. What is ETL and why is...
Smuggler : An HTTP Request Smuggling / Desync Testing Tool
Smuggler is an HTTP Request Smuggling / Desync testing tool written in Python 3 Installation git clone https://github.com/defparam/smuggler.gitcd smugglerpython3 smuggler.py -h Example Usage Single Host: python3 smuggler.py -u List of hosts: cat list_of_hosts.txt | python3 smuggler.py Options usage: smuggler.py optional arguments:-h, --help show this help message and exit-u URL, --url URL Target URL with Endpoint-v VHOST, --vhost VHOSTSpecify a virtual host-x,...
What Are The Benefits of Using a CRM In 2021
Customer relationship management aka CRM, as many people know is one of the most essential tools in a professional environment that involves selling services. Everyone knows that CRM helps with the overall growth of the business, but what many fail to notice is the fact that CRM is incredibly helpful in improving contact management. Read this blog till the end...
Certipy : Python Implementation For Active Directory Certificate Abuse
Certipy is a Python tool to enumerate and abuse misconfigurations in Active Directory Certificate Services (AD CS). Based on the C# variant Certify from @harmj0y and @tifkin_. Installation $ python3 setup.py install Usage $ certipy -husage: certipy target {find,req,auth,auto} …Active Directory certificate abusepositional arguments:target username@]{find,req,auth,auto} Actionfind Find certificate templatesreq Request a new certificateauth Authenticate with a certificateauto Automatically abuse certificate templates...
Tor-Rootkit : A Python 3 Standalone Windows 10 / Linux Rootkit Using Tor
Tor-Rootkit is a Python 3 standalone Windows 10 / Linux Rootkit. The networking communication get's established over the tor network. How To Use Clone the repo and change directory: git clone https://github.com/emcruise/TorRootkit.gitcd ./tor-rootkit Build docker container: docker build -t listener . Run docker container: docker run -v $(pwd)/executables:/executables/ -it listener Deploy the executables: When the listener is up and running it generates a "executables" directory containing different...
