Terra : OSINT Tool On Twitter And Instagram
Terra is a OSINT Tool On Twitter And Instagram. Installation Clone the github repo $ git clone https://github.com/xadhrit/terra.git Change Directory $ cd terra Requirements For requirements run following commands: $ python3 -m pip install -r requirements.txt Note For Twitter Credentials : You need credentials which are listed in twitter.yml file in creds folder for using terra. You can find more about Twitter Api and Access Tokens on Twitter's Developer Portal For Instagram Credentails: Put your Instagram's username...
SubCrawl : A Modular Framework For Discovering Open Directories, Identifying Unique Content Through Signatures And Organizing The Data With Optional Output Modules, Such As MISP
SubCrawl is a framework developed by Patrick Schlรคpfer, Josh Stroschein and Alex Holland of HP Incโs Threat Research team. SubCrawl is designed to find, scan and analyze open directories. The framework is modular, consisting of four components: input modules, processing modules, output modules and the core crawling engine. URLs are the primary input values, which the framework parses and adds to a queuing system before crawling...
PowerShx : Run Powershell Without Software Restrictions
PowerShx is a rewrite and expansion on the PowerShdll project. PowerShx provide functionalities for bypassing AMSI and running PS Cmdlets. Features Run Powershell with DLLs using rundll32.exe, installutil.exe, regsvcs.exe or regasm.exe, regsvr32.exe.Run Powershell without powershell.exe or powershell_ise.exeAMSI Bypass features.Run Powershell scripts directly from the command line or Powershell filesImport Powershell modules and execute Powershell Cmdlets. Usage .dll version rundll32 rundll32 PowerShx.dll,main -erundll32 PowerShx.dll,main -f Run the script...
PortBender : TCP Port Redirection Utility
PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic destined for one TCP port (e.g., 445/TCP) to another TCP port (e.g., 8445/TCP). PortBender includes an aggressor script that operators can leverage to integrate the tool with Cobalt Strike. However, because the tool is implemented as a reflective DLL, it can integrate...
PEASS-ng : Privilege Escalation Awesome Scripts SUITE new generation
PEASS-ng is a Privilege Escalation Awesome Scripts SUITE new generation. Here you will find privilege escalation tools for Windows and Linux/Unix* and MacOS. These tools search for possible local privilege escalation paths that you could exploit and print them to you with nice colors so you can recognize the misconfigurations easily. Check the Local Windows Privilege Escalation checklist from book.hacktricks.xyzWinPEAS - Windows local Privilege Escalation Awesome Script (C#.exe and .bat)Check...
Metabadger : Prevent SSRF Attacks On AWS EC2 Via Automated Upgrades To The More Secure Instance Metadata Service V2 (IMDSv2)
Metabadger Prevent SSRF attacks on AWS EC2 via automated upgrades to the more secure Instance Metadata Service v2 (IMDSv2). Metabadger Purpose and functionality Diagnose and evaluate your current usage of the AWS Instance Metadata Service along with understanding how the service worksPrepare you to upgrade to v2 of the Instance Metadata service to safeguard against v1 attack vectorsGive you the ability to...
How to Detect and Prevent Brute Force Attacks?
Although a brute force attack is among the simplest attack methods, its effects are far-reaching. They achieve it by guessing the password until you get the right combination. The attacker aims to use force to access the user account. They can use automated software or scripts to achieve this and fasten the process. However, brute force attacks take along...
Limelighter : A Tool For Generating Fake Code Signing Certificates Or Signing Real Ones
Limelighter is a tool which creates a spoof code signing certificates and sign binaries and DLL files to help evade EDR products and avoid MSS and sock scruitney. LimeLighter can also use valid code signing certificates to sign files. Limelighter can use a fully qualified domain name such as acme.com. Contributing LimeLighter was developed in golang. Make sure that the following are installed...
LazyCSRF : A More Useful CSRF PoC Generator
LazyCSRF is a more useful CSRF PoC generator that runs on Burp Suite. Motivation Burp Suite is an intercepting HTTP Proxy, and it is the defacto tool for performing web application security testing. The feature of Burp Suite that I like the most is Generate CSRF PoC. However, the function to automatically determine the content of request is broken, and it will...
Karma_V2 : A Passive Open Source Intelligence (OSINT) Automated Reconnaissance (Framework)
Karma_V2 can be used by Infosec Researchers, Penetration Testers, Bug Hunters to find deep information, more assets, WAF/CDN bypassed IPs, Internal/External Infra, Publicly exposed leaks and many more about their target. Shodan Premium API key is required to use this automation. Output from the ๐๐๐๐๐ ๐๐ธ is displayed to the screen and saved to files/directories. โน Regarding Premium Shodan API, Please...
