The Definitive Guide to Web Security Testing: Vulnerabilities and Password Management
Many web developers often neglect web security testing. However, it is a crucial part of the web development process because web security testing can identify vulnerabilities that may be missed during other stages. Once these web security holes are identified, they can be patched up and avoided from being exploited by hackers. In this guide, we will cover what...
ELFXtract : An Automated Analysis Tool Used For Enumerating ELF Binaries
ELFXtract is an automated analysis tool used for enumerating ELF binaries. Powered by Radare2 and r2ghidra This is specially developed for PWN challenges and it has many automated features It almost displays every details of the ELF and also decompiles its ASM to C code using r2ghidra Decompiling ELFs in Ghidra takes more time, but in elfxtract it decompiles and displays in...
Nanobrok : Web Service For Control And Protect Your Android Device Remotely
Nanobrok-Server is powerful opensource webservice for control and protect your android device, written in Python, that allow and offer a stable and security connection with your android device for protect , control remotely. Main Features Maps the location of your deviceAlert flag (Event it's lost or stolen)Recorder Audio MicRemote File Transfer Network scanner and more! Security Features We implemented some security features for...
LOLBins : PyQT5 App For LOLBAS And GTFOBins
PyQT app to list all Living Off The Land Binaries and Scripts for Windows from LOLBAS and Unix binaries that can be used to bypass local security restrictions in misconfigured systems from GTFOBins. Download
goEnumBruteSpray : User Enumeration And Password Bruteforce On Azure, ADFS, OWA, O365 And Gather Emails On Linkedin
goEnumBruteSpray is recommended module is o365 for user enumeration and passwords bruteforce / spray . Additional information can be retrieved to avoid account lockout, to know that the password is good but expired, MFA enabled,... Linkedin This module should be used to retrieve a list of email addresses before validating them through a user enumeration module. The company will be searched...
Redherd Framework : A Collaborative And Serverless Framework
RedHerd is a collaborative and serverless framework for orchestrating a geographically distributed group of assets capable of conducting simulating complex offensive cyberspace operations. Getting Started Take a look at the RedHerd documentation for instructions on how to getting started with the framework. Changelog Go to CHANGELOG to see all the version changes. Disclaimer The provided contents and tools are for awareness and research purposes only....
Whoc : A Container Image That Extracts The Underlying Container Runtime
Whoc is a container image that extracts the underlying container runtime and sends it to a remote server. Poke at the underlying container runtime of your favorite CSP container platform! How does it work? As shown by runc CVE-2019-5736, traditional Linux container runtimes expose themselves to the containers they're running through /proc/self/exe. whoc uses this link to read the container runtime...
Whispers : Identify Hardcoded Secrets In Static Structured Text
Whispers is a static code analysis tool designed for parsing various common data formats in search of hardcoded credentials and dangerous functions. Whispers can run in the CLI or you can integrate it in your CI/CD pipeline. Detects PasswordsAPI tokensAWS keysPrivate keysHashed credentialsAuthentication tokensDangerous functionsSensitive files Supported Formats Whispers is intended to be a structured text parser, not a code parser. The following commonly...
Hashdb-Ida : HashDB API Hash Lookup Plugin For IDA Pro
Hashdb-Ida is tool for Malware string hash lookup plugin for IDA Pro. This plugin connects to the OALABS HashDB Lookup Service. Adding New Hash Algorithms The hash algorithm database is open source and new algorithms can be added on GitHub here. Pull requests are mostly automated and as long as our automated tests pass the new algorithm will be usable on HashDB within...
Etl-Parser : Event Trace Log File Parser In Pure Python
Etl-Parser is a pure Python 3 parser library for ETL Windows log files. ETL is the default format for ETW as well as the default format for the Kernel logger. etl-parser has no system dependencies, and will work well on both Windows and Linux. Since this format is not documented, we merged information from the blog of Geoff Chappel and reverse engineering activities conducted by Airbus CERT team. What is ETL and why is...
