Covert-Tube : Youtube As Covert-Channel – Control Systems Remotely And Execute Commands By Uploading Videos To Youtube
Covert-Tube is a program to control systems remotely by uploading videos to Youtube using Python to create the videos and the listener, emulating some malware I was reading about. It allows to create videos with frames formed of simple text, QR codes with cleartext or QR codes using AES encryption. Create A Video The videos can be created using generate_video.py: enter the...
Qu1cksc0pe : All-in-One Static Malware Analysis Tool
Qu1cksc0pe tool allows you to statically analyze Windows, Linux, OSX executables and APK files. You can get: What DLL files are used.Functions and APIs.Sections and segments.URLs, IP addresses and emails.Android permissions.File extensions and their names.And so on... Qu1cksc0pe aims to get even more information about suspicious files and helps user realize what that file is capable of. Usage python3 qu1cksc0pe.py --file suspicious_file --analyze Screenshot Updates 09/10/2021 Added AndroidRuntime module. Now...
GitOops : All Paths Lead To Clouds
GitOops is a tool to help attackers and defenders identify lateral movement and privilege escalation paths in GitHub organizations by abusing CI/CD pipelines and GitHub access controls. It works by mapping relationships between a GitHub organization and its CI/CD jobs and environment variables. It'll use any Bolt-compatible graph database as backend, so you can query your attack paths with openCypher: MATCH...
BruteLoops : Protocol Agnostic Online Password Guessing API
BruteLoops is a dead simple library providing the foundational logic for efficient password brute force attacks against authentication interfaces. See various Wiki sections for more information. A "modular" example is included with the library that demonstrates how to use this package. It's fully functional and provides multiple brute force modules. Below is a sample of its capabilities: http.accellion_ftp Accellion FTP HTTP interface login modulehttp.basic_digest...
FUSE : A Penetration Testing Tool For Finding File Upload Bugs
FUSE is a penetration testing system designed to identify Unrestricted Executable File Upload (UEFU) vulnerabilities. The details of the testing strategy is in our paper, "FUSE: Finding File Upload Bugs via Penetration Testing", which appeared in NDSS 2020. To see how to configure and execute FUSE, see the followings. Setup Install FUSE currently works on Ubuntu 18.04 and Python 2.7.15. Install dependencies #apt-get install rabbitmq-server#apt-get...
LinuxCatScale : Incident Response Collection And Processing Scripts With Automated Reporting Scripts
Linux CatScale is a bash script that uses live of the land tools to collect extensive data from Linux based hosts. The data aims to help DFIR professionals triage and scope incidents. An Elk Stack instance also is configured to consume the output and assist the analysis process. Usage This scripts were built to automate as much as possible. We recommend...
Azur3Alph4 : A PowerShell Module That Automates Red-Team Tasks For Ops On Objective
Azur3Alph4 is a PowerShell module that automates red-team tasks for ops on objective. This module situates in a post-breach (RCE achieved) position. Token extraction and many other tools will not execute successfully without starting in this position. This module should be used for further enumeration and movement in a compromised app that is part of a managed identity.Azur3Alph4 is...
ForgeCert : “Golden” Certificates
ForgeCert uses the BouncyCastle C# API and a stolen Certificate Authority (CA) certificate + private key to forge certificates for arbitrary users capable of authentication to Active Directory. This attack is codified as DPERSIST1 in our "Certified Pre-Owned" whitepaper. This code base was released ~45 days after the whitepaper was published. @tifkin_ is the primary author of ForgeCert. @tifkin_ and @harmj0y are the primary authors of the associated Active Directory Certificate...
Rdesktop : Open Source Client for Microsoft’s RDP protocol
Rdesktop is an open source client for Microsoft's RDP protocol. It is known to work with Windows versions ranging from NT 4 Terminal Server to Windows 2012 R2 RDS. rdesktop currently has implemented the RDP version 4 and 5 protocols. Installation rdesktop uses a GNU-style build procedure. Typically all that is necessary to install rdesktop is the following: % ./configure% make% make...
Xmap : A Fast Network Scanner Designed For Performing Internet-wide IPv6 &Amp; IPv4 Network Research Scanning
XMap is a fast network scanner designed for performing Internet-wide IPv6 & IPv4 network research scanning. XMap is reimplemented and improved thoroughly from ZMap and is fully compatible with ZMap, armed with the "5 minutes" probing speed and novel scanning techniques. XMap is capable of scanning the 32-bits address space in under 45 minutes. With a 10 gigE connection and PF_RING,...