Keeweb : Free Cross-Platform Password Manager Compatible With KeePass
Keeweb webapp is a browser and desktop password manager compatible with KeePass databases. It doesn't require any server or additional resources. The app can run either in browser, or as a desktop app. Quick Links Apps: Web, DesktopTimeline: Release Notes, TODOOn one page: Features, FAQWebsite: keeweb.infoTwitter: kee_webDonate: OpenCollective, GitHub Status The app is quite stable now. Basic stuff, as well as more advanced operations, should be rather reliable. Self-hosting Everything you need to host this...
Lorsrf : SSRF Parameter Bruteforce
Lorsrf has been added to scant3r with useful additions (multi http method , multi content-type (json , query , xml , speed , large worlist and more)). Bruteforcing on Hidden parameters to find SSRF vulnerability using GET and POST Methods Install download it ➜ git clone https://github.com/knassar702/lorsrf➜ cd lorsrf➜ sudo pip3 install requests flask install ngrok tool Steps Ngrok run your ngrok ./ngrok http 9090run server.py script and add ngrok port python3 server.py 9090run lorsrf.py and add ngrok...
Mediator : An Extensible, End-To-End Encrypted Reverse Shell With A Novel Approach To Its Architecture
Mediator is an end-to-end encrypted reverse shell in which the operator and the shell connect to a "mediator" server that bridges the connections. This removes the need for the operator/handler to set up port forwarding in order to listen for the connection. Mediator also allows you to create plugins to expand the functionality of the reverse shell. You can run...
VECTR : A Tool That Facilitates Tracking Of Your Red And Blue Team Testing Activities To Measure Detection And Prevention Capabilities Across Different Attack Scenarios
VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios. VECTR provides the ability to create assessment groups, which consist of a collection of Campaigns and supporting Test Cases to simulate adversary threats. Campaigns can be broad and span activities across the kill chain,...
Cloudflare CDN: What Is It and How Can You Benefit from It?
The CDN acronym stands for "content delivery network". The majority of web traffic today is served through such networks: Amazon, Netflix, Facebook, and many other Internet giants rely on this technology. CloudFlare is a global company whose primary mission is to make the Internet better. From this article, you'll get to know the benefits of using a CDN and...
Webdiscover : The Purpose Of This Script Is To Automate The Web Enumeration Process And Search For Exploits
Webdiscover, the purpose of this script is to automate the web enumeration process and search for exploits and vulns. Added Tools (dependencies are installed during script execution): seclistffufnamelistdnsreconsubfinderwhatwebgospidernucleisearchsploitgo-exploitdb It creates a directory with the scan outputs, as shown in the example below. Usage Prerequisites Docker service installed If you want to build the container yourself manually, git clone the repo: git clone git@github.com:V1n1v131r4/webdiscover.git Then build your docker container docker...
SysFlow : Cloud-native System Telemetry Pipeline
SysFlow Telemetry Pipeline is a framework for monitoring cloud and enterprise workloads. The framework builds the plumbing required for system telemetry so that users can focus on writing and sharing analytics on a scalable, common open-source platform. The backbone of the telemetry pipeline is a new data format which lifts raw system event information into an abstraction that describes process behaviors, and...
ThreadStackSpoofer : PoC For An Advanced In-Memory Evasion Technique
ThreadStackSpoofer is a PoC implementation for an advanced in-memory evasion technique that spoofs Thread Call Stack. This technique allows to bypass thread-based memory examination rules and better hide shellcodes while in-process memory. Intro This is an example implementation for Thread Stack Spoofing technique aiming to evade Malware Analysts, AVs and EDRs looking for references to shellcode's frames in an examined thread's call stack....
Terra : OSINT Tool On Twitter And Instagram
Terra is a OSINT Tool On Twitter And Instagram. Installation Clone the github repo $ git clone https://github.com/xadhrit/terra.git Change Directory $ cd terra Requirements For requirements run following commands: $ python3 -m pip install -r requirements.txt Note For Twitter Credentials : You need credentials which are listed in twitter.yml file in creds folder for using terra. You can find more about Twitter Api and Access Tokens on Twitter's Developer Portal For Instagram Credentails: Put your Instagram's username...
SubCrawl : A Modular Framework For Discovering Open Directories, Identifying Unique Content Through Signatures And Organizing The Data With Optional Output Modules, Such As MISP
SubCrawl is a framework developed by Patrick Schläpfer, Josh Stroschein and Alex Holland of HP Inc’s Threat Research team. SubCrawl is designed to find, scan and analyze open directories. The framework is modular, consisting of four components: input modules, processing modules, output modules and the core crawling engine. URLs are the primary input values, which the framework parses and adds to a queuing system before crawling...
