Autoharness : A Tool That Automatically Creates Fuzzing Harnesses Based On A Library
AutoHarness is a tool that automatically generates fuzzing harnesses for you. This idea stems from a concurrent problem in fuzzing codebases today: large codebases have thousands of functions and pieces of code that can be embedded fairly deep into the library. It is very hard or sometimes even impossible for smart fuzzers to reach that codepath. Even for large...
On-The-Fly : Tool Which Gives Capabilities To Perform Pentesting Tests In Several Domains (IoT, ICS & IT)
On-The-Fly was written in Python and made extensive use of Scapy and netfilterqueue. It is crucial to have Scapy in Python and net filter queue installed with a compatible version of Python. For this, a version of Python 3 up to Python version 3.7.5 is recommended (and no higher, as there may be incompatibilities with 3.8 and 3.9 in...
How to Reduce Human Error and Improve Compliance
Humans often make mistakes, and it is inevitable that some of them will also happen in the workplace. In fact, human error is the number one cause of workplace incidents, from cybersecurity issues to injuries. When it comes to regulatory compliance, these errors can have devastating consequences, from legal and financial penalties to serious reputational damage. No matter how well-intentioned...
ODBParser : OSINT Tool To Search, Parse And Dump Only The Open Elasticsearch And MongoDB Directories That Have The Data You Care About Exposing
ODBParser is a tool to search for PII being exposed in open databases. ONLY to be used to identify exposed PII and warn server owners of irresponsible database maintenanceOR to query databases you have permission to access! PLEASE USE RESPONSIBLY What Is This? Wrote this as wanted to create one-stop OSINT tool for searching, parsing and analyzing open databases in order to identify...
Pollenisator : Collaborative Pentest Tool With Highly Customizable Tools
Pollenisator is a tool aiming to assist pentesters and auditor automating the use of some tools/scripts and keep track of them. Written in python 3Provides a modelisation of "pentest objects" : Scope, Hosts, Ports, Commands, Tools etc.Tools/scripts are separated into 4 categories : wave, Network/domain, IP, PortObjects are stored in a NoSQL DB (Mongo)Keep links between them to allow queriesObjects can...
Karta : Source Code Assisted Fast Binary Matching Plugin For IDA
"Karta" (Russian for "Map") is an IDA Python plugin that identifies and matches open-sourced libraries in a given binary. The plugin uses a unique technique that enables it to support huge binaries (>200,000 functions), with almost no impact on the overall performance. The matching algorithm is location-driven. This means that it's main focus is to locate the different compiled files,...
WWWGrep : OWASP Foundation Web Respository
WWWGrep is a rapid search “grepping” mechanism that examines HTML elements by type and permits focused (single), multiple (file based URLs) and recursive (with respect to root domain or not) searches to be performed. Header names and values may also be recursively searched in this manner. WWWGrep was designed to help both breakers and builders to quickly examine code...
Owt : The Most Compact WiFi Auditing Tool That Works On Command Line Linux
Owt compiles some necessary tools for wifi auditing in a unix bash script with a user friendly interface. The goal of owt is to have the smallest file size possible while still functioning at maximum proficiency. Installation & Running The Script ~ $ git clone https://github.com/clu3bot/OWT.git~ $ cd owt~ $ sudo bash owt.sh Note: owt requires root privileges Make sure to allow updates...
Graphw00F : GraphQL fingerprinting tool for GQL endpoints
Graphw00F (inspired by wafw00f) is the GraphQL fingerprinting tool for GQL endpoints, it sends a mix of benign and malformed queries to determine the GraphQL engine running behind the scenes. graphw00f will provide insights into what security defences each technology provides out of the box, and whether they are on or off by default. Specially crafted queries cause different GraphQL server...
SharpStrike : A Post Exploitation Tool Written In C# Uses Either CIM Or WMI To Query Remote Systems
SharpStrike is a post-exploitation tool written in C# that uses either CIM or WMI to query remote systems. It can use provided credentials or the current user's session. Note: Some commands will use PowerShell in combination with WMI, denoted with ** in the --show-commands command. Introduction SharpStrike is a C# rewrite and expansion on @Matt_Grandy_'s CIMplant and @christruncer's WMImplant. SharpStrike allows you to gather data about a remote system, execute...
