PyHook : An Offensive API Hooking Tool Written In Python Designed To Catch Various Credentials Within The API Call
PyHook is the python implementation of my SharpHook project, It uses various API hooks in order to give us the desired credentials. PyHook Uses frida to inject it's dependencies into the target process Supported Processes ProcessAPI CallDescriptionProgressmstscCredUnPackAuthenticationBufferWHooks CredUnPackAuthenticationBufferW from mstsc and outputs username and passwordDONErunasCreateProcessWithLogonWHooks CreateProcessWithLogonW from runas and outputs username, password and a domain name.DONEPowerShellCreateProcessWithLogonWHooks CreateProcessWithLogonW from PowerShell and outputs username, password and a domain name (e.g - Start-Process cmd...
Weakpass : Rule-Based Online Generator To Create A Wordlist Based On A Set Of Words
Weakpass is a tool generates a wordlist based on a set of words entered by the user. For example, during penetration testing, you need to gain access to some service, device, account, or Wi-Fi network that is password protected. For example, let it be the Wi-Fi network of EvilCorp. Sometimes, a password is a combination of device/network/organization name with some date, special character, etc....
MailRipV2 : Improved SMTP Checker / SMTP Cracker With Proxy-Support, Inbox Test And Many More Features
MailRipV2 is a SMTP checker / SMTP cracker written in Python 3.8. Using the "smtplib", it allows you to check common mailpass combolists for valid SMTP logins. It has included dictionaries and lists containing details of common email providers as well as most common ports used for SMTP servers. In case any data is missing, "dnspython" is used to lookup unknown SMTP...
CrowdSec : An Open-Source Massively Multiplayer Firewall Able To Analyze Visitor Behavior And Provide An Adapted Response To All Kinds Of Attacks
CrowdSec is a free, modern & collaborative behavior detection engine, coupled with a global IP reputation network. It stacks on fail2ban's philosophy but is IPV6 compatible and 60x faster (Go vs Python), uses Grok patterns to parse logs and YAML scenario to identify behaviors. CrowdSec is engineered for modern Cloud / Containers / VM based infrastructures (by decoupling detection...
PS2EXE : Module To Compile Powershell Scripts To Executables
PS2EXE is a Module To Compile Powershell Scripts To Executables. Overworking of the great script of Ingo Karstein with GUI support. The GUI output and input is activated with one switch, real windows executables are generated. With Powershell 5.x support and graphical front end. Module version. You find the script based version here (https://github.com/MScholtes/TechNet-Gallery) and here: PS2EXE-GUI: "Convert" PowerShell Scripts to EXE...
InlineExecute-Assembly : A PoC Beacon Object File (BOF) That Allows Security Professionals To Perform In Process .NET Assembly Execution
InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module. InlineExecute-Assembly will execute any assembly with the entry point of Main(string args) or Main(). This should allow you to run most released tooling without any prior modification needed. The BOF...
QLOG : Windows Security Logging
QLOG provides enriched Event Logging for security related events on Windows based systems. It is under heavy development and currently in alpha state. QLOG doesn’t use API hooks and it doesn’t require a driver to be installed on the target system, QLOG only uses ETW to retrieve its telemetry. Currently QLOG supports “process create” events only, but other enriched...
BatchQL : GraphQL Security Auditing Script With A Focus On Performing Batch GraphQL Queries And Mutations
BatchQL is a GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations. This script is not complex, and we welcome improvements. When exploring the problem space of GraphQL batching attacks, we found that there were a few blog posts on the internet, however no tool to perform GraphQL batching attacks. GraphQL batching attacks can be quite...
Concealed Position : Bring Your Own Print Driver Privilege Escalation Tool
Concealed Position is a local privilege escalation attack against Windows using the concept of "Bring Your Own Vulnerability". Specifically, Concealed Position (CP) uses the as designed package point and print logic in Windows that allows a low privilege user to stage and install printer drivers. CP specifically installs drivers with known vulnerabilities which are then exploited to escalate to SYSTEM. Concealed...
Plution : Prototype Pollution Scanner Using Headless Chrome
Plution is a convenient way to scan at scale for pages that are vulnerable to client side prototype pollution via a URL payload. In the default configuration, it will use a hardcoded payload that can detect 11 of the cases documented here: https://github.com/BlackFan/client-side-prototype-pollution/tree/master/pp What This Is Not This is not a one stop shop. Prototype pollution is a complicated beast. This tool...
