PoW-Shield : Project Dedicated To Fight DDoS And Spam With Proof Of Work, Featuring An Additional WA
PoW-Shield provides DDoS protection on OSI application layer by acting as a proxy that utilizes proof of work between the backend service and the end user. This project aims to provide an alternative to general captcha methods such as Google's ReCaptcha that has always been a pain to solve. Accessing a web service protected by PoW Shield has never...
Linux VPN Software – 3 Decent Options
All users connect via a VPN whenever accessing public Wi-Fi connections, especially when sending personal information over an insecure network. This article will describe 3 VPN software based on the list of vpntesting.com for various Linux which you can use to ensure that nobody except the physical servers you are connected to know who you are, what you are...
Haklistgen : Turns Any Junk Text Into A Usable Wordlist For Brute-Forcing
Haklistgen turns any junk text into a usable wordlist for brute-forcing. Installation go install github.com/hakluke/haklistgen@latest Usage Examples Scrape all words out of an HTTP response to build a directory bruteforce wordlist: curl https://wikipedia.org | haklistgen Pipe a list of subdomains to it to generate a wordlist for bruteforcing more subdomains: subfinder -silent -d example.com | haklistgen Piping in a custom JavaScript file could yield some interesting results: curl...
Reconky : A Great Content Discovery Bash Script For Bug Bounty Hunters Which Automate Lot Of Task And Organized It
Reconky is a script written in bash to automate the task of recon and information gathering. This Bash Script allows you to collect some information that will help you identify what to do next and where to look for the required target. Main-Features It will Gathers Subdomains with assetfinder and Sublist3rDuplex check for subdomains using amassEnumerates subdomains on a target domain...
Wordlistgen : Quickly Generate Context-Specific Wordlists For Content Discovery From Lists Of URLs Or Paths
Wordlistgen is a tool to pass a list of URLs and get back a list of relevant words for your wordlists. Wordlists are much more effective when you take the application's context into consideration. wordlistgen pulls out URL components, such as subdomain names, paths, query strings, etc. and spits them back to stdout so you can easily add them...
AES256_Passwd_Store : Secure Open-Source Password Manager
AES256_Passwd_Store script securely encrypts or decrypts passwords on disk within a custom database file. It also features functionality to retrieve passwords from a previously generated database file. This script takes a master password from stdin/from memory, then hashes the password using the specified hashing algorithm passed to the algorithm parameter/-a (scrypt, sha256) and finally AES-256 encrypts/decrypts the file's data...
DirSearch : A Go Implementation Of Dirsearch
DirSearch software is a Go implementation of the original dirsearch tool written by Mauro Soria. DirSearch is the very first tool I write in Go, mostly to play and experiment with Go's concurrency model, channels, and so forth. Purpose DirSearch takes an input URL ( -url parameter ) and a wordlist ( -wordlist parameter ), it will then perform concurrent HEAD requests using the lines of the wordlist as paths...
PyHook : An Offensive API Hooking Tool Written In Python Designed To Catch Various Credentials Within The API Call
PyHook is the python implementation of my SharpHook project, It uses various API hooks in order to give us the desired credentials. PyHook Uses frida to inject it's dependencies into the target process Supported Processes ProcessAPI CallDescriptionProgressmstscCredUnPackAuthenticationBufferWHooks CredUnPackAuthenticationBufferW from mstsc and outputs username and passwordDONErunasCreateProcessWithLogonWHooks CreateProcessWithLogonW from runas and outputs username, password and a domain name.DONEPowerShellCreateProcessWithLogonWHooks CreateProcessWithLogonW from PowerShell and outputs username, password and a domain name (e.g - Start-Process cmd...
Weakpass : Rule-Based Online Generator To Create A Wordlist Based On A Set Of Words
Weakpass is a tool generates a wordlist based on a set of words entered by the user. For example, during penetration testing, you need to gain access to some service, device, account, or Wi-Fi network that is password protected. For example, let it be the Wi-Fi network of EvilCorp. Sometimes, a password is a combination of device/network/organization name with some date, special character, etc....
MailRipV2 : Improved SMTP Checker / SMTP Cracker With Proxy-Support, Inbox Test And Many More Features
MailRipV2 is a SMTP checker / SMTP cracker written in Python 3.8. Using the "smtplib", it allows you to check common mailpass combolists for valid SMTP logins. It has included dictionaries and lists containing details of common email providers as well as most common ports used for SMTP servers. In case any data is missing, "dnspython" is used to lookup unknown SMTP...
