How to Reduce Human Error and Improve Compliance
Humans often make mistakes, and it is inevitable that some of them will also happen in the workplace. In fact, human error is the number one cause of workplace incidents, from cybersecurity issues to injuries. When it comes to regulatory compliance, these errors can have devastating consequences, from legal and financial penalties to serious reputational damage. No matter how well-intentioned...
ODBParser : OSINT Tool To Search, Parse And Dump Only The Open Elasticsearch And MongoDB Directories That Have The Data You Care About Exposing
ODBParser is a tool to search for PII being exposed in open databases. ONLY to be used to identify exposed PII and warn server owners of irresponsible database maintenanceOR to query databases you have permission to access! PLEASE USE RESPONSIBLY What Is This? Wrote this as wanted to create one-stop OSINT tool for searching, parsing and analyzing open databases in order to identify...
Pollenisator : Collaborative Pentest Tool With Highly Customizable Tools
Pollenisator is a tool aiming to assist pentesters and auditor automating the use of some tools/scripts and keep track of them. Written in python 3Provides a modelisation of "pentest objects" : Scope, Hosts, Ports, Commands, Tools etc.Tools/scripts are separated into 4 categories : wave, Network/domain, IP, PortObjects are stored in a NoSQL DB (Mongo)Keep links between them to allow queriesObjects can...
Karta : Source Code Assisted Fast Binary Matching Plugin For IDA
"Karta" (Russian for "Map") is an IDA Python plugin that identifies and matches open-sourced libraries in a given binary. The plugin uses a unique technique that enables it to support huge binaries (>200,000 functions), with almost no impact on the overall performance. The matching algorithm is location-driven. This means that it's main focus is to locate the different compiled files,...
WWWGrep : OWASP Foundation Web Respository
WWWGrep is a rapid search “grepping” mechanism that examines HTML elements by type and permits focused (single), multiple (file based URLs) and recursive (with respect to root domain or not) searches to be performed. Header names and values may also be recursively searched in this manner. WWWGrep was designed to help both breakers and builders to quickly examine code...
Owt : The Most Compact WiFi Auditing Tool That Works On Command Line Linux
Owt compiles some necessary tools for wifi auditing in a unix bash script with a user friendly interface. The goal of owt is to have the smallest file size possible while still functioning at maximum proficiency. Installation & Running The Script ~ $ git clone https://github.com/clu3bot/OWT.git~ $ cd owt~ $ sudo bash owt.sh Note: owt requires root privileges Make sure to allow updates...
Graphw00F : GraphQL fingerprinting tool for GQL endpoints
Graphw00F (inspired by wafw00f) is the GraphQL fingerprinting tool for GQL endpoints, it sends a mix of benign and malformed queries to determine the GraphQL engine running behind the scenes. graphw00f will provide insights into what security defences each technology provides out of the box, and whether they are on or off by default. Specially crafted queries cause different GraphQL server...
SharpStrike : A Post Exploitation Tool Written In C# Uses Either CIM Or WMI To Query Remote Systems
SharpStrike is a post-exploitation tool written in C# that uses either CIM or WMI to query remote systems. It can use provided credentials or the current user's session. Note: Some commands will use PowerShell in combination with WMI, denoted with ** in the --show-commands command. Introduction SharpStrike is a C# rewrite and expansion on @Matt_Grandy_'s CIMplant and @christruncer's WMImplant. SharpStrike allows you to gather data about a remote system, execute...
TREVORspray : A Featureful Round-Robin SOCKS Proxy And Python O365 Sprayer Based On MSOLSpray Which Uses The Microsoft Graph API
TREVORspray is a A featureful Python O365 sprayer based on MSOLSpray which uses the Microsoft Graph API. TREVORproxy is a SOCKS proxy that round-robins requests through SSH hosts. Microsoft is getting better and better about blocking password spraying attacks against O365. TREVORspray can solve this by proxying its requests through an unlimited number of --ssh hosts. No weird dependencies or cumbersome setup required - all...
DNSMonster : Passive DNS Capture/Monitoring Framework
DNSMonster is a passive DNS collection and monitoring built with Golang, Click house and Grafana: dnsmonster implements a packet sniffer for DNS traffic. It can accept traffic from a pcap file, a live interface or a dnstap socket, and can be used to index and store thousands of DNS queries per second (it has shown to be capable of indexing 200k+ DNS queries per second...
