BatchQL : GraphQL Security Auditing Script With A Focus On Performing Batch GraphQL Queries And Mutations
BatchQL is a GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations. This script is not complex, and we welcome improvements. When exploring the problem space of GraphQL batching attacks, we found that there were a few blog posts on the internet, however no tool to perform GraphQL batching attacks. GraphQL batching attacks can be quite...
Concealed Position : Bring Your Own Print Driver Privilege Escalation Tool
Concealed Position is a local privilege escalation attack against Windows using the concept of "Bring Your Own Vulnerability". Specifically, Concealed Position (CP) uses the as designed package point and print logic in Windows that allows a low privilege user to stage and install printer drivers. CP specifically installs drivers with known vulnerabilities which are then exploited to escalate to SYSTEM. Concealed...
Plution : Prototype Pollution Scanner Using Headless Chrome
Plution is a convenient way to scan at scale for pages that are vulnerable to client side prototype pollution via a URL payload. In the default configuration, it will use a hardcoded payload that can detect 11 of the cases documented here: https://github.com/BlackFan/client-side-prototype-pollution/tree/master/pp What This Is Not This is not a one stop shop. Prototype pollution is a complicated beast. This tool...
Ntlm_Theft : A Tool For Generating Multiple Types Of NTLMv2 Hash Theft Files
Ntlm_Theft is a tool for generating multiple types of NTLMv2 hash theft files. ntlm_theft is an Open Source Python3 Tool that generates 21 different types of hash theft documents. These can be used for phishing when either the target allows smb traffic outside their network, or if you are already inside the internal network. The benefits of these file types over...
DNSTake : A Fast Tool To Check Missing Hosted DNS Zones That Can Lead To Subdomain Takeover
DNSTake takeover vulnerabilities occur when a subdomain (subdomain.example.com) or domain has its authoritative nameserver set to a provider (e.g. AWS Route 53, Akamai, Microsoft Azure, etc.) but the hosted zone has been removed or deleted. Consequently, when making a request for DNS records the server responds with a SERVFAIL error. This allows an attacker to create the missing hosted zone on the service...
CVE-2021-40444 PoC : Malicious docx generator to exploit CVE-2021-40444 (Microsoft Office Word Remote Code Execution)
CVE-2021-40444 PoC is a Malicious docx generator to exploit CVE-2021-40444 (Microsoft Office Word Remote Code Execution) Creation of this Script is based on some reverse engineering over the sample used in-the-wild: 938545f7bbe40738908a95da8cdeabb2a11ce2ca36b0f6a74deda9378d380a52 (docx file) You need to install lcab first (sudo apt-get install lcab) Check REPRODUCE.md for manual reproduce steps If your generated cab is not working, try pointing out exploit.html URL to calc.cab Using First generate...
Kali Linux 2021.3 : Penetration Testing and Ethical Hacking Linux Distribution
Kali Linux 2021.3 is a Penetration Testing and Ethical Hacking Linux Distribution. A summary of the changes since the 2021.2 release from June are: OpenSSL - Wide compatibility by default - Keep reading for what that meansNew Kali-Tools site - Following the footsteps of Kali-Docs, Kali-Tools has had a complete refreshBetter VM support in the Live image session - Copy & paste and drag & drop...
Gokart : A Static Analysis Tool For Securing Go Code
GoKart is a static analysis tool for Go that finds vulnerabilities using the SSA (single static assignment) form of Go source code. It is capable of tracing the source of variables and function arguments to determine whether input sources are safe, which reduces the number of false positives compared to other Go security scanners. For instance, a SQL query...
Vailyn : A Phased, Evasive Path Traversal + LFI Scanning & Exploitation Tool In Python
Vailyn is a multi-phased vulnerability analysis and exploitation tool for path traversal and file inclusion vulnerabilities. It is built to make it as performant as possible, and to offer a wide arsenal of filter evasion techniques. How Does It Work? Vailyn operates in 2 phases. First, it checks if the vulnerability is present. It does so by trying to access /etc/passwd...
Rootend : A *Nix Enumerator And Auto Privilege Escalation Tool
Rootend is a python *nix Enumerator & Auto Privilege Escalation tool. For a full list of our tools, please visit our website https://www.twelvesec.com/ Written by: nickvourd (twitter)maldevel (twitter)servo Usage ._ _ /_ _ | | _ / / _ | | / / // | | / // _ _____ _/ _ _/ | | / /| | / / / /...