BoobSnail : Allows Generating Excel 4.0 XLM Macro
BoobSnail allows generating XLM (Excel 4.0) macro. Its purpose is to support the RedTeam and BlueTeam in XLM macro generation. Features: various infection techniques;various obfuscation techniques;translation of formulas into languages other than English;can be used as a library - you can easily write your own generator. Building and Running Tested on: Python 3.8.7rc1 pip install -r requirements.txtpython boobsnail.py. . ..__ |_ _ |_...
Peirates : Kubernetes Penetration Testing Tool
Peirates, a Kubernetes penetration tool, enables an attacker to escalate privilege and pivot through a Kubernetes cluster. It automates known techniques to steal and collect service accounts, obtain further code execution, and gain control of the cluster. Where Do I Run Peirates? You run Peirates from a container running on Kubernetes. Does Peirates Attack A Kubernetes Cluster? Yes, it absolutely does. Talk to...
targetedKerberoast : Kerberoast With ACL Abuse Capabilities
targetedKerberoast is a Python script that can, like many others (e.g. GetUserSPNs.py), print "kerberoast" hashes for user accounts that have a SPN set. This tool brings the following additional feature: for each user without SPNs, it tries to set one (abuse of a write permission on the servicePrincipalName attribute), print the "kerberoast" hash, and delete the temporary SPN set for that operation....
exFAT: Advantages & Disadvantages of Extensible FAT
exFAT or the Extensible File Allocation Table was introduced in 2006 by Microsoft as a file system optimized for SD cards, USB flash drives and other flash memory. It had the status of a proprietary technology until the technical specification was released in 2019 by Microsoft. Today, it is one of the most commonly used file systems in removable...
Autoharness : A Tool That Automatically Creates Fuzzing Harnesses Based On A Library
AutoHarness is a tool that automatically generates fuzzing harnesses for you. This idea stems from a concurrent problem in fuzzing codebases today: large codebases have thousands of functions and pieces of code that can be embedded fairly deep into the library. It is very hard or sometimes even impossible for smart fuzzers to reach that codepath. Even for large...
On-The-Fly : Tool Which Gives Capabilities To Perform Pentesting Tests In Several Domains (IoT, ICS & IT)
On-The-Fly was written in Python and made extensive use of Scapy and netfilterqueue. It is crucial to have Scapy in Python and net filter queue installed with a compatible version of Python. For this, a version of Python 3 up to Python version 3.7.5 is recommended (and no higher, as there may be incompatibilities with 3.8 and 3.9 in...
How to Reduce Human Error and Improve Compliance
Humans often make mistakes, and it is inevitable that some of them will also happen in the workplace. In fact, human error is the number one cause of workplace incidents, from cybersecurity issues to injuries. When it comes to regulatory compliance, these errors can have devastating consequences, from legal and financial penalties to serious reputational damage. No matter how well-intentioned...
ODBParser : OSINT Tool To Search, Parse And Dump Only The Open Elasticsearch And MongoDB Directories That Have The Data You Care About Exposing
ODBParser is a tool to search for PII being exposed in open databases. ONLY to be used to identify exposed PII and warn server owners of irresponsible database maintenanceOR to query databases you have permission to access! PLEASE USE RESPONSIBLY What Is This? Wrote this as wanted to create one-stop OSINT tool for searching, parsing and analyzing open databases in order to identify...
Pollenisator : Collaborative Pentest Tool With Highly Customizable Tools
Pollenisator is a tool aiming to assist pentesters and auditor automating the use of some tools/scripts and keep track of them. Written in python 3Provides a modelisation of "pentest objects" : Scope, Hosts, Ports, Commands, Tools etc.Tools/scripts are separated into 4 categories : wave, Network/domain, IP, PortObjects are stored in a NoSQL DB (Mongo)Keep links between them to allow queriesObjects can...
Karta : Source Code Assisted Fast Binary Matching Plugin For IDA
"Karta" (Russian for "Map") is an IDA Python plugin that identifies and matches open-sourced libraries in a given binary. The plugin uses a unique technique that enables it to support huge binaries (>200,000 functions), with almost no impact on the overall performance. The matching algorithm is location-driven. This means that it's main focus is to locate the different compiled files,...
