WWWGrep : OWASP Foundation Web Respository
WWWGrep is a rapid search “grepping” mechanism that examines HTML elements by type and permits focused (single), multiple (file based URLs) and recursive (with respect to root domain or not) searches to be performed. Header names and values may also be recursively searched in this manner. WWWGrep was designed to help both breakers and builders to quickly examine code...
Owt : The Most Compact WiFi Auditing Tool That Works On Command Line Linux
Owt compiles some necessary tools for wifi auditing in a unix bash script with a user friendly interface. The goal of owt is to have the smallest file size possible while still functioning at maximum proficiency. Installation & Running The Script ~ $ git clone https://github.com/clu3bot/OWT.git~ $ cd owt~ $ sudo bash owt.sh Note: owt requires root privileges Make sure to allow updates...
Graphw00F : GraphQL fingerprinting tool for GQL endpoints
Graphw00F (inspired by wafw00f) is the GraphQL fingerprinting tool for GQL endpoints, it sends a mix of benign and malformed queries to determine the GraphQL engine running behind the scenes. graphw00f will provide insights into what security defences each technology provides out of the box, and whether they are on or off by default. Specially crafted queries cause different GraphQL server...
SharpStrike : A Post Exploitation Tool Written In C# Uses Either CIM Or WMI To Query Remote Systems
SharpStrike is a post-exploitation tool written in C# that uses either CIM or WMI to query remote systems. It can use provided credentials or the current user's session. Note: Some commands will use PowerShell in combination with WMI, denoted with ** in the --show-commands command. Introduction SharpStrike is a C# rewrite and expansion on @Matt_Grandy_'s CIMplant and @christruncer's WMImplant. SharpStrike allows you to gather data about a remote system, execute...
TREVORspray : A Featureful Round-Robin SOCKS Proxy And Python O365 Sprayer Based On MSOLSpray Which Uses The Microsoft Graph API
TREVORspray is a A featureful Python O365 sprayer based on MSOLSpray which uses the Microsoft Graph API. TREVORproxy is a SOCKS proxy that round-robins requests through SSH hosts. Microsoft is getting better and better about blocking password spraying attacks against O365. TREVORspray can solve this by proxying its requests through an unlimited number of --ssh hosts. No weird dependencies or cumbersome setup required - all...
DNSMonster : Passive DNS Capture/Monitoring Framework
DNSMonster is a passive DNS collection and monitoring built with Golang, Click house and Grafana: dnsmonster implements a packet sniffer for DNS traffic. It can accept traffic from a pcap file, a live interface or a dnstap socket, and can be used to index and store thousands of DNS queries per second (it has shown to be capable of indexing 200k+ DNS queries per second...
packetsifterTool : A Tool To Aid Analysts In Sifting Through A Packet Capture (Pcap) To Find Noteworthy Traffic
packetsifterTool is to perform batch processing of PCAP data to uncover potential IOCs.Simply initialize PacketSifter with your desired integrations (Virus Total, Abuse IPDB) and pass PacketSifter a pcap and the desired switches and PacketSifter will sift through the data and generate several output files. Note Please run AbuseIPDBInitial.sh and VTInitial.sh prior to using their corresponding switches or the integrations will not...
Penelope : Shell Handler
Penelope is an advanced shell handler. Its main aim is to replace netcat as shell catcher during exploiting RCE vulnerabilities. It works on Linux and macOS and the only requirement is Python3. It is one script without 3rd party dependencies and hopefully it will stay that way. Among the main features are: Auto-upgrade shells to PTY (auto-resize included)Logging interaction with the...
GoPurple : Yet Another Shellcode Runner Consists Of Different Techniques For Evaluating Detection Capabilities Of Endpoint Security Solutions
GoPurple is a simple collection of various shell code injection techniques, aiming to streamline the process of endpoint detection evaluation, beside challenging myself to get into Golang world. Installation Requires go installed. Build the application from the project's directory: go build. Set GOOS=windows if the build system is not Windows _ / | | || | _ _ _ _ _ _ _ _...
What Do You Need to Know About Programming before You Try Learning It
Programming has been one of the most lucrative and promising career paths for the last couple of decades, and it does not seem to be losing momentum. On the contrary – the demand for skilled programmers is higher than ever, and working in this industry is growing more promising with every passing year. It is not surprising, then, that...
