TeamsUserEnum : User Enumeration With Microsoft Teams API
TeamsUserEnum, sometimes user enumeration could be sometimes useful during the reconnaissance of an assessment. This tool will determine if an email is registered on teams or not. More details on the immunIT's blog. Microsoft Teams User Enumeration The pandemic has increased the use of collaborative tools. Microsoft Teams is no exception: the number of daily active users increased 4 fold between March...
PSTF2 : Passive Security Tools Fingerprinting Framework
PSTF2 is a Passive Security Tools Fingerprinting Framework. Have you ever wanted a simple, easy and stealth bypass for multiple classes of security products? pstf^2 (pronounced pstf-square) is an implementation of an HTTP server capable of passive browser fingerprinting - and it might just be the thing you are looking for. When attackers try to deliver a payload over the...
Beanshooter : JMX Enumeration And Attacking Tool
Beanshooter is a command line tool written in Java, which helps to identify common vulnerabilities on JMX endpoints. Introduction JMX stands for Java Management Extensions and can be used to monitor and configure the Java Virtual Machine from remote. Applications like tomcat or JBoss are often installed together with a JMX instance, which enables server administrators to monitor and manage the corresponding application. JMX uses so called MBeans for monitoring and configuration tasks. The JMX agent (sever, port) is basically just an...
Hash-Buster v3.0 : Crack Hashes In Seconds
Hash-Buster v3.0 is a tool to Crack Hashes In Seconds. Features Automatic hash type identificationSupports MD5, SHA1, SHA256, SHA384, SHA512Can extract & crack hashes from a fileCan find hashes from a directory, recursivelyMulti-threading Installation & Usage Note: Hash Buster isn't compatible with python2, run it with python3 instead. Also, Hash-Buster uses some APIs for hash lookups, check the source code if you are...
Allsafe : Intentionally Vulnerable Android Application
Allsafe is an intentionally vulnerable application that contains various vulnerabilities. Unlike other vulnerable Android apps, this one is less like a CTF and more like a real-life application that uses modern libraries and technologies. Additionally, I have included some Frida based challenges for you to explore. Have fun and happy hacking! Useful Frida Scripts I have my Frida scripts (more like...
Regexploit : Find Regular Expressions Which Are Vulnerable To ReDoS (Regular Expression Denial Of Service)
Regexploit a tool to Find regexes which are vulnerable to Regular Expression Denial of Service (ReDoS). More info on the Doyensec blog Regexploit: DoS-able Regular Expressions When thinking of Denial of Service (DoS), we often focus on Distributed Denial of Service (DDoS) where millions of zombie machines overload a service by launching a tsunami of data. However, by abusing the algorithms a web...
Cyberstalkers: How to Protect Yourself
Modern-day communication technology is one of the most advanced and influential inventionsto affect humanity. However, it does have a dark side. Even if we’re careful, the open nature of the internet could result in you becoming a victim of cyberstalking. This crime refers to the use of the internet or other electronic modes to intimidate, frighten, or harass a group or person....
Data Breaches Aren’t Going Away: Everything You Need to Know to Protect Your Business
Despite major cyber-attacks making headlines every month or so, several businesses are far behind the curve when it comes to protecting themselves from malicious entities online. It's no wonder hackers are easily breaching the average organization - June 2021 alone saw 106 data breaches which led to 9.8 million exposed records. This implies that if a company underinvests in security,...
Orbitaldump : A Simple Multi-Threaded Distributed SSH Brute-Forcing Tool Written In Python
Orbitaldump is a simple multi-threaded distributed SSH brute-forcing tool written in Python. When the script is executed without the --proxies switch, it acts just like any other multi-threaded SSH brute-forcing scripts. When the --proxies switch is added, the script pulls a list (usually thousands) of SOCKS4 proxies from ProxyScrape and launch all brute-force attacks over the SOCKS4 proxies so brute-force attempts will be less likely to...
ARTIF : An Advanced Real Time Threat Intelligence Framework To Identify Threats And Malicious Web Traffic On The Basis Of IP Reputation And Historical Data.
ARTIF is a new advanced real time threat intelligence framework built that adds another abstraction layer on the top of MISP to identify threats and malicious web traffic on the basis of IP reputation and historical data. It also performs automatic enrichment and threat scoring by collecting, processing and correlating observables based on different factors. Key features of ARTIF includes:- Scoring...
.png "KrbRelay : Framework For Kerberos Relaying")
