.webp "How To Install/Run – Streamlining OSINT Workflows For Enhanced Capabilities")
JWT-Hack : Hack the JWT(JSON Web Token)
JWT-Hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce). Installation go-get(dev version) $ go get -u github.com/hahwul/jwt-hack homebrew $ brew tap hahwul/jwt-hack $ brew install jwt-hack snapcraft $ sudo snap install jwt-hack Usage d8p 8d8 d88 888888888 888 888 ,8b. doooooo 888 ,dP88p 888,o.d88 '88d __ 88888888 88'8o d88 888o8P'88P 888PY8b8...
ISH : Linux Shell For iOS
ISH is a project to get a Linux shell running on iOS, using usermode x86 emulation and syscall translation. For the current status of the project, check the issues tab, and the commit logs. App Store pageTestFlight betaDiscord serverWiki with help and tutorialsREADME in Chinese (may be out of date, if so send PRs) Hacking This project has a git submodule, make sure...
Grype : A Vulnerability Scanner For Container Images And Filesystems
Grype is a vulnerability scanner for container images and filesystems. Easily install the binary to try it out. Features Scan the contents of a container image or filesystem to find known vulnerabilities.Find vulnerabilities for major operating system packagesAlpineBusyBoxCentOS / Red HatDebianUbuntuFind vulnerabilities for language-specific packagesRuby (Bundler)Java (JARs, etc)JavaScript (NPM/Yarn)Python (Egg/Wheel)Python pip/requirements.txt/setup.py listingsSupports Docker and OCI image formats If you encounter an issue,...
Taser : Python3 Resource Library For Creating Security Related Tooling
TASER (Testing And SEecurity Resource) is a Python resource library used to simplify the process of creating offensive security tooling, especially those relating to web or external assessments. It's modular design makes it easy for code to be customized and re-purposed in a variety of scenarios. Key Features Easily invoke web spiders or search engine scrapers to aid in data collection.Supports...
Cobalt Strike Scan : Scan Files Or Process Memory For CobaltStrike Beacons & Parse Their Configuration
Scan files or process memory for Cobalt Strike beacons and parse their configuration. CobaltStrikeScan scans Windows process memory for evidence of DLL injection (classic or reflective injection) and performs a YARA scan on the target process' memory for Cobalt Strike v3 and v4 beacon signatures. Alternatively, CobaltStrikeScan can perform the same YARA scan on a file supplied by absolute or relative...
Manuka : A Modular OSINT Honeypot For Blue Teamers
Manuka is an Open-source intelligence (OSINT) honeypot that monitors reconnaissance attempts by threat actors and generates actionable intelligence for Blue Teamers. It creates a simulated environment consisting of staged OSINT sources, such as social media profiles and leaked credentials, and tracks signs of adversary interest, closely aligning to MITRE’s PRE-ATT&CK framework. Manuka gives Blue Teams additional visibility of the...
Pesidious : Malware Mutation using Deep Reinforcement Learning & GANs
The purpose of the tool is to use artificial intelligence to mutate a malware (PE32 only) sample to bypass AI powered classifiers while keeping its functionality intact. In the past, notable work has been done in this domain with researchers either looking at reinforcement learning or generative adversarial networks as their weapons of choice to modify the states of...
NoSQLi : NoSql Injection CLI Tool
NoSQL1 is a NoSQL scanner and injector. I wanted a better nosql injection tool that was simple to use, fully command line based, and configurable. To that end, I began work on nosqli - a simple nosql injection tool written in Go. It aims to be fast, accurate, and highly usable, with an easy to understand command line interface. Features Nosqli currently...
SSJ : Linux Distribution Gone Super Saiyan
SSJ is a silly little script that makes use of Docker installed on your everyday Linux distribution (Ubuntu, Debian, etc.) and magically arms it with hundreds of penetration testing and forensics tools. All of these run with almost native performance (as containers utilize the host operating system's kernel) and thus is a slightly better alternative to Virtual Machines in...
Taken : Takeover AWS IPS & Have A Working POC For Subdomain Takeover
Taken is a tool to takeover AWS ips and have a working POC for Subdomain Takeover. Idea is simple Get subdomains.Do reverse lookups to only save AWS ips.Restart EC2 instance every min. and public ip gets rotated on each restart. Match it with your existing list of subdomain ips and you have a working subdomain takeover POC.Notify via email as...
