Ppmap : A Scanner/Exploitation Tool Written In GO, Which Leverages Prototype Pollution To XSS By Exploiting Known Gadgets
Ppmap is a simple scanner/exploitation tool written in GO which automatically exploits known and existing gadgets (checks for specific variables in the global context) to perform XSS via Prototype Pollution. NOTE: The program only exploits known gadgets, but does not cover code analysis or any advanced Prototype Pollution exploitation, which may include custom gadgets. Requirements Make sure to have Chromium/Chrome installed: sudo...
MANSPIDER : Spider Entire Networks For Juicy Files Sitting On SMB Shares. Search Filenames Or File Content – Regex Supported!
MANSPIDER will crawl every share on every target system. If provided creds don't work, it will fall back to "guest", then to a null session. File Types Supported PDFDOCXXLSXPPTXany text-based formatand many more!! Installation Install these dependencies to add additional file parsing capability: #for images (png, jpeg)$ sudo apt install tesseract tesseract-data-eng#for legacy document support (.doc)$ sudo apt install antiword Install manspider (please be...
Terra guard : Create And Destroy Your Own VPN Service Using Wire Guard
Terra guard's goal is to be simple to create and destroy your own VPN service using Wire Guard. Prerequisites Terraform >= 1.0.0Ansible >= 2.10.5 How To Deploy Terraform Run with sudo is necessary because we need permission on localhost to install packages, configure a network interface and start a process. Select your cloud provider AWS, DigitalOcean and open the directory You can change the region or key name in the variable.tf Initialize...
Pathprober : Probe And Discover HTTP Pathname Using Brute-Force Methodology And Filtered By Specific Word Or 2 Words At Once
Pathprober is a Probe and discover HTTP pathname using brute-force methodology and filtered by specific word or 2 words at once. Brute-forcing website directories or HTTP pathname and validate using HTTP response code is not relevant anymore. This tool will help you to perform a penetration test, because it could validate the directories using specific-word or 2 words at once...
In0ri : Defacement Detection With Deep Learning
In0ri is a defacement detection system utilizing a image-classification convolutional neural network. Introduction When monitoring a website, In0ri will periodically take a screenshot of the website then put it through a preprocessor that will resize the image down to 250x250px and numericalize the image before passing it onto the classifier. The core of the classifier is a convolutional neural network that...
TeamsUserEnum : User Enumeration With Microsoft Teams API
TeamsUserEnum, sometimes user enumeration could be sometimes useful during the reconnaissance of an assessment. This tool will determine if an email is registered on teams or not. More details on the immunIT's blog. Microsoft Teams User Enumeration The pandemic has increased the use of collaborative tools. Microsoft Teams is no exception: the number of daily active users increased 4 fold between March...
PSTF2 : Passive Security Tools Fingerprinting Framework
PSTF2 is a Passive Security Tools Fingerprinting Framework. Have you ever wanted a simple, easy and stealth bypass for multiple classes of security products? pstf^2 (pronounced pstf-square) is an implementation of an HTTP server capable of passive browser fingerprinting - and it might just be the thing you are looking for. When attackers try to deliver a payload over the...
Beanshooter : JMX Enumeration And Attacking Tool
Beanshooter is a command line tool written in Java, which helps to identify common vulnerabilities on JMX endpoints. Introduction JMX stands for Java Management Extensions and can be used to monitor and configure the Java Virtual Machine from remote. Applications like tomcat or JBoss are often installed together with a JMX instance, which enables server administrators to monitor and manage the corresponding application. JMX uses so called MBeans for monitoring and configuration tasks. The JMX agent (sever, port) is basically just an...
Hash-Buster v3.0 : Crack Hashes In Seconds
Hash-Buster v3.0 is a tool to Crack Hashes In Seconds. Features Automatic hash type identificationSupports MD5, SHA1, SHA256, SHA384, SHA512Can extract & crack hashes from a fileCan find hashes from a directory, recursivelyMulti-threading Installation & Usage Note: Hash Buster isn't compatible with python2, run it with python3 instead. Also, Hash-Buster uses some APIs for hash lookups, check the source code if you are...
Allsafe : Intentionally Vulnerable Android Application
Allsafe is an intentionally vulnerable application that contains various vulnerabilities. Unlike other vulnerable Android apps, this one is less like a CTF and more like a real-life application that uses modern libraries and technologies. Additionally, I have included some Frida based challenges for you to explore. Have fun and happy hacking! Useful Frida Scripts I have my Frida scripts (more like...
