Hash-Buster v3.0 : Crack Hashes In Seconds
Hash-Buster v3.0 is a tool to Crack Hashes In Seconds. Features Automatic hash type identificationSupports MD5, SHA1, SHA256, SHA384, SHA512Can extract & crack hashes from a fileCan find hashes from a directory, recursivelyMulti-threading Installation & Usage Note: Hash Buster isn't compatible with python2, run it with python3 instead. Also, Hash-Buster uses some APIs for hash lookups, check the source code if you are...
Allsafe : Intentionally Vulnerable Android Application
Allsafe is an intentionally vulnerable application that contains various vulnerabilities. Unlike other vulnerable Android apps, this one is less like a CTF and more like a real-life application that uses modern libraries and technologies. Additionally, I have included some Frida based challenges for you to explore. Have fun and happy hacking! Useful Frida Scripts I have my Frida scripts (more like...
Regexploit : Find Regular Expressions Which Are Vulnerable To ReDoS (Regular Expression Denial Of Service)
Regexploit a tool to Find regexes which are vulnerable to Regular Expression Denial of Service (ReDoS). More info on the Doyensec blog Regexploit: DoS-able Regular Expressions When thinking of Denial of Service (DoS), we often focus on Distributed Denial of Service (DDoS) where millions of zombie machines overload a service by launching a tsunami of data. However, by abusing the algorithms a web...
Cyberstalkers: How to Protect Yourself
Modern-day communication technology is one of the most advanced and influential inventionsto affect humanity. However, it does have a dark side. Even if we’re careful, the open nature of the internet could result in you becoming a victim of cyberstalking. This crime refers to the use of the internet or other electronic modes to intimidate, frighten, or harass a group or person....
Data Breaches Aren’t Going Away: Everything You Need to Know to Protect Your Business
Despite major cyber-attacks making headlines every month or so, several businesses are far behind the curve when it comes to protecting themselves from malicious entities online. It's no wonder hackers are easily breaching the average organization - June 2021 alone saw 106 data breaches which led to 9.8 million exposed records. This implies that if a company underinvests in security,...
Orbitaldump : A Simple Multi-Threaded Distributed SSH Brute-Forcing Tool Written In Python
Orbitaldump is a simple multi-threaded distributed SSH brute-forcing tool written in Python. When the script is executed without the --proxies switch, it acts just like any other multi-threaded SSH brute-forcing scripts. When the --proxies switch is added, the script pulls a list (usually thousands) of SOCKS4 proxies from ProxyScrape and launch all brute-force attacks over the SOCKS4 proxies so brute-force attempts will be less likely to...
ARTIF : An Advanced Real Time Threat Intelligence Framework To Identify Threats And Malicious Web Traffic On The Basis Of IP Reputation And Historical Data.
ARTIF is a new advanced real time threat intelligence framework built that adds another abstraction layer on the top of MISP to identify threats and malicious web traffic on the basis of IP reputation and historical data. It also performs automatic enrichment and threat scoring by collecting, processing and correlating observables based on different factors. Key features of ARTIF includes:- Scoring...
JWTweak : Detects The Algorithm Of Input JWT Token And Provide Options To Generate The New JWT Token Based On The User Selected Algorithm
JWTweak is a tool to detects The Algorithm Of Input JWT Token And Provide Options To Generate The New JWT Token Based On The User Selected Algorithm. With the global increase in JSON Web Token (JWT) usage, the attack surface has also increased significantly. Having said that, this utility is designed with the aim to generate the new JWT...
DNSrr : A Tool Written In Bash, Used To Enumerate All The Juicy Stuff From DNS
DNSrr is a tool written in bash, used to enumerate all the juicy stuff from DNS records, it uses different techniques like DNS Forward BruteforceDNS Reverse BruteforceDNS Cache SnoopingDNS Zone Transfer To get you all the information that you can get, from a DNS server. Installation Install it using git git clone https://github.com/A3h1nt/Dnsrr Get Started ./dnsrr.sh --help Usage -z : Attempt Zone TransferSyntax: ./dns.sh -z -fb :...
Whisker : A C# Tool For Taking Over Active Directory User And Computer Accounts By Manipulating Their msDS-KeyCredentialLink Attribute
Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, effectively adding "Shadow Credentials" to the target account. This tool is based on code from DSInternals by Michael Grafnetter (@MGrafnetter). For this attack to succeed, the environment must have a Domain Controller running on Windows Server 2016, and the Domain Controller must have a server authentication...
