WFH : Windows Feature Hunter 2021
Windows Feature Hunter (WFH) is a proof of concept python script that uses Frida, a dynamic instrumentation toolkit, to assist in potentially identifying common “vulnerabilities” or “features” within Windows executables. WFH currently has the capability to automatically identify potential Dynamic Linked Library (DLL) sideloading and Component Object Model (COM) hijacking opportunities at scale. DLL sideloading utilizes the Windows side-by-side (WinSXS) assembly...
Ipa-Medit : Memory Search And Patch Tool For Resigned Ipa Without Jailbreak
Ipa-medit is a memory search and patch tool for resigned ipa without jailbreak. It was created for mobile game security testing. Motivation Memory modification is the easiest way to cheat in games, it is one of the items to be checked in the security test. There are also cheat tools that can be used casually like GameGem and iGameGuardian. However, there...
Cariddi : Take A List Of Domains, Crawl Urls And Scan For Endpoints, Secrets, Api Keys, File Extensions, Tokens And More…
Cariddi is a tool to take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more. Installation You need Go. Go is an open source programming language that makes it easy to build simple, reliable, and efficient software. Linuxgit clone https://github.com/edoardottt/cariddi.gitcd cariddigo getmake linux (to install)make unlinux (to uninstall)Or in one line: git clone https://github.com/edoardottt/cariddi.git; cd cariddi; go get; make linuxWindows (executable works only...
Salus : Security Scanner Coordinator
Salus (Security Automation as a Lightweight Universal Scanner), named after the Roman goddess of protection, is a tool for coordinating the execution of security scanners. You can run Salus on a repository via the Docker daemon and it will determine which scanners are relevant, run them and provide the output. Most scanners are other mature open source projects which we...
FindObjects-BOF : A Cobalt Strike Beacon Object File (BOF)
FindObjects-BOF is a Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific modules or process handles. What Is This Repository For? Use direct systems calls within Beacon Object files to enumerate processes for specific loaded modules (e.g. winhttp.dll, amsi.dll or clr.dll).Use direct systems calls within Beacon Object files to enumerate processes for specific...
GitDump : A Pentesting Tool That Dumps The Source Code From .Git Even When The Directory Traversal Is Disabled
GitDump dumps the source code from .git when the directory traversal is disabled Requirements Python3 Tested On WindowsKali Linux What It Does Dump source code from website/.git directory when directory traversal is disabled. How It Works Fetch all common files (.git/index, .git/HEAD, .git/ORIG_HEAD, etc.).Find as many objects (sha1) as possible by analyzing .git/packed-refs, .git/index, etc.Download idx and pack files.Now you can run git checkout -- . to...
Sharperner : Simple Executable Generator With Encrypted Shellcode
Sharperner is a tool written in CSharp that generate .NET dropper with AES and XOR obfuscated shellcode. Generated executable can possibly bypass signature check but I cant be sure it can bypass heuristic scanning. Features PE binary Process HollowingPPID SpoofingRandom generated AES key and ivFinal Shellcode, Key and IV are translated to morse code .NET binary AES + XOR encrypted shellcodeAPC Process Injection...
TiEtwAgent : PoC Memory Injection Detection Agent Based On ETW, For Offensive And Defensive Research Purposes
TiEtwAgent project was created to research, build and test different memory injection detection use cases and bypass techniques. The agent utilizes Microsoft-Windows-Threat-Intelligence event tracing provider, as a more modern and stable alternative to Userland-hooking, with the benefit of Kernel-mode visibility. The project depends on the microsoft/krabsetw library for ETS setup and consumption. An accompanying blog post can be found here: https://blog.redbluepurple.io/windows-security-research/kernel-tracing-injection-detection Adding New Detections Detection functions...
OpenAttack : An Open-Source Package For Textual Adversarial Attack
OpenAttack is an open-source Python-based textual adversarial attack toolkit, which handles the whole process of textual adversarial attacking, including preprocessing text, accessing the victim model, generating adversarial examples and evaluation. Features & Uses OpenAttack has following features: High usability. OpenAttack provides easy-to-use APIs that can support the whole process of textual adversarial attacks;Full coverage of attack model types. OpenAttack supports sentence-/word-/character-level perturbations and...
Lazyrecon : Tool To Automate Your Reconnaissance Process In An Organized Fashion
Lazyrecon is a subdomain discovery tool that finds and resolves valid subdomains then performs SSRF/LFI/SQLi fuzzing, brute-force and port scanning. It has a simple modular architecture and is optimized for speed while working with github and wayback machine. Features Super fast asynchronous executionCI/CD readyHTML/pdf reportsDiscord integrationBackground listen serverDomain name, list of domains, IP, CIDR input - notations supportTeardown and program exit...
