CamOver : A Camera Exploitation Tool That Allows To Disclosure Network Camera Admin Password
CamOver is a camera exploitation tool that allows to disclosure network camera admin password. Features Exploits vulnerabilities in most popular camera models such as CCTV, GoAhead and Netwave.Optimized to exploit multiple cameras at one time from list with threading enabled.Simple CLI and API usage. Installation pip3 install git+https://github.com/EntySec/CamOver Basic Usage To use it just type camover in your terminal. usage: camover CamOver is a camera exploitation...
Shreder : A Powerful Multi-Threaded SSH Protocol Password Bruteforce Tool
Shreder is a powerful multi-threaded SSH protocol password brute-force tool. Features Very fast password guessing, just one password in 0.1 second.Optimized for big password lists, Shreder tries 1000 passwords in 1 minute and 40 seconds.Simple CLI and API usage. Installation pip3 install git+https://github.com/EntySec/Shreder Basic Usage To use Shreder just type shreder in your terminal. usage: shreder targetShreder is a powerful multi-threaded SSH protocol password bruteforce tool.positional arguments:targetoptional arguments:-h, --help show...
BlobHunter : Find Exposed Data In Azure With This Public Blob Scanner
BlobHunter is an opensource tool for scanning Azure blob storage accounts for publicly opened blobs.BlobHunter is a part of "Hunting Azure Blobs Exposes Millions of Sensitive Files" research:https://www.cyberark.com/resources/threat-research-blog/hunting-azure-blobs-exposes-millions-of-sensitive-files Overview BlobHunter helps you identify Azure blob storage containers which store files that are publicly available to anyone with an internet connection.The tool will help mitigate risk by identifying poorly configured containers that...
SharpHook : Tool Tath Uses Various API Hooks In Order To Give Us The Desired Credentials
SharpHook is inspired by the SharpRDPThief project, It uses various API hooks in order to give us the desired credentials. In the background it uses the EasyHook project, Once the desired process is up and running SharpHook will automatically inject its dependencies into the target process and then, It will send us the credentials through EasyHook's IPC server. Supported Processes ProcessAPI CallDescriptionProgressmstscCredUnPackAuthenticationBufferWThis will hook into...
CamRaptor : Tool That Exploits Several Vulnerabilities In Popular DVR Cameras To Obtain Network Camera Credentials
CamRaptor is a tool that exploits several vulnerabilities in popular DVR cameras to obtain network camera credentials. Features Exploits vulnerabilities in most popular camera models such as Novo, CeNova and QSee.Optimized to exploit multiple cameras at one time from list with threading enabled.Simple CLI and API usage. Installation pip3 install git+https://github.com/EntySec/CamRaptor Basic Usage To use CamRaptor just type camraptor in your terminal. usage: camraptor CamRaptor is...
HoneyCreds : Network Credential Injection To Detect Responder And Other Network Poisoners
HoneyCreds network credential injection to detect responder and other network poisoners. Requirements Requires Python 3.6+ (tested on Python 3.9)smbprotocolcffisplunk-sdk Installation git clone https://github.com/Ben0xA/HoneyCreds.gitcd HoneyCredspip3 install -r requirements.txt Running python3 honeycreds.py Settings It is advised that you change these settings to best suit your environment. Note: You can use an existing account, just change the password. Change these in honeycreds.conf Choose a legit looking username def_username = 'honeycreds' This can match your...
Dark Load Library : Load Library For Offensive Operations
Dark Load Library is a tool to Load Library for offensive operations. Usage DARKMODULE DarkModule = DarkLoadLibrary(LOAD_LOCAL_FILE, // control flagsL"TestDLL.dll", // local dll path, if loading from diskNULL, // DLL Buffer to load from if loading from memory0, // dll size if loading from memoryNULL // dll name if loaded from memory); Control Flags LOAD_LOCAL_FILE - Load a DLL from the file system.LOAD_MEMORY -...
Mythic : A Collaborative, Multi-Platform, Red Teaming Framework
Mythic is a cross-platform, post-exploit, red teaming framework built with python3, docker, docker-compose, and a web browser UI. It's designed to provide a collaborative and user friendly interface for operators, managers, and reporting throughout red teaming. Installing Agents and C2 Profiles The Mythic repository itself does not host any Payload Types or any C2 Profiles. Instead, Mythic provides a command, ./mythic-cli install...
HashCheck : Tool To Assist In The Search For Leaked Passwords
HashCheck is a project aims to assist in the search for leaked passwords while maintaining a high level of privacy using the k-anonymity method. To achieve this, the APIs of different services are used, sending only a part of the Hash of the password we want to check, for example, the first 5 characters. Prerequisites The project needs some libraries in order...
Swift-Attack : Unit Tests For Blue Teams To Aid With Building Detections For Some Common macOS Post Exploitation Methods
Swift-Attack is a unit tests for blue teams to aid with building detections for some common macOS post exploitation methods. I have included some post exploitation examples using both command line history and on disk binaries (which should be easier for detection) as well as post exploitation examples using API calls only (which will be more difficult for detection)....
