.webp "How To Install/Run – Streamlining OSINT Workflows For Enhanced Capabilities")
OSS-Fuzz : Continuous Fuzzing For Open Source Software
In cooperation with the Core Infrastructure Initiative, OSS-Fuzz aims to make common open source software more secure and stable by combining modern fuzzing techniques with scalable, distributed execution. Fuzz testing is a well-known technique for uncovering programming errors in software. Many of these detectable errors, like buffer overflow, can have serious security implications. Google has found thousands of security vulnerabilities...
VHosts-Sieve : Searching For Virtual Hosts Among Non-Resolvable Domains
VHosts-Sieve is a searching for virtual hosts among non-resolvable domains. Installation git clone https://github.com/dariusztytko/vhosts-sieve.git pip3 install -r vhosts-sieve/requirements.txt Usage Get a list of subdomains (e.g. using Amass) $ amass enum -v -passive -o domains.txt -d example.com -d example-related.com Use vhosts-sieve.py to find virtual hosts $ python3 vhosts-sieve.py -d domains.txt -o vhosts.txt Logs dir: None Max domains to resolve: -1 Max IPs to scan: -1 Max vhost candidates to...
Formphish – Auto Phishing Form Based Websites
Formphish is a auto Phishing form-based websites. This tool can automatically detect inputs on html form-based websites to create a phishing page. Features Auto detect devicePort Forwarding by NgrokIP Tracker Dependencies (Httrack and Beautifulsoup) apt-get -y install httrackpython -m pip install -r requirements.txt Usage git clone https://github.com/thelinuxchoice/formphishcd formphishbash formphish.sh Disclaimer Usage of Formphish for attacking targets without prior mutual consent is illegal. It's the end user's responsibility...
SGN : A Polymorphic Binary Encoder For Offensive Security Purposes
SGN is a polymorphic binary encoder for offensive security purposes such as generating statically undetecable binary payloads. It uses a additive feedback loop to encode given binary instructions similar to LSFR. This project is the reimplementation of the original Shikata ga nai in golang with many improvements. How? & Why? For offensive security community, the original implementation of shikata ga nai...
SecretFinder : A Python Script Based On LinkFinder
SecretFinder is a python script based on LinkFinder (version for burpsuite here), written to discover sensitive data like apikeys, accesstoken, authorizations, jwt,..etc in JavaScript files. It does so by using jsbeautifier for python in combination with a fairly large regular expression. The regular expressions consists of four small regular expressions. These are responsible for finding and search anything on...
FSociety : A Modular Penetration Testing Framework
FSociety is a modular Penetration Testing framework. Install pip install fsociety Update pip install --upgrade fsociety Usage usage: fsociety A Penetration Testing FrameworkOptional Arguments:-h, --help show this help message and exit-i, --info gets fsociety info-s, --suggest suggest a tool Develop git clone https://github.com/fsociety-team/fsociety.gitpip install -e "." Docker docker pull fsocietyteam/fsocietydocker run -it fsocietyteam/fsociety fsociety Download
EvilDLL – Malicious DLL (Reverse Shell) Generator For DLL Hijacking
EvilDLL is a malicious DLL (Reverse Shell) generator for DLL hijacking. Features Reverse TCP Port Forwarding using Ngrok.ioCustom Port Forwarding option (LHOST,LPORT)Example of DLL Hijacking included (Half-Life Launcher file)Tested on Win7 (7601), Windows 10 Requirements Mingw-w64 compiler: apt-get install mingw-w64Ngrok Authtoken (for TCP Tunneling): Sign up at: https://ngrok.com/signupYour auth token is available on your dashboard: https://dashboard.ngrok.comInstall your auhtoken: ./ngrok authtoken <YOUR_AUTHTOKEN> Disclaimer Usage of EvilDLL...
TeaBreak : A Productivity Burp Extension
TeaBreak is a simple burp extension for security researchers and bug bounty hunters for helping them to increase their work productivity. We know how much health is important. It is recommended to take break from your work to avoid burnout, reduce eye strain and other health problems. How? Set your break time before commencement of your work.Freely work on your target.Auto...
Axiom : A Dynamic Infrastructure Toolkit For Red Teamers & Bug Bounty Hunters
Project Axiom is a set of utilities for managing a small dynamic infrastructure setup for bug bounty and pentesting. Axiom right now is perfect for teams as small as one person, without costing you much at all to run. And by not much to run at all, I mean, less than 5 bucks a month if you use responsibly, and...
Fast Google Dorks Scan
Fast Google Dorks Scan is a script to enumerate web-sites using Google dorks. Usage example: ./FGDS.sh megacorp.one Version: 0.035, June 07, 2020 Features Looking for the common admin panelLooking for the widespread file typesPath traversalPrevent Google banning Also Read - Jshole : A JavaScript Components Vulnerability Scanner Screenshot Download
