Posta : Cross-document Messaging Security Research Tool
Posta is a tool for researching Cross-document Messaging communication. It allows you to track, explore and exploit postMessage vulnerabilities, and includes features such as replaying messages sent between windows within any attached browser. Prerequisites Google Chrome / ChromiumNode.js (optional) Installation Development Environment Run Posta in a full development environment with a dedicated browser (Chromium): Install Posta git clone https://github.com/benso-io/postacd postanpm install Launch the dedicated Chromium session using the following command: node posta<URL> Click on the Posta...
OverRide : Binary Exploitation And Reverse-Engineering
OverRide is a explore disassembly, binary exploitation & reverse-engineering through 10 little challenges. In the folder for each level you will find: flag - password for next levelREADME.md - how to find passwordsource.c - the reverse engineered binarydissasembly_notes.md - notes on asm See the subject for more details. Getting Started First download from 42 OverRide.iso. Virtual Machine setup On Mac OSX, install VirtualBox. In VirtualBox create a new VM (click new). Name and operating system -...
SlackPirate : Slack Enumeration & Extraction Tool
SlackPirate is a tool developed in Python which uses the native Slack APIs to extract 'interesting' information from a Slack workspace given an access token. As of May 2018, Slack has over 8 million customers and that number is rapidly rising - the integration and 'ChatOps' possibilities are endless and allows teams (not just developers!) to create some really powerful...
Simple Business Plan for Internet Café
A cyber cafe or internet cafe has been a favorite destination for millions of people for over 30 years. The cyber cafe attracts with constant high-speed Internet, the latest video games, and high-tech computers. Due to the growing demand for video games, the popularity of e-sports, and remote forms of earning money, cyber cafes do not lose but only...
IPCDump : Tool For Tracing Interprocess Communication (IPC) On Linux
IPCDump is a tool for tracing inter-process communication (IPC) on Linux. It covers most of the common IPC mechanisms -- pipes, fifos, signals, UNIX sockets, loop-back-based networking, and pseudo-terminals. It's a useful tool for debugging multi-process applications, and it's also a simple way to understand how the different moving parts in your system communicate with one another. I t can...
Reasons to Rebrand Your Business
Rebranding your business could be the best or the worst decision a company could make. There have been instances where high-end companies have damaged their reputation due to bad rebranding, while for some it has worked wonders. To rebrand you need to spend time and energy into obtaining a buy-in first and then garnering information and resources on how...
CrossLinked : LinkedIn Enumeration Tool To Extract Valid Employee Names
CrossLinked is a LinkedIn enumeration tool that uses search engine scraping to collect valid employee names from a target organization. This technique provides accurate results without the use of API keys, credentials, or even accessing the site directly. Formats can then be applied in the command line arguments to turn these names into email addresses, domain accounts, and more. For...
Vulnerablecode : A Free And Open Vulnerabilities Database
VulnerableCode is a free and open database of FOSS software package vulnerabilities and the tools to create and keep the data current. It is made by the FOSS community to improve and secure the open source software ecosystem. Why? The existing solutions are commercial proprietary vulnerability databases, which in itself does not make sense because the data is about FOSS (Free...
Kubesploit : A Cross-Platform Post-Exploitation HTTP/2 Command
Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent dedicated for containerized environments written in Golang and built on top of Merlin project by Russel Van Tuyl (@Ne0nd0g). Our Motivation While researching Docker and Kubernetes, we noticed that most of the tools available today are aimed at passive scanning for vulnerabilities in the cluster, and there is a...
DNSPeep : Spy On The DNS Queries Your Computer Is Making
DNSPeep lets you spy on the DNS queries your computer is making. Here's some example output: $ sudo dnspeepquery name server IP responseA incoming.telemetry.mozilla.org 192.168.1.1 CNAME: telemetry-incoming.r53-2.services.mozilla.com, CNAME: pipeline-incoming-prod-elb-149169523.us-west-2.elb.amazonaws.com, A: 52.39.144.189, A: 54.191.136.131, A: 34.215.151.143, A: 54.149.208.57, A: 44.226.235.191, A: 52.10.174.113, A: 35.160.138.173, A: 44.238.190.78AAAA incoming.telemetry.mozilla.org 192.168.1.1 CNAME: telemetry-incoming.r53-2.services.mozilla.com, CNAME: pipeline-incoming-prod-elb-149169523.us-west-2.elb.amazonaws.comA www.google.com 192.168.1.1 A: 172.217.13.132AAAA www.google.com 192.168.1.1 AAAA: 2607:f8b0:4020:807::2004A www.neopets.com 192.168.1.1...
