Baserunner : A Tool For Exploring Firebase Datastores
Baserunner is atool for exploring and exploiting Firebase datastores. See this post on our blog for an overview of how Firebase works and why we developed this tool. Set Up git clone https://github.com/iosiro/baserunner.gitcd baserunnernpm installnpm run buildnpm startGo to http://localhost:3000 in your browser. Usage The Baserunner interface looks like this: First, use the configuration textbox to load a Firebase configuration JSON structure from the app you'd...
LibAFL : Advanced Fuzzing Library – Slot Your Fuzzer Together In Rust
Advanced Fuzzing Library is a slot your own fuzzers together and extend their features using Rust. LibAFL is written and maintained by Andrea Fioraldi andreafioraldi@gmail.com and Dominik Maier mail@dmnk.co. Why LibAFL? LibAFL gives you many of the benefits of an off-the-shelf fuzzer, while being completely customizable. Some highlight features currently include: fast: We do everything we can at compile time, keeping runtime overhead minimal. Users...
WordPress Brute Force : Super Fast Login WordPress Brute Force
WordPress Brute Force is a super fast login for WordPress. .---. .-----------/ __ / ------/ / ( )/ -----////// ' / --- //// / // : ★★ : --- // / / / '--// //.. WpCrack Brute Froce Tool™====UU====UU=========================='//||`''``usage: python WpCrack.py optional arguments:-h, --help show this help message and exit-V, --version show program's version number and exit-d, --debug debugging...
Priv2Admin : Exploitation Paths Allowing You To (Mis)Use The Windows Privileges
Priv2Admin idea is to "translate" Windows OS privileges to a path leading to: administrator,integrity and/or confidentiality threat,availability threat,just a mess. Privileges are listed and explained at: https://docs.microsoft.com/en-us/windows/win32/secauthz/privilege-constants If the goal can be achieved multiple ways, the priority is Using built-in commandsUsing PowerShell (only if a working script exists)Using non-OS toolsUsing any other method You can check your own privileges with whoami /priv. Disabled privileges are as...
7 Ways in Which You Can Keep Yourself Safe on the Internet
It's easy to find ways to stay safe on the internet. With today's technology, you can stay connected with loved ones and friends all over the world from the convenience of your own home. Still, if you don't practice proper internet safety while online, you can encounter a range of dangerous web behaviors that put you at risk of...
Kiterunner : Contextual Content Discovery Tool
For the longest of times, content discovery has been focused on finding files and folders. While this approach is effective for legacy web servers that host static files or respond with 3xx’s upon a partial path, it is no longer effective for modern web applications, specifically APIs. Over time, we have seen a lot of time invested in making content...
Red-Detector : Scan Your EC2 Instance To Find Its Vulnerabilities Using Vuls.io
Red-Detector is a tool to Scan your EC2 instance to find its vulnerabilities using Vuls (https://vuls.io/en/). Audit your EC2 instance to find security misconfigurations using Lynis (https://cisofy.com/solutions/#lynis). Scan your EC2 instance for signs of a rootkit using Chkrootkit (http://www.chkrootkit.org/). Requirements Configured AWS account with the EC2 actions mentioned below. The policy containing these requirements can be found in red-detector-policy.json. Actions details: Required action premissionWhy it...
Evasor : A Tool To Be Used In Post Exploitation Phase For Blue
The Evasor is an automated security assessment tool which locates existing executables on the Windows operating system that can be used to bypass any Application Control rules. It is very easy to use, quick, saves time and fully automated which generates for you a report including description, screenshots and mitigations suggestions, suites for both blue and red teams in...
CANalyse : A Vehicle Network Analysis And Attack Tool
CANalyse is a tool built to analyze the log files to find out unique datasets automatically and able to connect to simple user interfaces such as Telegram. Basically, while using this tool the attacker can provide a bot-ID and use the tool over the internet through telegram-bot. CANalyse is made to be placed inside a raspberry-PI and able to...
Judge Jury And Executable : A File System Forensics Analysis Scanner & Threat Hunting Tool
Judge Jury And Executable is a File System Forensics Analysis Scanner And Threat Hunting Tool Features Scan a mounted filesystem for threats right awayOr gather a system baseline before an incident, for extra threat hunting abilityCan be used before, during or after an incidentFor one to many workstationsScans the MFT, bypassing file permissions, file locks or OS file protections/hiding/shadowingUp to 51...
