Scylla : The Simplistic Information Gathering Engine
Scylla is an OSINT tool developed in Python 3.6. Scylla lets users perform advanced searches on Instagram & Twitter accounts, websites/webservers, phone numbers, and names. Scylla also allows users to find all social media profiles (main platforms) assigned to a certain username. In continuation, Scylla has shodan support so you can search for devices all over the internet, it...
UAC : Unix-like Artifacts Collector
UAC is a Live Response collection tool for Incident Response that makes use of built-in tools to automate the collection of Unix-like systems artifacts. It respects the order of volatility and artifacts that are changed during the execution. It was created to facilitate and speed up data collection, and depend less on remote support during incident response engagements. UAC can...
Ethical Hacking – A new evolution in the digital era
Ethical Hacking is an authorized practice of bypassing system security to identify potential data breaches and threats in a network. The company that owns the system or network allows Cyber Security engineers to perform such activities in order to test the system’s defenses. Thus, unlike malicious hacking, this process is planned, approved, and more importantly, legal. Ethical hackers aim to...
Essential Tools and Apps for Linux Users in 2021
Linux doesn’t have the huge popularity that Microsoft and Apple enjoy with their operating systems. But it still has a sizeable and very loyal following, especially among techies. Linux is an alternative operating system with a great focus on stability and excellent applications. Many of these are often open-source applications and can be accessed free of cost. Given the...
Maigret : OSINT Username Checker
Purpose of Maigret - collect a dossier on a person by username only, checking for accounts on a huge number of sites. This is a sherlock fork with cool features under heavy development. Don't forget to regularly update source code from repo. Currently supported more than 2000 sites (full list), by default search is launched against 500 popular sites in descending...
Watson : Enumerate Missing KBs & Suggest Exploits For Useful Privilege Escalation Vulnerabilities
Watson is a .NET tool designed to enumerate missing KBs and suggest exploits for Privilege Escalation vulnerabilities. Supported Versions Windows 10 1507, 1511, 1607, 1703, 1709, 1803, 1809, 1903, 1909, 2004Server 2016 & 2019 Usage - OS Build Number: 14393>>Enumerating installed KBs…- CVE-2019-0836 : VULNERABLE>>https://exploit-db.com/exploits/46718>>https://decoder.cloud/2019/04/29/combinig-luafv-postluafvpostreadwrite-race-condition-pe-with-diaghub-collector-exploit-from-standard-user-to-system/- CVE-2019-0841 : VULNERABLE>>https://github.com/rogue-kdc/CVE-2019-0841>>https://rastamouse.me/tags/cve-2019-0841/- CVE-2019-1064 : VULNERABLE>>https://www.rythmstick.net/posts/cve-2019-1064/- CVE-2019-1130 : VULNERABLE>>https://github.com/S3cur3Th1sSh1t/SharpByeBear- CVE-2019-1253 : VULNERABLE>>https://github.com/padovah4ck/CVE-2019-1253- CVE-2019-1315 : VULNERABLE>>https://offsec.almond.consulting/windows-error-reporting-arbitrary-file-move-eop.htmlFinished. Found 6 potential...
DefenderCheck : Identifies The Bytes That Microsoft Defender Flags On
DefenderCheck quick tool to help make evasion work a little bit easier. Takes a binary as input and splits it until it pinpoints that exact byte that Microsoft Defender will flag on, and then prints those offending bytes to the screen. This can be helpful when trying to identify the specific bad pieces of code in your tool/payload. Note: Defender...
SharpGPOAbuse : Tool To Take Advantage Of A User’s Edit Rights On A Group Policy Object (GPO)
SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO. More details can be found at the following blog post: https://labs.mwrinfosecurity.com/tools/sharpgpoabuse Compile Instructions Make sure the necessary NuGet packages are installed properly and simply...
TUF : A Framework For Securing Software Update Systems
TUF is a repository is the reference implementation of The Update Framework (TUF). It is written in Python and intended to conform to version 1.0 of the TUF specification. This implementation is in use in production systems, but is also intended to be a readable guide and demonstration for those working on implementing TUF in their own languages, environments,...
SecretScanner : Find Secrets & Passwords In Container Images And File Systems
Deepfence SecretScanner can find any potential secrets in container images or file systems. What are Secrets? Secrets are any kind of sensitive or private data which gives authorized users permission to access critical IT infrastructure (such as accounts, devices, network, cloud based services), applications, storage, databases and other kinds of critical data for an organization. For example, passwords, AWS access IDs,...
