Confused : Tool To Check For Dependency Confusion Vulnerabilities
Confused is a tool for checking for lingering free namespaces for private package names referenced in dependency configuration for Python (pypi) requirements.txt, JavaScript (npm) package.json, PHP (composer) composer.json or MVN (maven) pom.xml. What is this all about? On 9th of February 2021, a security researcher Alex Birsan published an article that touched different resolve order flaws in dependency management tools present...
DLLHSC : DLL Hijack SCanner A Tool To Assist With The Discovery
DLLHSC(DLL Hijack SCanner) is a tool to generate leads and automate the discovery of candidates for DLL Search Order Hijacking. Contents Of This Repository This repository hosts the Visual Studio project file for the tool (DLLHSC), the project file for the API hooking functionality (detour), the project file for the payload and last but not least the compiled executables for x86...
PowerSharpPack : Offensive CSharp Projects Wraped Into Powershell
PowerSharpPack is a tool with many useful offensive CSharp Projects warped into Powershell for easy usage. Why? In my personal opinion offensive Powershell is not dead because of AMSI, Script-block-logging, Constrained Language Mode or other protection features. Any of these mechanisms can be bypassed. Since most new innovative offensive security projects are written in C# I decided to make them...
Girsh : Automatically Spawn A Reverse Shell Fully Interactive
With Girsh, just run it and it will detect the OS and execute the correct commands to upgrade it to a full interactive reverse shell. For a Linux Get the terminal's sizeSpawn a tty using python2.7, python3 and pythonChange the terminal as raw For a Windows Dowload ConPTY on the same machine and same port as the reverse shell serverListen for getting the...
HTTP_Bridge : Send TCP Stream Packets Over Simple HTTP Request
HTTP_Bridge is a tool used for compouned of two parts, the server and a client. Server The server is just a php file with some logic to keep a stateful connections using tcp sockets, and handle the incomming http requests; by now this logic only works over linux servers. I've test it with apache+mod_php, nginx+php-fpm and the built-in php server (php -S) Client The...
Gitls : Enumerate Git Repository URL From List Of URL / User / Org
Gitls tool is available when the repository, such as GitHub, is included in the bug bounty scope. Sometimes specified as an org name or user name rather than a specific repository, you can use this tool to extract url from all public repositories included in the org/user. This can be used for various actions such as scanning or cloning for...
Go-RouterSocks : Router Sock. One Port Socks For All The Others
Go-RouterSocks is a next step after compromising a machine is to enumerate the network behind. Many tools exist to expose a socks port on the attacker's machine and send all the traffic through a tunnel to the compromised machine. When several socks ports are available, we have to manage different proxychains configuration to choose the targeted network. This tool...
HiddenEyeReborn : HiddenEye With Completely New Codebase & Better Features Set
HiddenEyeReborn is my their try on doing multi-featured tool for human mistakes exploitation. Currently, HE: RE has mainly phishing features. But we are planning on adding more, you can follow development progress by looking at (REMIND ME TO DO ROADMAP) or Projects Tab on GitHub. Installation HE: RE is available on PyPI and can be installed using pip: pip install hiddeneye-reborn That's all...
SUB 404 : A Fast Tool To Check Subdomain Takeover Vulnerability
Sub 404 is a tool written in python which is used to check possibility of subdomain takeover vulnerability and it is fast as it is Asynchronous. Why? During recon process you might get a lot of subdomains(e.g more than 10k). It is not possible to test each manually or with traditional requests or urllib method as it is very slow. Using...
Procrustes : Script To Automates The Exfiltration Of Data Over DNS
Procrustes is a bash script that automates the exfiltration of data over dns in case we have a blind command execution on a server where all outbound connections except DNS are blocked. The script currently supports sh, bash and powershell and is compatible with exec style command execution (e.g. java.lang.Runtime.exec). Unstaged: Staged: For its operations, the script takes as input the command...
