Gitls : Enumerate Git Repository URL From List Of URL / User / Org
Gitls tool is available when the repository, such as GitHub, is included in the bug bounty scope. Sometimes specified as an org name or user name rather than a specific repository, you can use this tool to extract url from all public repositories included in the org/user. This can be used for various actions such as scanning or cloning for...
Go-RouterSocks : Router Sock. One Port Socks For All The Others
Go-RouterSocks is a next step after compromising a machine is to enumerate the network behind. Many tools exist to expose a socks port on the attacker's machine and send all the traffic through a tunnel to the compromised machine. When several socks ports are available, we have to manage different proxychains configuration to choose the targeted network. This tool...
HiddenEyeReborn : HiddenEye With Completely New Codebase & Better Features Set
HiddenEyeReborn is my their try on doing multi-featured tool for human mistakes exploitation. Currently, HE: RE has mainly phishing features. But we are planning on adding more, you can follow development progress by looking at (REMIND ME TO DO ROADMAP) or Projects Tab on GitHub. Installation HE: RE is available on PyPI and can be installed using pip: pip install hiddeneye-reborn That's all...
SUB 404 : A Fast Tool To Check Subdomain Takeover Vulnerability
Sub 404 is a tool written in python which is used to check possibility of subdomain takeover vulnerability and it is fast as it is Asynchronous. Why? During recon process you might get a lot of subdomains(e.g more than 10k). It is not possible to test each manually or with traditional requests or urllib method as it is very slow. Using...
Procrustes : Script To Automates The Exfiltration Of Data Over DNS
Procrustes is a bash script that automates the exfiltration of data over dns in case we have a blind command execution on a server where all outbound connections except DNS are blocked. The script currently supports sh, bash and powershell and is compatible with exec style command execution (e.g. java.lang.Runtime.exec). Unstaged: Staged: For its operations, the script takes as input the command...
Chameleon : Customizable Honeypots For Monitoring Network Traffic
Chameleon is a customizable honeypots for monitoring network traffic, bots activities and usernamepassword credentials (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, RDP, VNC, SMB, SOCKS5, Redis, TELNET and Postgres and MySQL). Grafana Interface NMAP Scan Credentials Monitoring General Features Modular approach (honeypots run as scripts or imported as objects)Most honeypots serve as servers (Only a few that emulate the application layer protocols)Settings...
uEmu : Tiny Cute Emulator Plugin For IDA Based On Unicorn
uEmu is a tiny cute emulator plugin for IDA based on unicorn engine. Supports following architectures out of the box: x86, x64, ARM, ARM64, MIPS, MIPS64. What is it GOOD for? Emulate bare metal code (bootloaders, embedded firmware etc)Emulate standalone functions What is it BAD for? Emulate complex OS code (dynamic libraries, processes etc)Emulate code with many syscalls What can be improved? Find a way...
CertEagle : Asset Monitoring Utility
CertEagle is a asset monitoring utility using real time CT log feeds. In Bugbounties “If you are not first , then you are last” there is no such thing as silver or a bronze medal , Recon plays a very crucial part and if you can detect/Identify a newly added asset earlier than others then the chances of you Finding/Reporting...
SSRFuzz : A Tool To Find Server Side Request Forgery Vulnerabilities, With CRLF Chaining Capabilities
SSRFuzz is a tool to find Server Side Request Forgery vulnerabilities, with CRLF chaining capabilities. Why? I wanted to write a tool in Golang for concurrencyI wanted to fuzz parameters for SSRF vulnerablities, as well as fuzz both paths and parameters for CRLF injectionsI was inspired by Orange's work for chaining these types of vulnerabilities together (https://blog.orange.tw) Installation Run the following command to...
Is Kia Sportage Malaysia The Best SUV 2021
In Malaysia, Kia Sportage is offered in only two variants; Kia Sportage 2.0 EX at RM 123,480 and Kia Sportage 2.0D GT-LINE for RM 139,888. With Malaysia stocked with about 316 SUVs, analyzing those equivalent to the Sportage in terms of pricing is not only tricky but confusing. The design employed in every brand greatly differs from each other and...
