Essential Tools and Apps for Linux Users in 2021
Linux doesn’t have the huge popularity that Microsoft and Apple enjoy with their operating systems. But it still has a sizeable and very loyal following, especially among techies. Linux is an alternative operating system with a great focus on stability and excellent applications. Many of these are often open-source applications and can be accessed free of cost. Given the...
Maigret : OSINT Username Checker
Purpose of Maigret - collect a dossier on a person by username only, checking for accounts on a huge number of sites. This is a sherlock fork with cool features under heavy development. Don't forget to regularly update source code from repo. Currently supported more than 2000 sites (full list), by default search is launched against 500 popular sites in descending...
Watson : Enumerate Missing KBs & Suggest Exploits For Useful Privilege Escalation Vulnerabilities
Watson is a .NET tool designed to enumerate missing KBs and suggest exploits for Privilege Escalation vulnerabilities. Supported Versions Windows 10 1507, 1511, 1607, 1703, 1709, 1803, 1809, 1903, 1909, 2004Server 2016 & 2019 Usage - OS Build Number: 14393>>Enumerating installed KBs…- CVE-2019-0836 : VULNERABLE>>https://exploit-db.com/exploits/46718>>https://decoder.cloud/2019/04/29/combinig-luafv-postluafvpostreadwrite-race-condition-pe-with-diaghub-collector-exploit-from-standard-user-to-system/- CVE-2019-0841 : VULNERABLE>>https://github.com/rogue-kdc/CVE-2019-0841>>https://rastamouse.me/tags/cve-2019-0841/- CVE-2019-1064 : VULNERABLE>>https://www.rythmstick.net/posts/cve-2019-1064/- CVE-2019-1130 : VULNERABLE>>https://github.com/S3cur3Th1sSh1t/SharpByeBear- CVE-2019-1253 : VULNERABLE>>https://github.com/padovah4ck/CVE-2019-1253- CVE-2019-1315 : VULNERABLE>>https://offsec.almond.consulting/windows-error-reporting-arbitrary-file-move-eop.htmlFinished. Found 6 potential...
DefenderCheck : Identifies The Bytes That Microsoft Defender Flags On
DefenderCheck quick tool to help make evasion work a little bit easier. Takes a binary as input and splits it until it pinpoints that exact byte that Microsoft Defender will flag on, and then prints those offending bytes to the screen. This can be helpful when trying to identify the specific bad pieces of code in your tool/payload. Note: Defender...
SharpGPOAbuse : Tool To Take Advantage Of A User’s Edit Rights On A Group Policy Object (GPO)
SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO. More details can be found at the following blog post: https://labs.mwrinfosecurity.com/tools/sharpgpoabuse Compile Instructions Make sure the necessary NuGet packages are installed properly and simply...
TUF : A Framework For Securing Software Update Systems
TUF is a repository is the reference implementation of The Update Framework (TUF). It is written in Python and intended to conform to version 1.0 of the TUF specification. This implementation is in use in production systems, but is also intended to be a readable guide and demonstration for those working on implementing TUF in their own languages, environments,...
SecretScanner : Find Secrets & Passwords In Container Images And File Systems
Deepfence SecretScanner can find any potential secrets in container images or file systems. What are Secrets? Secrets are any kind of sensitive or private data which gives authorized users permission to access critical IT infrastructure (such as accounts, devices, network, cloud based services), applications, storage, databases and other kinds of critical data for an organization. For example, passwords, AWS access IDs,...
InveighZero : Windows C# LLMNR/mDNS/NBNS/DNS/DHCPv6 Spoofer/Man-In-The-Middle Tool
InveighZero is a C# LLMNR/NBNS/mDNS/DNS/DHCPv6 spoofer and man-in-the-middle tool designed to assist penetration testers/red teamers that find themselves limited to a Windows system. This version shares many features with the PowerShell version of Inveigh. Privileged Mode Features (elevated admin required) SMB capture - packet sniffer basedLLMNR spoofer - packet sniffer basedNBNS spoofer - packet sniffer basedmDNS spoofer - packet sniffer basedDNS...
ClearURLs : Automatically Remove Tracking Elements From URLs
ClearURLs is an add-on based on the new WebExtensions technology and is optimized for Firefox and Chrome based browsers. This extension will automatically remove tracking elements from URLs to help protect your privacy when browse through the Internet, which is regularly updated by us and can be found here. Application Many websites use tracking elements in the URL (e.g. https://example.com?utm_source=newsletter1&utm_medium=email&utm_campaign=sale) to mark...
Android_Hid : Use Android As Rubber Ducky Against Another Android Device
Android_Hid is a tool used by android as Rubber Ducky against targeted Android device or PC. HID Attack Using Android Using Android as Rubber Ducky against Android or Windows. This is not a new technique, just a demo how to perform HID attack using Android instead of rubber ducky. For targeted Android device it is not necessary to be rooted, have...
