.webp "How To Install/Run – Streamlining OSINT Workflows For Enhanced Capabilities")
MSOLSpray : A Password Spraying Tool For Microsoft Online Accounts
MSOLSpray is a password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid, if MFA is enabled on the account, if a tenant doesn't exist, if a user doesn't exist, if the account is locked, or if the account is disabled. Why Another Spraying Tool? Yes, I realize there are other password spraying tools...
Git-Hound : PinPoints Exposed API Keys On GitHub Using Pattern Matching
A batch-catching, pattern-matching, patch-attacking secret snatcher. GitHound pinpoints exposed API keys on GitHub using pattern matching, commit history searching, and a unique result scoring system. A batch-catching, pattern-matching, patch-attacking secret snatcher. Features GitHub/Gist code searching. This enables GitHound to locate sensitive information exposed across all of GitHub, uploaded by any user.Generic API key detection using pattern matching, context, and Shannon entropy.Commit...
How to Send a PDF to a Fax Machine Easily Quickly and Securely?
Do you want to send a PDF to a fax machine? You will need online fax services to manage transmission of important documents. CocoFax and other online fax apps can help you to manage this transmission. With online fax apps, you can use your smartphone as a virtual fax machine. See some best fax apps that will help you to send a...
DNSteal : DNS Exfiltration Tool For Stealthily Sending Files Over DNS Requests
DNSteal is a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests. Below are a couple of different images showing examples of multiple file transfer and single verbose file transfer: Support for multiple filesGzip compression supportedNow supports the customisation of subdomains and bytes per subdomain and the length of filename See help below: Also...
OSSEM : Open Source Security Events Metadata
The Open Source Security Events Metadata (OSSEM) is a community-led project that focuses primarily on the documentation and standardization of security event logs from diverse data sources and operating systems. Security events are documented in a dictionary format and can be used as a reference for projects like the ThreatHunter-Playbook while mapping data sources to data analytics used to validate...
AngrgDB : Use Angr Inside GDB
AngrgDB use angr inside GDB. Create an angr state from the current debugger state. Install pip install angrgdb echo "python import angrgdb.commands" >> ~/.gdbinit Usage AngrgDB implements the angrdbg API in GDB. You can use it in scripts like this: from angrgdb import *gdb.execute("b *0x004005f9")gdb.execute("r aaaaaaaa")sm = StateManager()sm.sim(sm, 100)m = sm.simulation_manager()m.explore(find=0x00400607, avoid=0x00400613)sm.to_dbg(m.found) #write input to GDBgdb.execute("x/s $rax")#0x7fffffffe768: "ais3{I_tak3_g00d_n0t3s}"gdb.execute("c")#Correct! that is the secret key! You can also...
SSHPry V2 – Spy & Control OS SSH Connected Client’s TTY
This is a second release of SSHPry tool, with multiple features added. Control of target's TTYBuilt-In KeyloggerConsole-Level phishingRecord & Replay previous sessions I always curious about what can be done after you somehow got root and already talked about some techniques of post exploitation with highly privileged accounts: SSH SnoopingRDP Session Hijacking Also Read - One-Lin3r : Gives You One Liners That Aids...
HikPwn : Simple Scanner For Hikvision Devices With Basic Vulnerability Scanning
HikPwn, a simple scanner for Hikvision devices with basic vulnerability scanning capabilities written in Python 3.8. This project was born out of curiosity while I was capturing and watching network traffic generated by some Hikvision's software and devices. Setup Instructions git clone https://github.com/4n4nk3/HikPwn.gitcd HikPwnpip install -r requirements.txt Tested On Python 3.8 on Linux 4.19 x86_64 Functions & Characteristics Passive discovery of Hikvision devices.Active discovery and...
Sandcastle : A Python Script For AWS S3 Bucket Enumeration
Inspired by a conversation with Instacart's @nickelser on HackerOne, I've optimized and published Sandcastle – a Python script for AWS S3 bucket enumeration, formerly known as bucketCrawler. The script takes a target's name as the stem argument (e.g. shopify) and iterates through a file of bucket name permutations, such as the ones below: -training -bucket -dev -attachments -photos -elasticsearch Getting...
TweetShell : Multi-Thread Twitter BruteForcer In Shell Script
Tweetshell is an Shell Script to perform multi-threaded brute force attack against Twitter, this script can bypass login limiting and it can test infinite number of passwords with a rate of +400 passwords/min using 20 threads. Multi-thread Twitter BruteForcer in Shell Script. Features Multi-thread (400 pass/min, 20 threads)Save/Resume sessionsAnonymous attack through TORDefault password list (best +39k 8 letters)Check valid usernameCheck and...
