Fawkes : Tool To Search For Targets Vulnerable To SQL Injection
Fawkes is a tool to search for targets vulnerable to SQL Injection. Performs the search using Google search engine. Options -q, --query - Dork that will be used in the search engine.-r, --results - Number of results brought by the search engine.-s, --start-page - Home page of search results.-t, --timeout - Timeout of requests.-v, --verbose - Enable verbosity. Examples python3 fawkes.py --query 'noticias.php?id=10'...
Bheem : Tool To Carry Out Various Tools And Recon Process
Project Bheem is a simple collection of small bash-scripts which runs iteratively to carry out various tools and recon process & store output in an organized way. This project was created initially for automation of Recon for personal usage and was never meant to be public as there is nothing fancy about it but due to request by community,...
Bento : A Minimal Fedora-Based Container For Penetration Tests
A bento (弁当, bentō) is a single-portion take-out or home-packed meal of Japanese origin. Bento Toolkit is a simple and minimal docker container for penetration testers and CTF players. It has the portability of Docker with the addition of X, so you can also run GUI application (like burp). Prerequisites To run bento you need Docker and a Xorg server on your...
Scilla : Information Gathering Tool (DNS/Subdomain/Port Enumeration)
Scilla is a information gathering tool (DNS/Subdomain/Port Enumeration). Installation First of all, clone the repo locally git clone https://github.com/edoardottt/scilla.git Scilla has external dependencies, so they need to be pulled in: go get Linux (Requires high perms, run with sudo) make linuxmake unlinux Windows (executable works only in scilla folder. Alias?) make windowsmake unwindowsmake fmt run the golang formatter.make update Update.make remod Remod.make test runs the tests. Get Started scilla help...
Freki : Malware Analysis Platform
Freki is a free and open-source malware analysis platform. Goals Facilitate malware analysis and reverse engineering;Provide an easy-to-use REST API for different projects;Easy deployment (via Docker);Allow the addition of new features by the community. Current Features Hash extraction.VirusTotal API queries.Static analysis of PE files (headers, sections, imports, capabilities, and strings).Pattern matching with Yara.Web interface and REST API.User management.Community comments.Download samples. Check our online documentation...
Ghost : An Android Post-Exploitation Framework
Ghost Framework is an Android post-exploitation framework that exploits the Android Debug Bridge to remotely access an Android device. Ghost Framework gives you the power and convenience of remote Android device administration. Getting Started Ghost installationGhost uninstallation Execution To run Ghost Framework you should execute the following command. ghost Why Ghost Framework? Simple and clear UX/UI. Ghost Framework has a simple and clear UX/UI. It is easy...
ToRat : A Remote Administration Tool Written In Go Using Tor As A Transport Mechanism & RPC For Communication
ToRat is a Cross Platform Remote Administration tool written in Go using Tor as its transport mechanism currently supporting Windows, Linux, MacOS clients. How to? TL;DR git clone https://github.com/lu4p/ToRat.git cd ./ToRat sudo docker build . -t torat sudo docker run -it -v "$(pwd)"/dist:/dist_ext torat Prerequisites Install Docker on Linuxubuntu https://docs.docker.com/install/linux/docker-ce/ubuntu/debian https://docs.docker.com/install/linux/docker-ce/debian/fedora https://docs.docker.com/install/linux/docker-ce/fedora/centos https://docs.docker.com/install/linux/docker-ce/centos/arch sudo pacman -s docker Install Clone this repo via git git clone https://github.com/lu4p/ToRat.git...
WSMan-WinRM : Scripts For Executing Remote Commands Over WinRM Using The WSMan.Automation COM Object
WSMan-WinRM is a collection of proof-of-concept source code and scripts for executing remote commands over WinRM using the WSMan.Automation COM object. Background For background information, please refer to the following blog post: WS-Management COM: Another Approach for WinRM Lateral Movement Notes SharpWSManWinRM.cs and CppWsManWinRM.cpp compile in Visual Studio 2019. Refer to the code comments for required imports/references/etc.All examples leverage the WMI Win32_Process class...
Stegseek : Worlds Fastest Steghide Cracker, Chewing Through Millions Of Passwords Per Second
Stegseek is a lightning fast steghide cracker that can be used to extract hidden data from files. It is built as a fork of the original steghide project and, as a result, it is thousands of times faster than other crackers and can run through the entirety of rockyou.txt* in under 2 seconds. Stegseek can also be used to extract...
Slipstreaming : NAT Slipstreaming Allows An Attacker To Remotely Access Any TCP/UDP Services
NAT Slipstreaming exploits the user's browser in conjunction with the Application Level Gateway (ALG) connection tracking mechanism built into NATs, routers, and firewalls by chaining internal IP extraction via timing attack or WebRTC, automated remote MTU and IP fragmentation discovery, TCP packet size massaging, TURN authentication misuse, precise packet boundary control, and protocol confusion through browser abuse. As it's...
