Ghost : An Android Post-Exploitation Framework
Ghost Framework is an Android post-exploitation framework that exploits the Android Debug Bridge to remotely access an Android device. Ghost Framework gives you the power and convenience of remote Android device administration. Getting Started Ghost installationGhost uninstallation Execution To run Ghost Framework you should execute the following command. ghost Why Ghost Framework? Simple and clear UX/UI. Ghost Framework has a simple and clear UX/UI. It is easy...
ToRat : A Remote Administration Tool Written In Go Using Tor As A Transport Mechanism & RPC For Communication
ToRat is a Cross Platform Remote Administration tool written in Go using Tor as its transport mechanism currently supporting Windows, Linux, MacOS clients. How to? TL;DR git clone https://github.com/lu4p/ToRat.git cd ./ToRat sudo docker build . -t torat sudo docker run -it -v "$(pwd)"/dist:/dist_ext torat Prerequisites Install Docker on Linuxubuntu https://docs.docker.com/install/linux/docker-ce/ubuntu/debian https://docs.docker.com/install/linux/docker-ce/debian/fedora https://docs.docker.com/install/linux/docker-ce/fedora/centos https://docs.docker.com/install/linux/docker-ce/centos/arch sudo pacman -s docker Install Clone this repo via git git clone https://github.com/lu4p/ToRat.git...
WSMan-WinRM : Scripts For Executing Remote Commands Over WinRM Using The WSMan.Automation COM Object
WSMan-WinRM is a collection of proof-of-concept source code and scripts for executing remote commands over WinRM using the WSMan.Automation COM object. Background For background information, please refer to the following blog post: WS-Management COM: Another Approach for WinRM Lateral Movement Notes SharpWSManWinRM.cs and CppWsManWinRM.cpp compile in Visual Studio 2019. Refer to the code comments for required imports/references/etc.All examples leverage the WMI Win32_Process class...
Stegseek : Worlds Fastest Steghide Cracker, Chewing Through Millions Of Passwords Per Second
Stegseek is a lightning fast steghide cracker that can be used to extract hidden data from files. It is built as a fork of the original steghide project and, as a result, it is thousands of times faster than other crackers and can run through the entirety of rockyou.txt* in under 2 seconds. Stegseek can also be used to extract...
Slipstreaming : NAT Slipstreaming Allows An Attacker To Remotely Access Any TCP/UDP Services
NAT Slipstreaming exploits the user's browser in conjunction with the Application Level Gateway (ALG) connection tracking mechanism built into NATs, routers, and firewalls by chaining internal IP extraction via timing attack or WebRTC, automated remote MTU and IP fragmentation discovery, TCP packet size massaging, TURN authentication misuse, precise packet boundary control, and protocol confusion through browser abuse. As it's...
Sak1to-Shell : Multi-threaded C2 Server & Reverse Shell Client Written In Pure C
Sak1to-Shell is a multi-threaded c2 server and reverse TCP shell client written in pure C (Windows). Command List list: list available connections.interact : interact with client.download : download a file from client.upload : upload a file to client.background: background client.exit: terminate client or server.cd : change directory on client Download
DarkSide : Tool Information Gathering And Social Engineering
DarkSide is a tool with an awesome user interface. Features Hacker Dashboard Hacker News New Exploits Hacking Tutorials Video The Latest Prices OF Digital Currencies Information Gathering Bypass Cloud FlareCms DetectTrace TouteReverse IPPort ScanIP location FinderShow HTTP HeaderFind Shared DNSWhoisDNS Lookup Exploits Reference exploit-db.com Social Engineering Get system Information with linkScreen Captrue With LinkPlay Sound With Link Installation On Windows $ Download https://github.com/Ultrasecurity/DarkSide$ cd DarkSide$ python -m pip install...
Restler Fuzzer : API Fuzzing Tool For Automatically Testing Cloud Services
RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services. For a given cloud service with an OpenAPI/Swagger specification, RESTler analyzes its entire specification, and then generates and executes tests that exercise the service through its REST API. RESTler intelligently infers producer-consumer dependencies...
Depix : Recovers Passwords From Pixelized Screenshots
Depix is a tool for recovering passwords from pixelized screenshots. This implementation works on pixelized images that were created with a linear box filter. In this article I cover background information on pixelization and similar research. Example python depix.py -p images/testimages/testimage3_pixels.png -s images/searchimages/debruinseq_notepad_Windows10_closeAndSpaced.png -o output.png Usage Cut out the pixelated blocks from the screenshot as a single rectangle.Paste a De Bruijn sequence with expected...
Js-X-Ray : JavaScript & Node.js Open-Source SAST Scanner
Js-X-Ray is a JavaScript AST analysis. This package has been created to export the Node-Secure AST Analysis to enable better code evolution and allow better access to developers and researchers. The goal is to quickly identify dangerous code and patterns for developers and Security researchers. Interpreting the results of this tool will still require you to have a set of...
