Fama : Forensic Analysis For Mobile Apps
Fama is a tool for android extraction and analysis framework with an integrated Autopsy Module. Dump easily user data from a device and generate powerful reports for Autopsy or external applications. Functionalities Extract user application data from an Android device with ADB (root and ADB required).Dump user data from an android image or mounted path.Easily build modules for a specific Android...
Leonidas : Automated Attack Simulation In The Cloud, Complete With Detection Use Cases
This is the repository containing Leonidas, a framework for executing attacker actions in the cloud. It provides a YAML-based format for defining cloud attacker tactics, techniques and procedures (TTPs) and their associated detection properties. These definitions can then be compiled into: A web API exposing each test case as an individual endpointSigma rules (https://github.com/Neo23x0/sigma) for detectionDocumentation - see http://detectioninthe.cloud/ for...
NFCGate : An NFC Research Toolkit Application For Android
NFCGate is an Android application meant to capture, analyze, or modify NFC traffic. It can be used as a researching tool to reverse engineer protocols or assess the security of protocols against traffic modifications. Features On-device capture: Captures NFC traffic sent and received by other applications running on the device.Relay: Relays NFC traffic between two devices using a server. One device...
Py3webfuzz : A Python3 Module To Assist In Fuzzing Web Applications
Based on pywebfuzz, Py3webfuzz is a Python3 module to assist in the identification of vulnerabilities in web applications, Web Services through brute force, fuzzing and analysis. The module does this by providing common testing values, generators and other utilities that would be helpful when fuzzing web applications, API endpoints and developing web exploits. It has the fuzzdb and some other...
PCWT : A Web Application That Makes It Easy To Run Your Pentest & Bug Bounty Projects
PCWT is a web application that makes it easy to run your pentest and bug bounty projects. The app provides a convenient web interface for working with various types of files that are used during the pentest, automate port scan and subdomain search. Port Scan You can scan ports using nmap or masscan. The nmap is started with the following arguments: nmap...
Get Sassy About SASE – Avoid The Dangers of Watering Hole Attacks!
During the dry season on the plains of Africa, water is scarce. Wild animals will flock to any place where they can get a drink - like a watering hole. But at the same time as saving their lives, coming to the watering hole also threatens their existence. Predatory animals like lions know that other beasts have to come...
Threagile : Agile Threat Modeling Toolkit
Threagile (see https://threagile.io for more details) is an open-source toolkit for agile threat modeling: It allows to model an architecture with its assets in an agile fashion as a YAML file directly inside the IDE. Upon execution of the Threagile toolkit all standard risk rules (as well as individual custom rules if present) are checked against the architecture model. Execution via...
Tempomail : Generate A Custom Email Address In 1 Second And Receive Emails
Tempomail is a standalone binary that allows you to create a temporary email address in 1 Second and receive emails. It uses 1secmail's API. No dependencies required! Installation From Binary Download the pre-built binaries for different platforms from the releases page. Extract them using tar, move it to your $PATH and you're ready to go. # download release from https://github.com/kavishgr/tempomail/releases/ # tar -xzvf...
Kraken : Cross Platform Yara Scanner Written In Go
Kraken is a simple cross-platform Yara scanner that can be built for Windows, Mac, FreeBSD and Linux. It is primarily intended for incident response, research and ad-hoc detections (not for endpoint protection). Following are the core features: Scan running executables and memory of running processes with provided Yara rules (leveraging go-yara).Scan executables installed for autorun (leveraging go-autoruns).Scan the filesystem with...
SwiftyInsta : Instagram Unofficial Private API Swift
Instagram offers two kinds of APIs to developers. The Instagram API Platform (extremely limited in functionality and close to being discontinued), and the Instagram Graph API for Business and Creator accounts only. However, Instagram apps rely on a third type of API, the so-called Private API or Unofficial API, and SwiftyInsta is an iOS, macOS, tvOS and watchOS client for...
