Linux Evil Toolkit For Pentest Professionals
Linux evil toolkit is a framework that aims to centralize, standardize and simplify the use of various security tools for pentest professionals. LETK (Linux evil toolkit) has few simple commands, one of which is the INIT that allows you to define a target, and thus use all the tools without typing anything else. Is LETK better than setoolkit? Yes and...
ScriptHunter : Tool To Find JavaScript Files On Websites
Scripthunter is a tool that finds javascript files for a given website. To scan Google, simply run ./scripthunter.sh https://google.com. Note that it may take a while, which is why scripthunter also implements a notification mechanism to inform you when a scan is finished via Telegram API. Blogpost Setup To install scripthunter, clone this repository. Scripthunter relies on a couple of tools...
Fama : Forensic Analysis For Mobile Apps
Fama is a tool for android extraction and analysis framework with an integrated Autopsy Module. Dump easily user data from a device and generate powerful reports for Autopsy or external applications. Functionalities Extract user application data from an Android device with ADB (root and ADB required).Dump user data from an android image or mounted path.Easily build modules for a specific Android...
Leonidas : Automated Attack Simulation In The Cloud, Complete With Detection Use Cases
This is the repository containing Leonidas, a framework for executing attacker actions in the cloud. It provides a YAML-based format for defining cloud attacker tactics, techniques and procedures (TTPs) and their associated detection properties. These definitions can then be compiled into: A web API exposing each test case as an individual endpointSigma rules (https://github.com/Neo23x0/sigma) for detectionDocumentation - see http://detectioninthe.cloud/ for...
NFCGate : An NFC Research Toolkit Application For Android
NFCGate is an Android application meant to capture, analyze, or modify NFC traffic. It can be used as a researching tool to reverse engineer protocols or assess the security of protocols against traffic modifications. Features On-device capture: Captures NFC traffic sent and received by other applications running on the device.Relay: Relays NFC traffic between two devices using a server. One device...
Py3webfuzz : A Python3 Module To Assist In Fuzzing Web Applications
Based on pywebfuzz, Py3webfuzz is a Python3 module to assist in the identification of vulnerabilities in web applications, Web Services through brute force, fuzzing and analysis. The module does this by providing common testing values, generators and other utilities that would be helpful when fuzzing web applications, API endpoints and developing web exploits. It has the fuzzdb and some other...
PCWT : A Web Application That Makes It Easy To Run Your Pentest & Bug Bounty Projects
PCWT is a web application that makes it easy to run your pentest and bug bounty projects. The app provides a convenient web interface for working with various types of files that are used during the pentest, automate port scan and subdomain search. Port Scan You can scan ports using nmap or masscan. The nmap is started with the following arguments: nmap...
Get Sassy About SASE – Avoid The Dangers of Watering Hole Attacks!
During the dry season on the plains of Africa, water is scarce. Wild animals will flock to any place where they can get a drink - like a watering hole. But at the same time as saving their lives, coming to the watering hole also threatens their existence. Predatory animals like lions know that other beasts have to come...
Threagile : Agile Threat Modeling Toolkit
Threagile (see https://threagile.io for more details) is an open-source toolkit for agile threat modeling: It allows to model an architecture with its assets in an agile fashion as a YAML file directly inside the IDE. Upon execution of the Threagile toolkit all standard risk rules (as well as individual custom rules if present) are checked against the architecture model. Execution via...
Tempomail : Generate A Custom Email Address In 1 Second And Receive Emails
Tempomail is a standalone binary that allows you to create a temporary email address in 1 Second and receive emails. It uses 1secmail's API. No dependencies required! Installation From Binary Download the pre-built binaries for different platforms from the releases page. Extract them using tar, move it to your $PATH and you're ready to go. # download release from https://github.com/kavishgr/tempomail/releases/ # tar -xzvf...
