Wave-Share : Serverless, Peer-To-Peer, Local File Sharing Through Sound
A proof-of-concept for WebRTC signaling using sound. Works with all devices that have microphone + speakers. Runs in the browser. Nearby devices negotiate the WebRTC connection by exchanging the necessary Session Description Protocol (SDP) data via a sequence of audio tones. Upon successful negotiation, a local WebRTC connection is established between the browsers allowing data to be exchanged via LAN. See...
GitJacker : Leak Git Repositories From Misconfigured Websites
Gitjacker downloads git repositories and extracts their contents from sites where the .git directory has been mistakenly uploaded. It will still manage to recover a significant portion of a repository even where directory listings are disabled. For educational/penetration testing use only. More information at https://liam-galvin.co.uk/security/2020/09/26/leaking-git-repos-from-misconfigured-sites.html Installation curl -s "https://raw.githubusercontent.com/liamg/gitjacker/master/scripts/install.sh" | bash ...or grab a precompiled binary. You will need to have git installed to use...
NashaVM : A Virtual Machine For .NET Files & Its Runtime Was Made In C++/CLI
Nasha is a Virtual Machine for .NET files and its runtime was made in C++/CLI Installation git clone https://github.com/Mrakovic-ORG/NashaVM --recurse cd NashaVMNashaVM nuget restore msbuild Dependencies dnlib.NET Framework 4.0Visual C++ Redistrutable Known Issues Incompatible with Linux based OS FAQ What is this project for?This project is made to protect and hide managed opcodes inside a mixed engine to make it harder for reverse engineers to view or...
SwiftBelt : A macOS Enumeration Tool Inspired By Harmjoy’S Windows
SwiftBelt is a macOS enumerator inspired by @harmjoy's Windows-based Seatbelt enumeration tool. SwiftBelt does not utilize any command line utilities and instead uses Swift code (leveraging the Cocoa Framework, Foundation libraries, OSAKit libraries, etc.) to perform system enumeration. This can be leveraged on the offensive side to perform enumeration once you gain access to a macOS host. I intentionally...
C41N : An Automated Rogue Access Point Setup Tool
c41n is an automated Rogue Access Point setup tool. c41n provides automated setup of several types of Rogue Access Points, and Evil Twin attacks. It sets up an access point with user defined characteristics (interface, name and channel for the access point), sets up DHCP server for the access point, and provides user with abilities of HTTP traffic sniffing,...
vPrioritizer : Tool To Understand The Contextualized Risk (vPRisk)
As indicated by sources like vulndb & cve, on a daily basis, approximately 50 new vulnerabilities become known to industry and it’s safe to assume that count is going to increase furthermore. It’s a huge number of vulnerabilities to assess and remediate effectively and quickly. So today organizations are focusing (or should focus) on reducing the risk rather than...
CSRFER : Tool To Generate CSRF Payloads Based On Vulnerable Requests
CSRFER is a tool to generate csrf payloads, based on vulnerable requests. It parses supplied requests to generate either a form or a fetch request. The payload can then be embedded in an html template. Installation npm install -g csrfer Usage Usage: csrfer Options:--version Show version number-r, --request Path to the request file to be used-m, --mode Mode to generate the code. Available...
GHunt : Tool To Extract Information From Google Account
GHunt is an OSINT tool to extract information from any Google Account using an email. It can currently extract: Owner's nameLast time the profile was editedGoogle IDIf the account is a Hangouts BotActivated Google services (YouTube, Photos, Maps, News360, Hangouts, etc.)Possible YouTube channelPossible other usernamesPublic photos (P)Phones models (P)Phones firmwares (P)Installed softwares (P)Google Maps reviews (M)Possible physical location (M) The features marked...
How much do Background Checks know About You?
With an increasing demand for background checks to be completed before signing most major contracts (like employment, renting a property, or even dating someone), it seems our information is constantly under review or consideration. But for the average individual, the thought of others uncovering our information can be daunting. Knowing what information is included in the report can help...
Lockphish : The First Tool For Phishing Attacks
Lockphish it's the first tool (07/04/2020) for phishing attacks on the lock screen, designed to grab Windows credentials, Android PIN and iPhone Passcode using a https link. Features Lockscreen phishing page for Windows, Android and iPhoneAuto detect devicePort Forwarding by NgrokIP Tracker Usage git clone https://github.com/kali-linux-tutorial/lockphishcd lockphishbash lockphish.sh Conclusion This is a great phishing tool which you use in your android system al well as...
