NoSQLi : NoSql Injection CLI Tool
NoSQL1 is a NoSQL scanner and injector. I wanted a better nosql injection tool that was simple to use, fully command line based, and configurable. To that end, I began work on nosqli - a simple nosql injection tool written in Go. It aims to be fast, accurate, and highly usable, with an easy to understand command line interface. Features Nosqli currently...
SSJ : Linux Distribution Gone Super Saiyan
SSJ is a silly little script that makes use of Docker installed on your everyday Linux distribution (Ubuntu, Debian, etc.) and magically arms it with hundreds of penetration testing and forensics tools. All of these run with almost native performance (as containers utilize the host operating system's kernel) and thus is a slightly better alternative to Virtual Machines in...
Taken : Takeover AWS IPS & Have A Working POC For Subdomain Takeover
Taken is a tool to takeover AWS ips and have a working POC for Subdomain Takeover. Idea is simple Get subdomains.Do reverse lookups to only save AWS ips.Restart EC2 instance every min. and public ip gets rotated on each restart. Match it with your existing list of subdomain ips and you have a working subdomain takeover POC.Notify via email as...
Simple Live Data Collection
Simple Live Data Collection. How it works? Build serverConnect with admin and client to serverTo collect information, send the request to the server through the admin, and then to the client Installation git clone https://github.com/LetsDefend/Simple-Live-Data-Collection Server cd server python main.py Admin cd admin python main.py Client cd client python main.py Change the "HOST" variable in main.py file Screenshots Download
TheCl0n3r : Tool To Download & Manage Your Git Repositories
TheCl0n3r will allow you to download and manage your git repositories. About 90% of the penetration testing tools used in my experience can be found primarily on github. The aim of this was to make it easier to download, update and delete these git repositories. If moving to a new testing system, make it simpler to transfer the same...
Wave-Share : Serverless, Peer-To-Peer, Local File Sharing Through Sound
A proof-of-concept for WebRTC signaling using sound. Works with all devices that have microphone + speakers. Runs in the browser. Nearby devices negotiate the WebRTC connection by exchanging the necessary Session Description Protocol (SDP) data via a sequence of audio tones. Upon successful negotiation, a local WebRTC connection is established between the browsers allowing data to be exchanged via LAN. See...
GitJacker : Leak Git Repositories From Misconfigured Websites
Gitjacker downloads git repositories and extracts their contents from sites where the .git directory has been mistakenly uploaded. It will still manage to recover a significant portion of a repository even where directory listings are disabled. For educational/penetration testing use only. More information at https://liam-galvin.co.uk/security/2020/09/26/leaking-git-repos-from-misconfigured-sites.html Installation curl -s "https://raw.githubusercontent.com/liamg/gitjacker/master/scripts/install.sh" | bash ...or grab a precompiled binary. You will need to have git installed to use...
NashaVM : A Virtual Machine For .NET Files & Its Runtime Was Made In C++/CLI
Nasha is a Virtual Machine for .NET files and its runtime was made in C++/CLI Installation git clone https://github.com/Mrakovic-ORG/NashaVM --recurse cd NashaVMNashaVM nuget restore msbuild Dependencies dnlib.NET Framework 4.0Visual C++ Redistrutable Known Issues Incompatible with Linux based OS FAQ What is this project for?This project is made to protect and hide managed opcodes inside a mixed engine to make it harder for reverse engineers to view or...
SwiftBelt : A macOS Enumeration Tool Inspired By Harmjoy’S Windows
SwiftBelt is a macOS enumerator inspired by @harmjoy's Windows-based Seatbelt enumeration tool. SwiftBelt does not utilize any command line utilities and instead uses Swift code (leveraging the Cocoa Framework, Foundation libraries, OSAKit libraries, etc.) to perform system enumeration. This can be leveraged on the offensive side to perform enumeration once you gain access to a macOS host. I intentionally...
C41N : An Automated Rogue Access Point Setup Tool
c41n is an automated Rogue Access Point setup tool. c41n provides automated setup of several types of Rogue Access Points, and Evil Twin attacks. It sets up an access point with user defined characteristics (interface, name and channel for the access point), sets up DHCP server for the access point, and provides user with abilities of HTTP traffic sniffing,...
.webp "CookieKatz – Advanced Cookie Extraction For Chrome And Edge Browsers")
