.webp "How To Install/Run – Streamlining OSINT Workflows For Enhanced Capabilities")
NFStream : A Flexible Network Data Analysis Framework
NFStream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework...
WhatTheHack : A Collection Of Challenge Based Hack
WhattheHack is a challenge based hackathon format. A collection of challenge based hack-a-thons including student guide, proctor guide, lecture presentations, sample/instructional code and templates. What, Why and How "What the Hack" is a challenge based hackathon formatChallenges describe high-level tasks and goals to be accomplishedChallenges are not step-by-step labsAttendees work in teams of 3 to 5 people to solve the...
OpenSK : Open-Source Implementation For Security Keys
OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standard. This repository contains a Rust implementation of a FIDO2 authenticator. We developed this as a Tock OS application and it has been successfully tested on the following boards: Nordic nRF52840-DKNordic nRF52840-dongle FIDO2 Although we tested and implemented our firmware based on the published CTAP2.0 specifications, our implementation was...
Injectus : CRLF & Open Redirect Fuzzer
Injectus is a simple python tool that goes through a list of URLs trying CRLF and open redirect payloads. Design If we have the following URL: https://dubell.io/?param1=value1&url=value2¶m3=value3 For CRLF attacks, Injectus will inject every payload once into the value of one parameter, for every n parameters. For example, Injectus will create the following list with the URL above: https://dubell.io/?param1=%%0a0abounty:strike&url=value2¶m3=value3https://dubell.io/?param1=%0abounty:strike&url=value2¶m3=value3https://dubell.io/?param1=%0d%0abounty:strike&url=value2¶m3=value3https://dubell.io/?param1=%0dbounty:strike&url=value2¶m3=value3https://dubell.io/?param1=%23%0dbounty:strike&url=value2¶m3=value3https://dubell.io/?param1=%25%30%61bounty:strike&url=value2¶m3=value3https://dubell.io/?param1=%25%30abounty:strike&url=value2¶m3=value3https://dubell.io/?param1=%250abounty:strike&url=value2¶m3=value3https://dubell.io/?param1=%25250abounty:strike&url=value2¶m3=value3https://dubell.io/?param1=%3f%0dbounty:strike&url=value2¶m3=value3https://dubell.io/?param1=%u000abounty:strike&url=value2¶m3=value3https://dubell.io/?param1=value1&url=%%0a0abounty:strike¶m3=value3https://dubell.io/?param1=value1&url=%0abounty:strike¶m3=value3https://dubell.io/?param1=value1&url=%0d%0abounty:strike¶m3=value3https://dubell.io/?param1=value1&url=%0dbounty:strike¶m3=value3https://dubell.io/?param1=value1&url=%23%0dbounty:strike¶m3=value3https://dubell.io/?param1=value1&url=%25%30%61bounty:strike¶m3=value3https://dubell.io/?param1=value1&url=%25%30abounty:strike¶m3=value3https://dubell.io/?param1=value1&url=%250abounty:strike¶m3=value3https://dubell.io/?param1=value1&url=%25250abounty:strike¶m3=value3https://dubell.io/?param1=value1&url=%3f%0dbounty:strike¶m3=value3https://dubell.io/?param1=value1&url=%u000abounty:strike¶m3=value3https://dubell.io/?param1=value1&url=value2¶m3=%%0a0abounty:strikehttps://dubell.io/?param1=value1&url=value2¶m3=%0abounty:strikehttps://dubell.io/?param1=value1&url=value2¶m3=%0d%0abounty:strikehttps://dubell.io/?param1=value1&url=value2¶m3=%0dbounty:strikehttps://dubell.io/?param1=value1&url=value2¶m3=%23%0dbounty:strikehttps://dubell.io/?param1=value1&url=value2¶m3=%25%30%61bounty:strikehttps://dubell.io/?param1=value1&url=value2¶m3=%25%30abounty:strikehttps://dubell.io/?param1=value1&url=value2¶m3=%250abounty:strike https://dubell.io/?param1=value1&url=value2¶m3=%25250abounty:strikehttps://dubell.io/?param1=value1&url=value2¶m3=%3f%0dbounty:strikehttps://dubell.io/?param1=value1&url=value2¶m3=%u000abounty:strike Also...
PCFG Cracker : Probabilistic Context Free Grammar (PCFG) Password Guess Generator
This project uses machine learning to identify password creation habits of users. A PCFG model is generated by training on a list of disclosed plaintext/cracked passwords. In the context of this project, the model is referred to as a ruleset and contains many different parts of the passwords identified during training, along with their associated...
DVNA : Damn Vulnerable NodeJS Application
Damn Vulnerable NodeJS Application (DVNA) is a simple NodeJS application to demonstrate OWASP Top 10 Vulnerabilities and guide on fixing and avoiding these vulnerabilities. The application is powered by commonly used libraries such as express, passport, sequelize, etc. Developer Security Guide book The application comes with a developer friendly comprehensive guidebook which can be used to learn, avoid and fix the...
Massdns : A High-Performance DNS Stub Resolver For Bulk Lookups & Reconnaissance
Massdns is a high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration). It is a simple high-performance DNS stub resolver targeting those who seek to resolve a massive amount of domain names in the order of millions or even billions. Without special configuration, MassDNS is capable of resolving over 350,000 names per second using publicly available resolvers. Major changes This...
S3enum : Fast Amazon S3 Bucket Enumeration Tool For Pentesters
S3enum is a tool to enumerate a target's Amazon S3 buckets. It is fast and leverages DNS instead of HTTP, which means that requests don't hit AWS directly. Go go get github.com/koenrh/s3enum Also Read - PythonAESObfuscate : Obfuscates a Python Script & Accompanying Shellcode Usage You need to specify the base name of the target (e.g. hackerone), and a word list. You could either...
Risk Assessment Framework : Static Application Security Testing
The OWASP Risk Assessment Framework consist of Static application security testing and Risk Assessment tools, Eventhough there are many SAST tools available for testers, but the compatibility and the Environment setup process is complex. By using OWASP Risk Assessment Framework's Static Application Security Testing tool Testers will be able to analyze and review their code quality and vulnerabilities without...
See-SURF : Python Based Scanner To Find Potential SSRF Parameters
See-SURF is a Python based scanner to find potential SSRF parameters in a web application. SSRF being one of the critical vulnerabilities out there in web, i see there was no tool which would automate finding potential vulnerable parameters. See-SURF can be added to your arsenal for recon while doing bug hunting/web security testing. Features Takes burp's sitemap as input and...
.png "Autodeauth : A Tool Built To Automatically Deauth Local Networks")
