.webp "How To Install/Run – Streamlining OSINT Workflows For Enhanced Capabilities")
Dsync : IDAPython Plugin That Synchronizes Disassembler & Decompiler Views
Dsync is a IDAPython plugin that synchronizes decompiled and disassembled code views. Please refer to comments in source code for more details. Also Read - AWS Report – Tool For Analyzing Amazon Resources Demo Download
RFCpwn : An Enumeration & Exploitation Toolkit Using RFC Calls To SAP
RFCpwn is an SAP enumeration and exploitation toolkit using SAP RFC calls. This is a toolkit for demonstrating the impact of compromised service accounts. This PoC is not for use in production environments, no guarantee of stability or support. It relies on the pyrfc and the libraries provided by SAP in: https://github.com/SAP/PyRFC#installation Also Read - AWS Report : Tool For...
LKWA : Lesser Known Web Attack Lab
LKWA or Lesser Known Web Attack Lab is for intermediate pentester that can test and practice lesser known web attacks such as Object Injection, XSSI, PHAR Deserialization, variables variable ..etc. Write-ups are welcome. Installation Just clone the git with git clone https://github.com/weev3/LKWA and move it to your web server and you are good to go. Also Read - Turbolist3r...
Multiscanner : Modular File Scanning/Analysis Framework
MultiScanner is a file analysis framework that assists the user in evaluating a set of files by automatically running a suite of tools for the user and aggregating the output. Tools can be custom built Python scripts, web APIs, software running on another machine, etc. Tools are incorporated by creating modules that run in the framework. Modules are designed to...
Tishna : Automated Web Application Hacker 2020
Tishna is an complete Automated pentest framework for Servers, Application Layer to Web Security. This software have 62 Options with full automation and can be use for web security swiss knife. Tishna is Web Server Security Penetration Software for Ultimate Security AnalaysisKali, Parrot OS, Black Arch, Termux, Android Led TV Also Read - AVCLASS++ : Yet Another Massive Malware Labeling...
AWS Report – Tool For Analyzing Amazon Resources
AWS Report is a tool for analyzing amazon resources, let us have a look at some of features; Search iam users based on creation dateSearch buckets publicSearch security group with inbound rule for 0.0.0.0/0Search elastic ip dissociatedSearch volumes availableSearch AMIs with permission publicSearch internet gateways detached Also Read - nmapAutomator : A Script That You Can Run In The Background Install requirements pip3...
S3TK : A Security Toolkit For Amazon S3
S3TK is a security toolkit for Amazon S3. Installation Run: pip install s3tk You can use the AWS CLI to set up your AWS credentials: pip install awscli aws configure Commands Scan Scan your buckets for: ACL open to publicpolicy open to publiclogging enabledversioning enableddefault encryption enabled s3tk scan Only run on specific buckets s3tk scan my-bucket my-bucket-2 Also works with wildcards s3tk scan "my-bucket*" Confirm correct log bucket(s) and prefix s3tk scan --log-bucket...
SysWhispers : AV/EDR Evasion Via Direct System Calls
SysWhispers helps with evasion by generating header/ASM files implants can use to make direct system calls. All core syscalls are supported from Windows XP to 10. Example generated files available in example-output/. Various security products place hooks in user-mode APIs which allow them to redirect execution flow to their engines and detect for suspicious behavior. The functions in...
AVCLASS++ : Yet Another Massive Malware Labeling Tool
AVCLASS++ is a labeling tool for creating a malware dataset. Addressing malware threats requires constant efforts to create and maintain a dataset. Especially, labeling malware samples is a vital part of shepherding a dataset. AVCLASS, a tool developed for this purpose, takes as input VirusTotal reports and returns labels that aggregates scan results of...
Turbolist3r : Subdomain Enumeration Tool With Analysis Features For Discovered Domains
Turbolist3r is a fork of the sublist3r subdomain discovery tool. In addition to the original OSINT capabilties of sublist3r, turbolist3r automates some analysis of the results, with a focus on subdomain takeover. Turbolist3r queries public DNS servers for each discovered subdomain. If the subdomain exists (i.e. the resolver replied with an address), the answer is categorized as...
