Oralyzer : Tool To Identify Open Redirection
Oralyzer, a simple python script, capable of identifying the open redirection vulnerability in a website. It does that by fuzzing the url i.e. provided as the input. Features Oralyzer can identify different types of Open Redirect Vulnerabilities: Header BasedJavascript BasedMeta Tag Based Oralyzer uses waybackurls to fetch URLs from archive.org, it then separates the URLs that have specific parameters in them, parameters that...
Kubebox : Terminal & Web Console For Kubernetes
Kubebox terminal and web console for kubernetes. Features ✓ Configuration from kubeconfig files (KUBECONFIG environment variable or $HOME/.kube)✓ Switch contexts interactively✓ Authentication support (bearer token, basic auth, private key / cert, OAuth, OpenID Connect, Amazon EKS, Google Kubernetes Engine, Digital Ocean)✓ Namespace selection and pods list watching✓ Container log scrolling / watching✓ Container resources usage (memory, CPU, network, file system...
Commit-Stream : OSINT Tool For Finding Github Repositories
Commit-Stream drinks commit logs from the Github event firehose exposing the author details (name and email address) associated with Github repositories in real time. OSINT / Recon uses for Redteamers / Bug bounty hunters: Uncover repositories which employees of a target company is commiting code (filter by email domain)Identify repositories belonging to an individual (filter by author name)Chain with other tools...
SNOWCRASH – A Polyglot Payload Generator
SNOWCRASH creates a script that can be launched on both Linux and Windows machines. Payload selected by the user (in this case combined Bash and Powershell code) is embedded into a single polyglot template, which is platform-agnostic. There are few payloads available, including command execution, reverse shell establishment, binary execution and some more :> Basic Usage Install dependencies: ./install.shList available payloads: ./snowcrash...
IntelSpy : Perform Automated Network Reconnaissance Scans
IntelSpy is a tool used to perform automated network reconnaissance scans to gather network intelligence. It is a multi-threaded network intelligence tool which performs automated network services enumeration. It performs live hosts detection scans, port scans, services enumeration scans, web content scans, brute-forcing, detailed off-line exploits searches and more. The tool will also launch further enumeration scans for each detected service...
TrustJack : Yet Another PoC For Hijacking DLLs in Windows
TrustJack is a tool for yet another PoC For hijacking DLLs in windows. To be used with a cmd that does whatever the F you want, for a dll that pops cmd, https://github.com/jfmaes/CMDLL. check the list in wietze's site to check how you should call your dll. will automatically create c:Windows System32 and drop your dll and chosen binary in...
HawkScan : Security Tool For Reconnaissance & Information Gathering On A Website
HawkScan is a security tool for reconnaissance and information gathering on a website. (python 2.x & 3.x).This script use "WafW00f" to detect the WAF in the first step (https://github.com/EnableSecurity/wafw00f)This script use "Sublist3r" to scan subdomains (https://github.com/aboul3la/Sublist3r)This script use "waybacktool" to check in waybackmachine (https://github.com/Rhynorater/waybacktool) News ! Version 1.5! Auto activate JS during scan if the webite is full JS (website 2.0)!...
SiteDorks : A Search Term With Different Websites
SiteDorks is a tool used to search Google, Bing, Yahoo or Yandex for a search term with different websites. A default list is already provided, which contains Github, Gitlab, Surveymonkey, Trello etc etc. Currently, a default list of 241 dorkable websites is available. Current categories on file are: analysis(10)cloud(35)code(38)comm(27)companies(3)docs(36)edu(3)forms(11)orgs(13)other(4)remote(1)shortener(15)social(42)storage(3) Why SiteDorks? Why wouldn't you just enter dorks for several websites manually? Because: It's...
Git All The Payloads! A Collection Of Web Attack Payloads
Git All the Payloads! A collection of web attack payloads. Pull requests are welcome! Usage run ./get.sh to download external payloads and unzip any payload files that are compressed. Payload Credits fuzzdb - https://github.com/fuzzdb-project/fuzzdbSecLists - https://github.com/danielmiessler/SecListsxsuperbug - https://github.com/xsuperbug/payloadsNickSanzotta - https://github.com/NickSanzotta/BurpIntruder7ioSecurity - https://github.com/7ioSecurity/XSS-Payloadsshadsidd - https://github.com/shadsiddshikari1337 - https://www.shikari1337.com/list-of-xss-payloads-for-cross-site-scripting/xmendez - https://github.com/xmendez/wfuzzminimaxir - https://github.com/minimaxir/big-list-of-naughty-stringsxsscx - https://github.com/xsscx/Commodity-Injection-SignaturesTheRook - https://github.com/TheRook/subbrutedanielmiessler - https://github.com/danielmiessler/RobotsDisallowedFireFart - https://github.com/FireFart/HashCollision-DOS-POCHybrisDisaster - https://github.com/HybrisDisaster/aspHashDoSswisskyrepo - https://github.com/swisskyrepo/PayloadsAllTheThings1N3 -...
Saferwall : An Open Source Malware Analysis Platform
Saferwall is an open source malware analysis platform. It aims for the following goals: Provide a collaborative platform to share samples among malware researchers.Acts as a system expert, to help researchers generates an automated malware analysis report.Hunting platform to find new malwares.Quality ensurance for signature before releasing. Features Static analysis:Crypto hashes, packer identificationStrings extractionPortable Executable file parserMultiple AV scanner which includes major...
