EvilPDF – Embedding Executable Files In PDF Documents
EvilPDF is a hiding executable files in PDF documents. Usage git clone https://github.com/thelinuxchoice/evilpdf cd evilpdf python -m pip install pypdf2 python evilpdf.py Disclaimer Usage of EvilPDF for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or...
Needle : Instant Access To You Bug Bounty Submission Dashboard On Various Platforms
Needle is the only chrome extension you may need to have one click access to your bug submissions across various platforms. No need to create any bookmark, type on the url bar and have fuss with autocomplete problems. Right now the list included is- HackeroneBugcrowdIntigritiYes we hack and added support as- H1 Publicly disclosed reports. (from h1.nobbd.de)Link to #bugbountytips (via @TheBugBot) Screenshot On clicking any...
Atlas : Quick SQLMap Tamper Suggester v1.0
Atlas is an open source tool that can suggest sqlmap tampers to bypass WAF/IDS/IPS, the tool is based on returned status code. Screenshot Installation $ git clone https://github.com/m4ll0k/Atlas.git atlas$ cd atlas$ python atlas.py # python3+ Usage $ python atlas.py --url http://site.com/index.php?id=Price_ASC --payload="-1234 AND 4321=4321-- AAAA" --random-agent -v injection point (with %%inject%%): Get: $ python atlas.py --url http://site.com/index/id/%%10%% --payload="-1234 AND 4321=4321-- AAAA" --random-agent -v Post: $ python atlas.py --url http://site.com/index/id/...
RMIScout : Bruteforce Attacks Against Exposed Java RMI Interfaces
RMIScout performs wordlist and bruteforce attacks against exposed Java RMI interfaces to safely guess method signatures without invocation. On misconfigured servers, any known RMI signature using non-primitive types (e.g., java.lang.String), can be exploited by replacing the object with a serialized payload. This is a fairly common misconfiguration (e.g., VMWare vSphere Data Protection + vRealize Operations Manager, Pivotal tc Server and...
StegCloak : Hide Secrets With Invisible Characters In Plain Text Securely Using Passwords
StegCloak is a pure JavaScript steganography module designed in functional programming style, to hide secrets inside text by compressing and encrypting the secret before cloaking it with special unicode invisible characters. It can be used to safely watermark strings, invisible scripts on webpages, texts on social media or for any other covert communication. Completely invisible!. See how it works...
BabyShark : Basic C2 Server 2020
BabyShark is a basic C2 generic server written in Python and Flask. This code has based idea to GTRS, which uses Google Translator as a proxy for sending commands to the infected host. The BabyShark project aims to centralize reverse connections with agents, creating a way to centralize several types of connections in one place. BabyShark does not generate infection agents,...
URLCrazy : OSINT Tool To Generate And Test Domain
URLCrazy is an OSINT tool to generate and test domain typos or variations to detect or perform typo squatting, URL hijacking, phishing, and corporate espionage. Use Cases Detect typo squatters profiting from typos on your domain nameProtect your brand by registering popular typosIdentify typo domain names that will receive traffic intended for another domainConduct phishing attacks during a penetration test Features Generates 15...
Impost3r : A Linux Password Thief
Impost3r is a tool that aim to steal many kinds of linux passwords(including ssh,su,sudo) written by C.Attackers can use Impost3r to make a trap to steal the legal user's passwords XD. Features Automatically clean the trackUse DNS to transfer the resultReally hard for legal users can feel this attack Dependencies gcc Usage Impost3r can be used to steal passwords including sudo, su, and ssh services....
Xeexe : Undetectable & Xor Encrypting With Custom KEY
Xeexe is a undetectable Reverse shell & Xor encrypting with custom KEY(FUD Metasploit Rat) bypass Top Antivirus like BitDefender, Malwarebytes, Avast, ESET-NOD32, AVG,…(PYTHON 3). Undetectable Reverse Shell (Metasploit Rat) It is an FUD exploiting tool which compiles a malware with famous payload, and then the compiled malware can be executed on Windows the tool Provides An Easy way to create Backdoors...
Tangalanga : The Zoom Conference Scanner Hacking Tool
Tangalanga is a Zoom Conference scanner. This scanner will check for a random meeting id and return information if available. Install First try to see if there's any prebaked version for the date: https://github.com/elcuervo/tangalanga/releases.This versions already have a token ready to use.Either way you can find the Windows, Linux and Mac version on Releases https://github.com/elcuervo/tangalanga/releases.Download, uncompress and enjoy. Usage This are all the...
