.webp "How To Install/Run – Streamlining OSINT Workflows For Enhanced Capabilities")
ThreatIngestor : Extract & Aggregate Threat Intelligence
ThreatIngestor is an extendable tool to extract and aggregate IOCs from threat feeds. Integrates out-of-the-box with ThreatKB and MISP, and can fit seamlessly into any existing worflow with SQS, Beanstalk, and custom plugins. Overview It can be configured to watch Twitter, RSS feeds, or other sources, extract meaningful information such as malicious IPs/domains and YARA signatures,...
LinPwn : Interactive Post Exploitation Tool
LinPwn is a interactive tool created to assist you in post exploitation enumeration and privilege escalation. Connection Set your IP and port you want it to connect to in the Connection class.Place the LinPwn binary on the target machine.Run nc -lvp PORT on your machine and then run LinPwn on the target machine to get a connection. Also Read - JSONBee : A...
Pockint : A Portable OSINT Swiss Army Knife for DFIR/OSINT Professionals
POCKINT (a.k.a. Pocket Intelligence) is the OSINT swiss army knife for DFIR/OSINT professionals. Designed to be a lightweight and portable GUI program (to be carried within USBs or investigation VMs), it provides users with essential OSINT capabilities in a compact form factor: POCKINT's input box accepts typical indicators (URL, IP, MD5) and gives users...
XORpass : Encoder To Bypass WAF Filters Using XOR Operations
XORpass is an encoder to bypass WAF filters using XOR operations. Installation & Usage git clone https://github.com/devploit/XORpass cd XORpass $ php encode.php STRING $ php decode.php "XORed STRING" Example of bypass Using clear PHP function: Also Read - JSONBee : A Ready To Use JSONP Endpoints/Payloads To Help Bypass Content Security Policy Of Different Websites Using XOR bypass of that function: $ php encode.php system...
CloudUnflare : Reconnaissance Real IP Address for Cloudflare Bypass
CloudUnflare is a tool used to reconnaissance Real IP address for Cloudflare Bypass. Preparation: 1. CompleteDNS API Create an account at completedns.com and verify first.Input your email and password on CompleteDNS_Login variable in cloudunflare.bash. 2. Dependencies Needed curldigwhois Also Read - JSONBee : A Ready To Use JSONP Endpoints/Payloads To Help Bypass Content Security Policy Of Different Websites Debian Based apt-get install curl dnsutils whois -y Installation: Clone...
Cryptovenom : The Cryptography Swiss Army Knife
CryptoVenom is an OpenSource tool which contains a lot of cryptosystems and cryptoanalysis methods all in one, including classical algorithms, hash algorithms, encoding algorithms, logic gates, mathematical functions, modern symmetric and asymmetric encryptions etc. What is the Purpose of CryptoVenom? Make easier the cryptoanalysis or the usage of cryptosystems and manipulation of them. If you are a...
AutoSploit : Automated Mass Exploiter
As the name might suggest AutoSploit attempts to automate the exploitation of remote hosts. Targets can be collected automatically through Shodan, Censys or Zoomeye. But options to add your custom targets and host lists have been included as well. The available Metasploit modules have been selected to facilitate Remote Code Execution and to attempt...
ATTACKdatamap : A Datasource Assessment On An Event Level To Show Potential Coverage
ATTACKdatamap is a datasource assessment on an event level to show potential coverage of the "MITRE ATT&CK" framework. This tool is developed by me and has no affiliation with "MITRE" nor with its great "ATT&CK" team, it is developed with the intention to ease the mapping of data sources to assess one's potential coverate. Start This tool requires module ImportExcel, Install...
JSONBee : A Ready To Use JSONP Endpoints/Payloads To Help Bypass Content Security Policy Of Different Websites
A ready to use JSONP endpoints to help bypass content security policy of different websites. The tool was presented during HackIT 2018 in Kiev. The main idea behind this tool is to find the JSONP endpoint(s) that would help you bypass content security policy for your target website in an automated way. JSONBee takes an input of a url...
Arjun : HTTP Parameter Discovery Suite
Arjun is a web applications use parameters (or queries) to accept user input, take the following example into consideration. http://api.example.com/v1/userinfo?id=751634589 This URL seems to load user information for a specific user id, but what if there exists a parameter named admin which when set to True makes the endpoint provide more information about the user? This is what Arjun does, it finds...
.webp "SharpExclusionFinder – Streamlining Windows Defender Exclusion Checks With Advanced Scanning Capabilities")
