KatroLogger : KeyLogger for Linux Systems
KatroLogger is a tool used for KeyLogger for Linux Systems. Features Runs on GUI systems or CLISending data by email Dependencies curllibx11-dev (Debian-Based)libX11-devel (RHEL-Based) Compiling ./configuremakemake install Also Read - Atlas : Quick SQLMap Tamper Suggester v1.0 Usage katrologger --output /path/file Send data by e-mail: katrologger --smtp-help Fixing problems accessing via SSH when connecting to the victim remotely via ssh it will be necessary to export environment variables to run the keylogger. For...
Attacker-Group-Predictor : Tool To Predict Attacker Groups
Attacker-Group-Predictor is a tool predicts attacker groups from techniques and software used. It searches based on the MITRE ATT&CK™ framework. How it works? Collect data from https://attack.mitre.org/ about attacker groupsGet data from user about attackCompare data and create result Installation git clone https://github.com/omergunal/Attacker-Group-Predictor.git cd Attacker-Group-Predictor/ pip3 install -r requirements.txt Usage python3 main.py Fill the inputs Update Attacker Groups Data cd updater python3 update.py Example python3 main.py ...
EvilPDF – Embedding Executable Files In PDF Documents
EvilPDF is a hiding executable files in PDF documents. Usage git clone https://github.com/thelinuxchoice/evilpdf cd evilpdf python -m pip install pypdf2 python evilpdf.py Disclaimer Usage of EvilPDF for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or...
Needle : Instant Access To You Bug Bounty Submission Dashboard On Various Platforms
Needle is the only chrome extension you may need to have one click access to your bug submissions across various platforms. No need to create any bookmark, type on the url bar and have fuss with autocomplete problems. Right now the list included is- HackeroneBugcrowdIntigritiYes we hack and added support as- H1 Publicly disclosed reports. (from h1.nobbd.de)Link to #bugbountytips (via @TheBugBot) Screenshot On clicking any...
Atlas : Quick SQLMap Tamper Suggester v1.0
Atlas is an open source tool that can suggest sqlmap tampers to bypass WAF/IDS/IPS, the tool is based on returned status code. Screenshot Installation $ git clone https://github.com/m4ll0k/Atlas.git atlas$ cd atlas$ python atlas.py # python3+ Usage $ python atlas.py --url http://site.com/index.php?id=Price_ASC --payload="-1234 AND 4321=4321-- AAAA" --random-agent -v injection point (with %%inject%%): Get: $ python atlas.py --url http://site.com/index/id/%%10%% --payload="-1234 AND 4321=4321-- AAAA" --random-agent -v Post: $ python atlas.py --url http://site.com/index/id/...
RMIScout : Bruteforce Attacks Against Exposed Java RMI Interfaces
RMIScout performs wordlist and bruteforce attacks against exposed Java RMI interfaces to safely guess method signatures without invocation. On misconfigured servers, any known RMI signature using non-primitive types (e.g., java.lang.String), can be exploited by replacing the object with a serialized payload. This is a fairly common misconfiguration (e.g., VMWare vSphere Data Protection + vRealize Operations Manager, Pivotal tc Server and...
StegCloak : Hide Secrets With Invisible Characters In Plain Text Securely Using Passwords
StegCloak is a pure JavaScript steganography module designed in functional programming style, to hide secrets inside text by compressing and encrypting the secret before cloaking it with special unicode invisible characters. It can be used to safely watermark strings, invisible scripts on webpages, texts on social media or for any other covert communication. Completely invisible!. See how it works...
BabyShark : Basic C2 Server 2020
BabyShark is a basic C2 generic server written in Python and Flask. This code has based idea to GTRS, which uses Google Translator as a proxy for sending commands to the infected host. The BabyShark project aims to centralize reverse connections with agents, creating a way to centralize several types of connections in one place. BabyShark does not generate infection agents,...
URLCrazy : OSINT Tool To Generate And Test Domain
URLCrazy is an OSINT tool to generate and test domain typos or variations to detect or perform typo squatting, URL hijacking, phishing, and corporate espionage. Use Cases Detect typo squatters profiting from typos on your domain nameProtect your brand by registering popular typosIdentify typo domain names that will receive traffic intended for another domainConduct phishing attacks during a penetration test Features Generates 15...
Impost3r : A Linux Password Thief
Impost3r is a tool that aim to steal many kinds of linux passwords(including ssh,su,sudo) written by C.Attackers can use Impost3r to make a trap to steal the legal user's passwords XD. Features Automatically clean the trackUse DNS to transfer the resultReally hard for legal users can feel this attack Dependencies gcc Usage Impost3r can be used to steal passwords including sudo, su, and ssh services....
.png "noPac : Exploiting CVE-2021-42278 And CVE-2021-42287 To Impersonate DA From Standard Domain User")