Chromepass : Hacking Chrome Saved Passwords
Chromepass is a python-based console application that generates a windows executable with the following features: Decrypt Chrome saved paswordsSend a file with the login/password combinations remotely (email or reverse-http)Custom iconCompletely undetectable by AntiVirus Engines AV Detection Due to the way this has been coded, it is currently fully undetected. Here are some links to scans performed using a variety of websites VirusTotal Scan...
Tentacle : A POC Vulnerability Verification & Exploit Framework
Tentacle is a POC vulnerability verification and exploit framework. It supports free extension of exploits and uses POC scripts. It supports calls to zoomeye, fofa, shodan and other APIs to perform bulk vulnerability verification for multiple targets. Install pip3 install -r requestment.txt Also Read - DigiTrack : Attacks For $5 or Less Using Arduino Usage When you run it for the first time, the...
Tails – Live System To Preserve Your Privacy & Anonymity
The Tails team is happy to publish Tails 4.5, the first version of Tails to support Secure Boot. This release also fixes many security vulnerabilities. You should upgrade as soon as possible. New Features Secure BootTails now starts on computers with Secure Boot enabled.If your Mac displays the following error:Security settings do not allow this Mac to use an external startup disk.Then...
How to Send a Fax Without a Phone Line? With Fax Online Service
Most people today are unaware of what a fax is, leave alone how to operate a fax machine. Although it may seem to be an outdated technology, many businesses still use it to securely send confidential files. So, how do you send a fax online without a phone line? Thanks to online fax services, you can send faxes via the...
MSOLSpray : A Password Spraying Tool For Microsoft Online Accounts
MSOLSpray is a password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid, if MFA is enabled on the account, if a tenant doesn't exist, if a user doesn't exist, if the account is locked, or if the account is disabled. Why Another Spraying Tool? Yes, I realize there are other password spraying tools...
Git-Hound : PinPoints Exposed API Keys On GitHub Using Pattern Matching
A batch-catching, pattern-matching, patch-attacking secret snatcher. GitHound pinpoints exposed API keys on GitHub using pattern matching, commit history searching, and a unique result scoring system. A batch-catching, pattern-matching, patch-attacking secret snatcher. Features GitHub/Gist code searching. This enables GitHound to locate sensitive information exposed across all of GitHub, uploaded by any user.Generic API key detection using pattern matching, context, and Shannon entropy.Commit...
How to Send a PDF to a Fax Machine Easily Quickly and Securely?
Do you want to send a PDF to a fax machine? You will need online fax services to manage transmission of important documents. CocoFax and other online fax apps can help you to manage this transmission. With online fax apps, you can use your smartphone as a virtual fax machine. See some best fax apps that will help you to send a...
DNSteal : DNS Exfiltration Tool For Stealthily Sending Files Over DNS Requests
DNSteal is a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests. Below are a couple of different images showing examples of multiple file transfer and single verbose file transfer: Support for multiple filesGzip compression supportedNow supports the customisation of subdomains and bytes per subdomain and the length of filename See help below: Also...
OSSEM : Open Source Security Events Metadata
The Open Source Security Events Metadata (OSSEM) is a community-led project that focuses primarily on the documentation and standardization of security event logs from diverse data sources and operating systems. Security events are documented in a dictionary format and can be used as a reference for projects like the ThreatHunter-Playbook while mapping data sources to data analytics used to validate...
AngrgDB : Use Angr Inside GDB
AngrgDB use angr inside GDB. Create an angr state from the current debugger state. Install pip install angrgdb echo "python import angrgdb.commands" >> ~/.gdbinit Usage AngrgDB implements the angrdbg API in GDB. You can use it in scripts like this: from angrgdb import *gdb.execute("b *0x004005f9")gdb.execute("r aaaaaaaa")sm = StateManager()sm.sim(sm, 100)m = sm.simulation_manager()m.explore(find=0x00400607, avoid=0x00400613)sm.to_dbg(m.found) #write input to GDBgdb.execute("x/s $rax")#0x7fffffffe768: "ais3{I_tak3_g00d_n0t3s}"gdb.execute("c")#Correct! that is the secret key! You can also...
