IPv6Tools : A Robust Modular Framework
The IPv6Tools framework is a robust set of modules and plugins that allow a user to audit an IPv6 enabled network. The built-in modules support enumeration of IPv6 features such as ICMPv6 and Multicast Listener Discovery (MLD). In addition, the framework also supports enumeration of Upper Layer Protocols (ULP) such as multicast DNS (mDNS) and Link-Local Multicast Name Resolution...
Pytm : A Pythonic Framework For Threat Modeling
Define your system in Python using the elements and properties described in the pytm framework. Based on your definition, pytm can generate, a Data Flow Diagram (DFD), a Sequence Diagram and most important of all, threats to your system. Requirements Linux/MacOSPython 3.xGraphviz packageJava (OpenJDK 10 or 11)plantuml.jar Usage tm.py optional arguments: ...
InjuredAndroid : A Vulnerable Android Application
InjuredAndroid is a vulnerable Android application with ctf examples based on bug bounty findings, exploitation concepts, and pure creativity. Setup for a physical device Download injuredandroid.apk from Github Enable USB debugging on your Android test phone. Connect your phone and your pc with a usb cable. Install via adb. adb install injuredandroid.apk. Note: You need to use...
FockCache : Minimalized Test Cache Poisoning
FockCache is a minimalized test cache poisoning. It tries to make cache poisoning by trying X-Forwarded-Host and X-Forwarded-Scheme headers on web pages. After successful result, it gives you a poisoned URL. To be added soon: Page Param CheckerRecursive Checking Installation Install with installer.sh chmod +x installer.sh./installer.sh Also Read - PCFG Cracker : Probabilistic Context Free Grammar (PCFG) Password Guess Generator 2 - Install manual go get github.com/briandowns/spinnergo get...
Acunetix – Web Application Security Scanner
Acunetix is the pioneer in automated web application security software, has announced the release of Acunetix Version 13. The new release comes with an improved user interface and introduces innovations such as the SmartScan engine, malware detection functionality, comprehensive network scanning, proof-of-exploit, incremental scanning, and more. This release further strengthens the leading position of...
SEcraper : Search Engine Scraper Tool With BASH Script
SEcraper is a search engine scraper tool with BASH script. Dependency curl (cli) Available Search Engine Ask.comSearch.yahoo.comBing.com Also Read - PCFG Cracker : Probabilistic Context Free Grammar (PCFG) Password Guess Generator Installation git clone https://github.com/zerobyte-id/SEcraper.git cd SEcraper/ Run bash secraper.bash "QUERY" Download
Re2Pcap : Create PCAP file From Raw HTTP Request Or Response In Seconds
Re2Pcap is abbreviation for Request2Pcap and Response2Pcap. Community users can quickly create PCAP file using it and test them against Snort rules. It allow you to quickly create PCAP file for raw HTTP request shown below; POST /admin/tools/iplogging.cgi HTTP/1.1Host: 192.168.13.31:80User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0Accept: text/plain, /; q=0.01Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateReferer: http://192.168.13.31:80/admin/tools/iplogging.htmlContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestContent-Length: 63Cookie: token=1e9c07e135a15e40b3290c320245ca9aConnection: closetcpdumpParams=tcpdump...
TakeOver : Sub-Domain TakeOver Vulnerability Scanner
Sub-domain TakeOver vulnerability occur when a sub-domain (subdomain.example.com) is pointing to a service (e.g: GitHub, AWS/S3,..) that has been removed or deleted. This allows an attacker to set up a page on the service that was being used and point their page to that sub-domain. For example, if subdomain.example.com was pointing to a GitHub...
MISP – Dashboard For A Real Time Overview Of Threat Intelligence From MISP Instances
MISP is a dashboard showing live data and statistics from the ZMQ feeds of one or more MISP instances. The dashboard can be used as a real-time situational awareness tool to gather threat intelligence information. The misp-dashboard includes a gamification tool to show the contributions of each organization and how they are ranked over time. The dashboard...
Dufflebag : Search Exposed EBS Volumes For Secrets
Dufflebag is a tool that searches through public Elastic Block Storage (EBS) snapshots for secrets that may have been accidentally left in. You may be surprised by all the passwords and secrets just laying around! The tool is organized as an Elastic Beanstalk ("EB", not to be confused with EBS) application, and definitely won't work if you try to run...
