Wafw00f : Identify & Fingerprint Web Application Firewall
WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website. To do its magic, WAFW00F does the following: Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions.If that is not successful, it sends a number of (potentially malicious) HTTP requests and uses simple logic to deduce which...
XoN : Tool To Search An Aggregated Repository Of Xposed Passwords
XposedOrNot or XoN tool is to search an aggregated repository of xposed passwords comprising of ~850 million real time passwords. Usage of such compromised passwords is detrimental to individual account security. The main aim of this project is to give a free platform for the general public to check if their password is exposed and compromised. This massive password...
Dsync : IDAPython Plugin That Synchronizes Disassembler & Decompiler Views
Dsync is a IDAPython plugin that synchronizes decompiled and disassembled code views. Please refer to comments in source code for more details. Also Read - AWS Report – Tool For Analyzing Amazon Resources Demo Download
RFCpwn : An Enumeration & Exploitation Toolkit Using RFC Calls To SAP
RFCpwn is an SAP enumeration and exploitation toolkit using SAP RFC calls. This is a toolkit for demonstrating the impact of compromised service accounts. This PoC is not for use in production environments, no guarantee of stability or support. It relies on the pyrfc and the libraries provided by SAP in: https://github.com/SAP/PyRFC#installation Also Read - AWS Report : Tool For...
LKWA : Lesser Known Web Attack Lab
LKWA or Lesser Known Web Attack Lab is for intermediate pentester that can test and practice lesser known web attacks such as Object Injection, XSSI, PHAR Deserialization, variables variable ..etc. Write-ups are welcome. Installation Just clone the git with git clone https://github.com/weev3/LKWA and move it to your web server and you are good to go. Also Read - Turbolist3r...
Multiscanner : Modular File Scanning/Analysis Framework
MultiScanner is a file analysis framework that assists the user in evaluating a set of files by automatically running a suite of tools for the user and aggregating the output. Tools can be custom built Python scripts, web APIs, software running on another machine, etc. Tools are incorporated by creating modules that run in the framework. Modules are designed to...
Tishna : Automated Web Application Hacker 2020
Tishna is an complete Automated pentest framework for Servers, Application Layer to Web Security. This software have 62 Options with full automation and can be use for web security swiss knife. Tishna is Web Server Security Penetration Software for Ultimate Security AnalaysisKali, Parrot OS, Black Arch, Termux, Android Led TV Also Read - AVCLASS++ : Yet Another Massive Malware Labeling...
AWS Report – Tool For Analyzing Amazon Resources
AWS Report is a tool for analyzing amazon resources, let us have a look at some of features; Search iam users based on creation dateSearch buckets publicSearch security group with inbound rule for 0.0.0.0/0Search elastic ip dissociatedSearch volumes availableSearch AMIs with permission publicSearch internet gateways detached Also Read - nmapAutomator : A Script That You Can Run In The Background Install requirements pip3...
S3TK : A Security Toolkit For Amazon S3
S3TK is a security toolkit for Amazon S3. Installation Run: pip install s3tk You can use the AWS CLI to set up your AWS credentials: pip install awscli aws configure Commands Scan Scan your buckets for: ACL open to publicpolicy open to publiclogging enabledversioning enableddefault encryption enabled s3tk scan Only run on specific buckets s3tk scan my-bucket my-bucket-2 Also works with wildcards s3tk scan "my-bucket*" Confirm correct log bucket(s) and prefix s3tk scan --log-bucket...
SysWhispers : AV/EDR Evasion Via Direct System Calls
SysWhispers helps with evasion by generating header/ASM files implants can use to make direct system calls. All core syscalls are supported from Windows XP to 10. Example generated files available in example-output/. Various security products place hooks in user-mode APIs which allow them to redirect execution flow to their engines and detect for suspicious behavior. The functions in...
.webp "Nysm : Unveiling The Art Of Stealthy eBPF Post-Exploitation Containers")
