Seeker : Accurately Locate Smartphones Using Social Engineering
Concept behind Seeker is simple, just like we host phishing pages to get credentials why not host a fake page that requests your location like many popular location based websites. It Hosts a fake website on In Built PHP Server and uses Serveo to generate a link which we will forward to the target, website asks...
CORSTest : A Simple CORS Misconfiguration Scanner
CORStest is a quick & dirty Python 2 tool to find Cross-Origin Resource Sharing (CORS) misconfigurations. It takes a text file as input which may contain a list of domain names or URLs. Currently, the following potential vulnerabilities are detected by sending a certain Origin request header and checking for the Access-Control-Allow-Origin response header: Developer backdoor: Insecure...
SharpHide : Tool To Create Hidden Registry Keys
SharpHide is just a nice persistence trick to confuse DFIR investigation. Uses NtSetValueKey native API to create a hidden (null terminated) registry key. This works by adding a null byte in front of the UNICODE_STRING key valuename. The tool uses the following registry path in which it creates the hidden run key: (HKCU if user, else HKLM)SOFTWAREMicrosoftWindowsCurrentVersionRun Also Read -...
LinuxCheck : Linux Information Collection Script 2019
LinuxCheck is a small Linux information collection script is mainly used for emergency response. It can be used under Debian or Centos. Features CPU TOP10, memory TOP10CPU usageboot timeHard disk space informationUser information, passwd informationEnvironmental variable detectionService listSystem program changes (debsums -e and rpm -va)Network traffic statisticsNetwork connection, listening portOpen portRouting table informationRoute forwardingARPDNS ServerSSH login informationSSH login IPiptables...
CodeCat : Tool To Help In Manual Analysis In CodeReview
CodeCat is a open source tool to help you in codereview, to find/track sinks and this points follow regex rules. How too install? Go to CodeCat directory, install backend and frontend libs: $ cd Front $ sudo python3 -m pip install -r requirements.txt $ cd .. $ cd Backend $ sudo python3 -m pip install -r requirements.txt Run backend and frontend… $ cd Codecat $ cd...
aSYNcrone : Multifunction SYN Flood DDoS Weapon
aSYNcrone is a C language based, malfunction SYN Flood DDoS Weapon. Disable the destination system by sending a SYN packet intensively to the destination. POWER!!! Also Read - CAPE : Malware Configuration And Payload Extraction USAGE git clone https://github.com/fatih4842/aSYNcrone.gitcd aSYNcronegcc aSYNcrone.c -o aSYNcrone -lpthread./aSYNcrone Specifications Internal random IP generatorUsing threads and faster prepare and sending SYN packetsDifferent...
BurpSuite : Secret Finder Extension To Discover APIkeys/Tokens From HTTP Response
BurpSuite is a Secret Finder Burp Suite extension to discover a apikey/tokens from HTTP response. Install >>Download SecretFinder wget https://raw.githubusercontent.com/m4ll0k/BurpSuite-Secret_Finder/master/SecretFinder.pyorgit clone https://github.com/m4ll0k/BurpSuite-Secret_Finder.git>>now open Burp > Extender > Extensions > Add > set python and select file (SecretFinder.py) Also Read - SubDomain3: A New Generation Tool For Discovering Subdomains Requirements jythonburpsuite Download
How To Enable The Undercover Mode In Kali Linux?
Last week, Kali Linux 2019.4 launched an Undercover Mode that can be used to make the Kali desktop look like Windows 10 quickly. As we know, Kali is a Linux distribution designed for ethical hacking and penetration testing and is widely used against an enterprise by investigators and red teams to conduct security checks. So if you're working in a...
Nessus Map : Parse Nessus File(s) & Shows Output In Interactive UI
Nessus Map parse .nessus file(s) and shows output in interactive User Interface. It just works by creating XML directory in Nessus_Map home directory and place all .nessus files under XML directory and start server. Nessus Map Requirements Python3Django Tested On Ubuntu 18.04 What it does? Vulnerability based parsingService based parsingHost bases parsingUnsupported OS parsingGenerate Executive Summary of scanExport parsed .nessus(s) to JSON file(s)Import JSON file...
Sooty : The SOC Analysts All-In-One CLI Tool To Automate & Speed Up Workflow
Sooty is a tool developed with the task of aiding SOC analysts with automating part of their workflow. One of the goals of Sooty is to perform as much of the routines checks as possible, allowing the analyst more time to spend on deeper analysis within the same time-frame. Sooty Can Currently Sanitise URL's to be safe...
