Fireprox : AWS API Gateway Management Tool For Creating On The Fly HTTP
Being able to hide or continually rotate the source IP address when making web calls can be difficult or expensive. A number of tools have existed for some time but they were either limited with the number of IP addresses, were expensive, or required deployment of lots of VPS's. FireProx leverages the AWS API Gateway to create pass-through proxies...
DetectionLab : Vagrant & Packer Scripts To Build A Lab Environment
DetectionLab is tested weekly on Saturdays via a scheduled CircleCI workflow to ensure that builds are passing. This lab has been designed with defenders in mind. Its primary purpose is to allow the user to quickly build a Windows domain that comes pre-loaded with security tooling and some best practices when it comes to system logging...
Five Tips for Hiring a Developer to Create the Perfect App
You could attempt to design and implement a new app along with your existing team, but you’ll probably end up regretting your decision. Although some platforms make it easy to design an app, implementing and updating it can be a nightmare. Especially if you aren’t particularly tech savvy, or you have enough on your plate already. You can do yourself and your team a...
Evil-Winrm : The Ultimate WinRM Shell For Hacking/Pentesting
Evil-WinRM is the ultimate WinRM shell for hacking/pentesting. WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators. This program can be used on any Microsoft Windows...
RedPeanut : Small RAT Developed in .Net Core 2 & Its Agent in .Net 3.5 / 4.0
RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0. RedPeanut code execution is based on shellcode generated with DonutCS. It is therefore a hybrid, although developed in .Net it does not rely solely on the Assembly.Load. This increases the detection surface, but allows us to practice and experiment with various...
UFS : Ultimate Facebook Scraper
UFS is a bot which scrapes almost everything about a Facebook user's profile including all public posts/statuses available on the user's timeline, uploaded photos, tagged photos, videos, friends list and their profile photos (including Followers, Following, Work Friends, College Friends etc). Tooling that automates your social media interactions to collect posts, photos, videos, friends, followers and much more on Facebook. Also...
SCShell : Fileless Lateral Movement Tool That Relies On ChangeServiceConfigA To Run Command
SCShell is a fileless lateral movement tool that relies on ChangeServiceConfigA to run commands. The beauty of this tool is that it does not perform authentication against SMB. Everything is performed over DCERPC. The utility can be used remotely WITHOUT registering a service or creating a service. It also doesn't have to drop any file on the remote system* (Depend...
Custom Header : Automatic Add New Header To Entire BurpSuite HTTP Requests
Custom Header is a Burp Suite extension allows you to customize header with put a new header into HTTP REQUEST BurpSuite (Scanner, Intruder, Repeater, Proxy History) and also you can choose whatever HTTP VERB what do you want to customize. Usage Easy to use ! :)Don't forget to click save button ! Also Read - Vulnx : Intelligent Bot Auto Shell Injector...
DDoor : Cross Platform Backdoor Using DNS txt Records
DDoor is a cross platform backdoor using dns txt records. It is a cross platform light weight backdoor that uses txt records to execute commands on infected machines. Features Allows a single txt record to have seperate commands for both linux and windows machinesList of around 10 public DNS servers that it randomly chooses fromUnpredictable call back timesEncrypts txt record using...
WinPwn : Automation for Internal Windows Penetrationtest / AD-Security
WinPwn is a automation for internal Windows Penetrationtest / AD-Security. In many past internal penetration tests I often had problems with the existing Powershell Recon / Exploitation scripts due to missing proxy support. I often ran the same scripts one after the other to get information about the current system and/or the domain. To automate as many internal penetrationtest...
