Cryptovenom : The Cryptography Swiss Army Knife
CryptoVenom is an OpenSource tool which contains a lot of cryptosystems and cryptoanalysis methods all in one, including classical algorithms, hash algorithms, encoding algorithms, logic gates, mathematical functions, modern symmetric and asymmetric encryptions etc. What is the Purpose of CryptoVenom? Make easier the cryptoanalysis or the usage of cryptosystems and manipulation of them. If you are a...
AutoSploit : Automated Mass Exploiter
As the name might suggest AutoSploit attempts to automate the exploitation of remote hosts. Targets can be collected automatically through Shodan, Censys or Zoomeye. But options to add your custom targets and host lists have been included as well. The available Metasploit modules have been selected to facilitate Remote Code Execution and to attempt...
ATTACKdatamap : A Datasource Assessment On An Event Level To Show Potential Coverage
ATTACKdatamap is a datasource assessment on an event level to show potential coverage of the "MITRE ATT&CK" framework. This tool is developed by me and has no affiliation with "MITRE" nor with its great "ATT&CK" team, it is developed with the intention to ease the mapping of data sources to assess one's potential coverate. Start This tool requires module ImportExcel, Install...
JSONBee : A Ready To Use JSONP Endpoints/Payloads To Help Bypass Content Security Policy Of Different Websites
A ready to use JSONP endpoints to help bypass content security policy of different websites. The tool was presented during HackIT 2018 in Kiev. The main idea behind this tool is to find the JSONP endpoint(s) that would help you bypass content security policy for your target website in an automated way. JSONBee takes an input of a url...
Arjun : HTTP Parameter Discovery Suite
Arjun is a web applications use parameters (or queries) to accept user input, take the following example into consideration. http://api.example.com/v1/userinfo?id=751634589 This URL seems to load user information for a specific user id, but what if there exists a parameter named admin which when set to True makes the endpoint provide more information about the user? This is what Arjun does, it finds...
HomePWN : Swiss Army Knife for Pentesting of IoT Devices
HomePwn is a framework that provides features to audit and pentesting devices that company employees can use in their day-to-day work and inside the same working environment. It is designed to find devices in the home or office, take advantage of certain vulnerabilities to read or send data to those devices. With a strong library of modules you can...
Femida : Automated blind-XSS Search For Burp Suite
Femida is automated blind-xss search plugin for Burp Suite. Installation Git clone https://github.com/wish-i-was/femida.git Burp -> Extender -> Add -> find and select blind-xss.py Also Read - IoT Implant : Toolkit For Implant Attack Of IoT Devices How to use? Settings First of all you need to setup your callback URL in field called "Your url" and press Enter to automatically save it inside config.py file. After you set...
Slither : Static Analyzer for Solidity
Slither is a Solidity static analysis framework written in Python 3. It runs a suite of vulnerability detectors, prints visual information about contract details, and provides an API to easily write custom analyses. It enables developers to find vulnerabilities, enhance their code comprehension, and quickly prototype custom analyses. Features Detects vulnerable Solidity code with low false positivesIdentifies where the error...
AutoMacTC : Automated Mac Forensic Triage Collector
AutoMacTC is a modular forensic triage collection framework designed to access various forensic artifacts on macOS, parse them, and present them in formats viable for analysis. The output may provide valuable insights for incident response in a macOS environment. Automactc can be run against a live system or dead disk (as a mounted volume.) Requirements Python 2.7 (Mac systems ship...
Password Lense: Reveal Character Types In A Password
Certain characters in passwords ('O' and '0', 'I' and 'l', etc.) can be hard to identify when you need to type them in (and copy-paste is unavailable). Password Lense is a small web application that provides a quick and secure way to get a more informative view of your password. Features Color codes each character in your password with a corresponding legend/keyHover-based tooltip...
