Pockint : A Portable OSINT Swiss Army Knife for DFIR/OSINT Professionals
POCKINT (a.k.a. Pocket Intelligence) is the OSINT swiss army knife for DFIR/OSINT professionals. Designed to be a lightweight and portable GUI program (to be carried within USBs or investigation VMs), it provides users with essential OSINT capabilities in a compact form factor: POCKINT's input box accepts typical indicators (URL, IP, MD5) and gives users...
XORpass : Encoder To Bypass WAF Filters Using XOR Operations
XORpass is an encoder to bypass WAF filters using XOR operations. Installation & Usage git clone https://github.com/devploit/XORpass cd XORpass $ php encode.php STRING $ php decode.php "XORed STRING" Example of bypass Using clear PHP function: Also Read - JSONBee : A Ready To Use JSONP Endpoints/Payloads To Help Bypass Content Security Policy Of Different Websites Using XOR bypass of that function: $ php encode.php system...
CloudUnflare : Reconnaissance Real IP Address for Cloudflare Bypass
CloudUnflare is a tool used to reconnaissance Real IP address for Cloudflare Bypass. Preparation: 1. CompleteDNS API Create an account at completedns.com and verify first.Input your email and password on CompleteDNS_Login variable in cloudunflare.bash. 2. Dependencies Needed curldigwhois Also Read - JSONBee : A Ready To Use JSONP Endpoints/Payloads To Help Bypass Content Security Policy Of Different Websites Debian Based apt-get install curl dnsutils whois -y Installation: Clone...
Cryptovenom : The Cryptography Swiss Army Knife
CryptoVenom is an OpenSource tool which contains a lot of cryptosystems and cryptoanalysis methods all in one, including classical algorithms, hash algorithms, encoding algorithms, logic gates, mathematical functions, modern symmetric and asymmetric encryptions etc. What is the Purpose of CryptoVenom? Make easier the cryptoanalysis or the usage of cryptosystems and manipulation of them. If you are a...
AutoSploit : Automated Mass Exploiter
As the name might suggest AutoSploit attempts to automate the exploitation of remote hosts. Targets can be collected automatically through Shodan, Censys or Zoomeye. But options to add your custom targets and host lists have been included as well. The available Metasploit modules have been selected to facilitate Remote Code Execution and to attempt...
ATTACKdatamap : A Datasource Assessment On An Event Level To Show Potential Coverage
ATTACKdatamap is a datasource assessment on an event level to show potential coverage of the "MITRE ATT&CK" framework. This tool is developed by me and has no affiliation with "MITRE" nor with its great "ATT&CK" team, it is developed with the intention to ease the mapping of data sources to assess one's potential coverate. Start This tool requires module ImportExcel, Install...
JSONBee : A Ready To Use JSONP Endpoints/Payloads To Help Bypass Content Security Policy Of Different Websites
A ready to use JSONP endpoints to help bypass content security policy of different websites. The tool was presented during HackIT 2018 in Kiev. The main idea behind this tool is to find the JSONP endpoint(s) that would help you bypass content security policy for your target website in an automated way. JSONBee takes an input of a url...
Arjun : HTTP Parameter Discovery Suite
Arjun is a web applications use parameters (or queries) to accept user input, take the following example into consideration. http://api.example.com/v1/userinfo?id=751634589 This URL seems to load user information for a specific user id, but what if there exists a parameter named admin which when set to True makes the endpoint provide more information about the user? This is what Arjun does, it finds...
HomePWN : Swiss Army Knife for Pentesting of IoT Devices
HomePwn is a framework that provides features to audit and pentesting devices that company employees can use in their day-to-day work and inside the same working environment. It is designed to find devices in the home or office, take advantage of certain vulnerabilities to read or send data to those devices. With a strong library of modules you can...
Femida : Automated blind-XSS Search For Burp Suite
Femida is automated blind-xss search plugin for Burp Suite. Installation Git clone https://github.com/wish-i-was/femida.git Burp -> Extender -> Add -> find and select blind-xss.py Also Read - IoT Implant : Toolkit For Implant Attack Of IoT Devices How to use? Settings First of all you need to setup your callback URL in field called "Your url" and press Enter to automatically save it inside config.py file. After you set...
