Penta : Open Source All-In-One CLI Tool To Automate Pentesting
Penta is is Pentest automation tool using Python3. It provides advanced features such as metasploit and nexpose to extract vuln info found on specific servers. Installation Install requirements penta requires the following packages. Python3.7pipenv Resolve python package dependency. $ pipenv install If you dislike pipenv... $ pip install -r requirements.txt Also Read - ThreadBoat : Program Uses Thread Execution Hijacking to Inject Native Shellcode...
Tarnish : A Chrome Extension Static Analysis Tool
Tarnish is a static-analysis tool to aid researchers in security reviews of Chrome extensions. It automates much of the regular grunt work and helps you quickly identify potential security vulnerabilities. This tool accompanies the research blog post which can be found here. If you don't want to go through the trouble of setting this up you can just use...
B2R2 : A Collection of Algorithms, Functions And Tools For Binary Analysis
B2R2 is a collection of useful algorithms, functions, and tools for binary analysis written purely in F# (in .NET lingo, it is purely managed code). It has been named after R2-D2, a famous fictional robot appeared in the Star Wars. In fact, B2R2's original name was B2-R2, but we decided to use the name B2R2 instead, because .NET does not allow dash (-)...
Userrecon-py : Username Recognition On Various Websites
Userrecon-py is used for Username recognition on various websites. is used for Username recognition on various websites. Installation With pip3 # Linuxsudo -H pip3 install git+https://github.com/decoxviii/userrecon-py.git --upgradeuserrecon-py --help Build from source # Linuxgit clone https://github.com/decoxviii/userrecon-py.git ; cd userrecon-py sudo -H pip3 install -r requirements.txt python3 setup.py build sudo python3 setup.py install Also Read - Lockdoor Framework : A Penetration Testing Framework with Cyber Security...
DNS Rebinding Tool : DNS Rebind Tool With Custom Scripts
This project is meant to be an All-in-one Toolkit to test further DNS rebinding attacks and my take on understanding these kind of attacks. It consists of a web server and pseudo DNS server that only responds to A queries. The root index of the web server allowes to configure and run the attack with a rudimentary web gui. See dnsrebindtool.43z.one. A basic nginx...
Fenrir : Simple Bash IOC Scanner
Fenrir is a simple IOC scanner bash script. It allows scanning Linux/Unix/OSX systems for the following Indicators of Compromise (IOCs): HashesMD5, SHA1 and SHA256 (using md5sum, sha1sum, sha -a 256)File Namesstring - checked for substring of the full path, e.g. "temp/p.exe" in "/var/temp/p.exe"Stringsgrep in filesC2 Serverchecking for C2 server strings in 'lsof -i' and 'lsof -i -n' outputHot Time Frameusing...
Manati : A Web-Based Tool To Assist The Work Of The Intuitive Threat Analysts
The goal of the ManaTI project is to develop machine learning techniques to assist an intuitive threat analyst to speed the discovery of new security problems. The machine learning will contribute to the analysis by finding new relationships and inferences. The project will include the development of a web interface for the analyst to interact with the data and...
ThreadBoat : Program Uses Thread Execution Hijacking to Inject Native Shellcode into a Standard Win32 Application
ThreadBoat program uses Thread Hijacking to Inject Native Shellcode into a Standard Win32 Application. I developed this small project to continue my experiences of different code injection methods. With Thread Hijacking, it allows the hijacker.exe program to susepend a thread within the target.exe program allowing us to write shellcode to a thread. ThreadBoat Usage int main() {System sys;Interceptor incp;Exception exp;sys.returnVersionState();if (sys.returnPrivilegeEscalationState()){std::cout...
SQLMap : Automatic SQL Injection & Database Takeover Tool
SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the...
GiveMeSecrets : Use Regular Expressions To Get Sensitive Information
GiveMeSecrets use regular expressions to get sensitive information from a given repository (GitHub, pip or npm). You only need to have python 3.6 or higher installed to launch this script. In addition you must have installed in the system git, pip and npm. How to use? It's very easy to use, just run the script and pass the option...
