Tachyon : Fast Http Dead File Finder
Tachyon is a fast web application security reconnaissance tool. It is specifically meant to crawl web application and look for left over or non-indexed files with the addition of reporting pages or scripts leaking internal data. User Requirements Linux Python 3.5.2 User Installation Install $ mkdir tachyon $ python3 -m venv tachyon/ $ cd tachyon $ source bin/activate $ pip install tachyon3 $ tachyon...
Scout Suite : Multi-Cloud Security Auditing Tool
Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using the APIs exposed by cloud providers, Scout Suite gathers configuration data for manual inspection and highlights risk areas. Rather than going through dozens of pages on the web consoles, Scout Suite presents a clear view of the attack surface automatically. Scout Suite...
Mitaka : A Browser Extension For OSINT Search
Mitaka is a browser extension for OSINT search which can: Extract & refang IoC from a selected block of text.E.g. examplecom to example.com, testexample.com to test@example.com, hxxp://example.com to http://example.com, etc.Search / scan it on various engines.E.g. VirusTotal, urlscan.io, Censys, Shodan, etc. Features Supported IOC types namedesc.e.g.textFreetextany string(s)ipIPv4 address8.8.8.8domainDomain namegithub.comurlURLhttps://github.comemailEmail addresstest@test.comasnASNAS13335hashmd5 / sha1 / sha25644d88612fea8a8f36de82e1278abb02fcveCVE numberCVE-2018-11776btcBTC address1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNagaPubIDGoogle Adsense Publisher IDpub-9383614236930773gaTrackIDGoogle Analytics Tracker IDUA-67609351-1 Also Read - Act Platform : Open Platform For Collection &...
Kirjuri : Web Application For Managing Cases & Physical Forensic Evidence Items
Kirjuri is a simple php/mysql web application for managing physical forensic evidence items. It is intended to be used as a workflow tool from receiving, booking, note-taking and possibly reporting findings. It simplifies and helps in case management when dealing with a large (or small!) number of devices submitted for forensic analysis. Kirjuri requires PHP7. See the official Kirjuri home...
SysAnalyzer : Automated Malcode Analysis System
SysAnalyzer is an application that was designed to give malcode analysts an automated tool to quickly collect, compare, and report on the actions a binary took while running on the system. The main components of SysAnalyzer work off of comparing snapshots of the system over a user specified time interval. The reason a snapshot mechanism was used compared...
Pixload : Image Payload Creating/Injecting Tools
Pixload is a set of tools for creating/injecting payload into images. Useful references for better understanding of pixload and its use-cases: Bypassing CSP using polyglot JPEGsHacking group using Polyglot images to hide malvertising attacksEncoding Web Shells in PNG IDAT chunksAn XSS on Facebook via PNGs & Wonky Content TypesRevisiting XSS payloads in PNG IDAT chunks If you want to encode a...
Dolos Cloak : Automated 802.1x Bypass
Dolos Cloak is a python script designed to help network penetration testers and red teamers bypass 802.1x solutions by using an advanced man-in-the-middle attack. The tool is able to piggyback on the wired connection of a victim device that is already allowed on the target network without kicking the vicitim device off the network. It was designed to run...
Dr_Robot : Tool Used To Enumerate The Subdomains Associated With A Company
Dr_Robot is a tool for Domain Reconnaissance and Enumeration. By utilizing containers to reduce the overhead of dealing with dependencies, inconsistency across operating sytems, and different languages, Dr. ROBOT is built to be highly portable and configurable. Use Case: Gather as many public facing servers that a target organization possesses. Querying DNS resources enables us to quickly develop a large list...
FudgeC2 : A Collaborative C2 Framework For Purple-Teaming Written In Python3, Powershell & .NET
FudgeC2 is a campaign orientated Powershell C2 framework built on Python3/Flask - Designed for team collaboration, client interaction, campaign timelining, and usage visibility. Note: FudgeC2 is currently in alpha stage, and should be used with caution in non-test environments. Beta will be released later this year, at BlackHat Arsenal. Setup Installation To quickly install & run FudgeC2 on a Linux host run the following: git...
Aura Botnet : A Super Portable Botnet Framework With A Django-Based C2 Server
Aura Botnet is a super portable botnet framework with a Django-based C2 server. The client is written in C++, with alternate clients written in Rust, Bash, and Powershell. The botnet's C2 server utilizes the Django framework as the backend. It is far from the most efficient web server, but this is offset by the following: Django is extremely portable and therefore...
