Findomain : Fastest & Cross-Platform Subdomain Enumerator
Findomain is a fastest and cross-platform subdomain enumerator. It comparison gives you a idea why you should use findomain instead of another tools. The domain used for the test was microsoft.com in the following BlackArch virtual machine: Host: KVM/QEMU (Standard PC (i440FX + PIIX, 1996) pc-i440fx-3.1)Kernel: 5.2.6-arch1-1-ARCHCPU: Intel (Skylake, IBRS) (4) @ 2.904GHzMemory: 139MiB / 3943MiB The tool used to...
Goop : Google Search Scraper
Goop can perform google searches without being blocked by the CAPTCHA or hitting any rate limits. How it works? Facebook provides a debugger tool for its scraper. Interestingly, Google doesn't limit the requests made by this debugger (whitelisted?) and hence it can be used to scrap the google search results without being blocked by the CAPTCHA. Since facebook is involved, a facebook session Cookie must be...
ThreatHunting : A Splunk App Mapped To MITRE ATT&CK
ThreatHunting is a Splunk application containing several dashboards and over 120 reports that will facilitate initial hunting indicators to investigate. You obviously need to be ingesting Sysmon data into Splunk, a good configuration can be found here Note: This application is not a magic bullet, it will require tuning and real investigative work to be truly effective in your environment. Try to become...
HackerTarget : Tools And Network Intelligence To Help Organisations With Attack Surface Discovery
HackerTarget is tools and network intelligence to help organisations with attack surface discovery. Use open source tools and network intelligence to help organisations with attack surface discovery and identification of security vulnerabilities. Identification of an organisations vulnerabilities is an impossible task without tactical intelligence on the network footprint. By combining open source intelligence with the worlds best open...
Seccomp Tools : Provide Powerful Tools For Seccomp Analysis
Seccomp provide powerful tools for seccomp analysis. This project is targeted to (but not limited to) analyze seccomp sandbox in CTF pwn challenges. Some features might be CTF-specific, but still useful for analyzing seccomp in real-case. Features Dump - Automatically dumps seccomp-bpf from execution file(s).Disasm - Converts bpf to human readable format. Simple decompile.Display syscall names and arguments when possible.Colorful! Asm - Write...
AbsoluteZero : Python APT Backdoor
AbsoluteZero is a Python APT backdoor, optimised for Red Team Post Exploitation Tool, it can generate binary payload or pure python source. The final stub uses polymorphic encryption to give a first obfuscation layer to itself. Deployment AbsoluteZero is a complete software written in Python 2.7 and works both on Windows and Linux platforms, in order to make it working...
Osmedeus : Security Framework For Reconnaissance & Vulnerability Scanning
Osmedeus allows you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target. Installation git clone https://github.com/j3ssie/Osmedeus cd Osmedeus ./install.sh This install only focus on Kali linux, check more install on Wiki page How To Use If you have no idea what are you doing just type the command below or check out the Advanced Usage ./osmedeus.py -t example.com Features Subdomain...
WAES : Web Auto Enum & Scanner
WAES is nothing but Web Auto Enum & Scanner. Doing HTB or other CTFs enumeration against targets with HTTP(S) can become trivial. It can get tiresome to always run the same script/tests on every box eg. nmap, nikto, dirb and so on. A one-click on target with automatic reports coming solves the issue. Furthermore, with a script the enum...
BADministration : Tool Which Interfaces with Management or Administration Applications
BADministration is a tool which interfaces with management or administration applications from an offensive standpoint. It attempts to provide offsec personnel a tool with the ability to identify and leverage these non-technical vulnerabilities. As always: use for good, promote security, and fight application propagation. Sorry for using python2.7, I found a lot of the vendor APIs would only run on...
SQLMap : Automatic SQL Injection & Database Takeover Tool
SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the...