OSXCollector : A Forensic Evidence Collection & Analysis Toolkit For OS X
OSXCollector is a forensic evidence collection & analysis toolkit for OSX. The collection script runs on a potentially infected machine and outputs a JSON file that describes the target machine. OSXCollector gathers information from plists, SQLite databases and the local file system. Forensic Analysis Armed with the forensic collection, an analyst can answer the question like: Is this machine infected?How'd that malware...
Vulnado – Intentionally Vulnerable Java Application
Vulnado is a purposely vulnerable Java application to help lead secure coding workshops. Vulnado application and exercises will take you through some of the OWASP top 10 Vulnerabilities and how to prevent them. Up & Running Install Docker for MacOS or Windows. You'll need to create a Docker account if you don't already have one.git clone git://github.com/ScaleSec/vulnadocd vulnadodocker-compose upOpen a browser and...
Orbit : Blockchain Transactions Investigation Tool
Orbit is designed to explore network of a blockchain wallet by recursively crawling through transaction history. The data is rendered as a graph to reveal major sources, sinks and suspicious connections. Note: It only runs on Python 3.2 and above. Usage Let's start by crawling transaction history of a wallet python3 orbit.py -s 1AJbsFZ64EpEfS5UAjAfcUG8pH8Jn3rn1F Crawling multiple wallets is no different. python3 orbit.py -s...
Cloudcheck : Checks Using A Test String If A Cloudflare DNS Bypass Is Possible Using CloudFail
Cloudcheck is made to be used in the same folder as CloudFail. Make sure all files in this repo are in the same folder before using. Also create a empty text file called none.txt in the data folder, that way it doesn't do a subdomain brute when testing. Cloudcheck will automatically change your hosts file, using entries from CloudFail and test for...
Pyattck : A Python Module To Interact With The Mitre ATT&CK Framework
A Python Module to interact with the Mitre ATT&CK Framework. Pyattck has the following notable features in it's current release: Retrieve all Tactics, Techniques, Actors, Malware, Tools, and MitigationsAll techniques have suggested mitigations as a propertyFor each class you can access additional information about related data points:ActorTools used by the Actor or GroupMalware used by the Actor or GroupTechniques this Actor...
Evil WinRM : The Ultimate WinRM Shell For Hacking/Pentesting
Evil WinRM is the ultimate WinRM shell for hacking/pentesting. WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators. This program can be used on any Microsoft...
Airopy : Get Clients And Access Points
Airopy is a wireless packet capture to get clients and access points. With Alfa cards this script works correctly. Dependencies To run this script first install requirements as follows: sudo pip3 install requirements.txt How To Use In the examples I don't add 'sudo', but to execute them you need high privileges. To get help: python3 airopy.py -h To get APS: python3 airopy.py -i wlx00c0ca81fb80 --aps...
AMIRA: Automated Malware Incident Response & Analysis
AMIRA is a service for automatically running the analysis on the OSXCollector output files. The automated analysis is performed via OSXCollector Output Filters, in particular The One Filter to Rule Them All: the Analyze Filter. It takes care of retrieving the output files from an S3 bucket, running the Analyze Filter and then uploading the results of the analysis back to S3 (although one...
VulnWhisperer : Create Actionable Data From Your Vulnerability Scans
VulnWhisperer is a vulnerability management tool and report aggregator. VulnWhisperer will pull all the reports from the different Vulnerability scanners and create a file with a unique filename for each one, using that data later to sync with Jira and feed Logstash. Jira does a closed cycle full Sync with the data provided by the Scanners, while Logstash indexes...
Dockernymous : A Script Used To Create A Whonix Like Gateway/Workstation Environment With Docker Containers
Dockernymous is a script used to create a whonix like gateway/workstation environment with docker containers. It is a start script for Docker that runs and configures two individual Linux containers in order act as a anonymisation workstation-gateway set up. It's aimed towards experienced Linux/Docker users, security professionals and penetration testers! The gateway container acts as a Anonymizing Middlebox (seehttps://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy) and routes...
.webp "Awesome Web Security – The Ultimate Guide To Mastering Techniques, Tools, And Resources")
