.webp "How To Install/Run – Streamlining OSINT Workflows For Enhanced Capabilities")
Pentest Machine – Automates Some Pentest Jobs Via Nmap xml File
Pentest Machine automates some pentesting work via an nmap XML file. As soon as each command finishes it writes its output to the terminal and the files in output-by-service/ and output-by-host/. Runs fast-returning commands first. Please send me protocols/commands/options that you would like to see included. HTTP whatweb WPScan (only if whatweb returns a WordPress result) EyeWitness with active...
XXRF Shots – Useful For Testing SSRF Vulnerability
XXRF Shots is useful for testing SSRF vulnerability. Server Side Request Forgery or SSRF is a type of vulnerability class where attacker sends crafted request from a vulnerable web application, including the unauthorised access to the internal resources behind the firewall which are inaccessible directly from the external network. XXRF Shots Installation git clone https://github.com/ariya/phantomjs.gitcd phantomjs chmod +x build.py ./build.py Also ReadClrinject – Injects...
EKFiddle – A framework Based On The Fiddler Web Debugger To Study Exploit Kits, Malvertising & Malicious Traffic In General
EKFiddle is a framework based on the Fiddler web debugger to study Exploit Kits, malvertising and malicious traffic in general. Enable C# scripting (Windows only) Launch Fiddler, and go to Tools -> Options In the Scripting tab, change the default (JScript.NET) to C#. Change default text editor (optional) In the same Tools -> Options menu, click on the Tools tab. Windows: notepad.exe or notepad++.exe ...
DigiDuck – Framework for Digiduck Development Boards Running ATTiny85 Processors & Micronucleus Bootloader
Framework for Digiduck Development Boards running ATTiny85 processors and micronucleus bootloader! DigiDuck Installation DigiDuck Framework (Referred to as DDF) is really simple to start and setup! There are no third party modules required for DDF! All you need to do is make sure you have Python 3.6+ (I used this to develop it but it should be backwards compatible *hopefully*). Clone...
Clrinject – Injects C# EXE or DLL Assembly Into every CLR Runtime and AppDomain Of Another Process
Clrinject injects C# EXE or DLL Assembly into any CLR runtime and AppDomain of another process. The injected assembly can then access static instances of the injectee process's classes and therefore affect it's internal state. Also ReadDocker Tor Hidden Service Nginx – Easily Setup A Hidden Service Inside The Tor Network Clrinject Usage clrinject-cli.exe -p <processId/processName> -a <assemblyFile> Opens process with id <processId>...
Sandsifter – The x86 Processor Fuzzer For Hidden Instructions & Hardware Bugs
The sandsifter audits x86 processors for hidden instructions and hardware bugs, by systematically generating machine code to search through a processor's instruction set, and monitoring execution for anomalies. Sandsifter has uncovered secret processor instructions from every major vendor; ubiquitous software bugs in disassemblers, assemblers, and emulators; flaws in enterprise hypervisors; and both benign and security-critical hardware bugs in x86...
Docker Tor Hidden Service Nginx – Easily Setup A Hidden Service Inside The Tor Network
Docker tor hidden service nginx is a tool to easily setup a hidden service inside the Tor network. Generate the skeleton configuration for you hidden service, replace for your hidden service pattern name. Example, if you want to your hidden service contain the word 'boss', just use this word as argument. You can use regular expressions, like ^boss, will generate...
Dnsdiag – DNS Diagnostics and Performance Measurement Tools
Dnsdiag is a DNS Diagnostics and Performance Measurement Tools. Ever been wondering if your ISP is hijacking your DNS traffic? Ever observed any misbehavior with your DNS responses? Ever been redirected to wrong address and suspected something is wrong with your DNS? Here we have a set of tools to perform basic audits on your DNS requests and responses...
TakeOver : Takeover Script Extracts CNAME Record Of All Subdomains At Once
Subdomain takeover is a class of vulnerability where subdomain points to an external service that has been deleted. The external services are Github, Heroku, Gitlab, Tumblr and so on. Let’s assume we have a subdomain sub.example.com that points to an external service such as GitHub. If the Github page is removed by its owner and forgot to remove the...
Atlas – Quick SQLMap Tamper Suggester
Atlas is an open source tool that can suggest sqlmap tampers to bypass WAF/IDS/IPS, the tool is based on returned status code. Atlas Installation $ git clone https://github.com/m4ll0k/Atlas.git atlas $ cd atlas $ python atlas.py Also ReadDex2jar – Tools To Work With Android .dex & Java .class Files Usage $ python atlas.py --url http://site.com/index.php?id=Price_ASC --payload="-1234 AND 4321=4321-- AAAA" --dbms=mysql --random-agent -v ScreenShot Example Run SQLMap: $ python sqlmap.py -u...
