DumpTheGit : Public Repositories to Find Sensitive Information Uploaded to the Github Repositories
DumpTheGit searches through public repositories to find sensitive information uploaded to the Github repositories. The tool will flag the matches for potentially sensitive files like credentials, secret keys, tokens etc which have been accidentally uploaded by the developers. DumpTheGit just require your Github Access Token to fetch the information. Also Read - Kerbrute : A Tool to Perform Kerberos Pre-Auth Bruteforcing Installation Download the DumpTheGit...
PeekABoo : Penetration Testing To Enable Remote Desktop On The Targeted Machine
PeekABoo tool can be used during internal penetration testing when a user needs to enable Remote Desktop on the targeted machine. It uses PowerShell remoting to perform this task. The tool only works if WinRM is enabled. Since Windows Server 2012 WinRM is enabled by default on all Windows server operating systems, but not on client operating systems. Note: Remote desktop...
Vulmap :Online Local Vulnerability Scanners Project
Vulmap is an open source online local vulnerability scanner project. It consists of online local vulnerability scanning programs for Windows and Linux operating systems. These scripts can be used for defensive and offensive purposes. It is possible to make vulnerability assessments using these scripts. Also they can be used for privilege escalation by pentesters/red teamers. It can be used to, scan...
AutoSource : Automated Source Code SonarQube
AutoSource is an automated source code review framework integrated with SonarQube which is capable of performing static code analysis/reviews. It can be used for effectively finding the vulnerabilities at very early stage of the SDLC(Software Development Life Cycle). The user can scan the code by just giving GIT repository link into the framework. AutoSource framework is capable of performing source...
Kerbrute : A Tool to Perform Kerberos Pre-Auth Bruteforcing
Kerbrute is a tool to quickly bruteforce and enumerate valid Active Directory accounts through Kerberos Pre-Authentication. Find the latest binaries from the releases page to get started. This tool grew out of some bash scripts I wrote a few years ago to perform bruteforcing using the Heimdal Kerberos client from Linux. They wanted something that didn't require privileges to...
Joy : To Capture & Analyse Network Flow Data & Intraflow Data
Joy is a package for capturing and analysing network flow data and intraflow data, for network research, forensics, and security monitoring. Joy is a BSD-licensed libpcap-based software package for extracting data features from live network traffic or packet capture (pcap) files, using a flow-oriented model similar to...
Important Reasons Why Hiding Your IP Address is a Good Idea
The internet can be a goldmine of information, but if you’re not careful enough, it can also be the reason why you’ll experience identity theft and security breaches. Aside from being careful about your online activities, hiding your IP address can be a good idea to maintain your safety and security online. The Internet Protocol address or IP address is a numerical label...
Kostebek : Tool To Discover Firms Domains
The Kostebek is a reconnaissance tool which uses firms' trademark information to discover their domains. Installation Tested on Kali Linux 2018.2, Ubuntu 16.04 sudo apt-get -y install python3-pippip3 install -r requirements.txt Download latest version of Chromedriver and configure your driver-path #sudo apt-get install unzip #sudo unzip /tmp/chromedriver.zip chromedriver -d /usr/local/bin/ Download latest version of Chrome https://www.google.com/chrome/browser/desktop/ #dpkg -i google-chrome-stable_current_amd64.deb...
Termshark : A Terminal UI For Tshark
Termshark is a terminal user-interface for tshark, inspired by Wireshark. If you're debugging on a remote machine with a large pcap and no desire to scp it back to your desktop, it can help! Features Read pcap files or sniff live interfaces (where tshark is permitted). Inspect each packet using familiar Wireshark-inspired views Filter pcaps or live captures using Wireshark's display filters...
Bashter : Web Crawler, Scanner & Analyser Framework
Bashter is a Shell-Script based Web Crawler, Scanner, and Analyser Framework. Bashter is a tool for scanning a Web-based Application. Bashter is very suitable for doing Bug Bounty or Penetration Testing. It is designed like a framework so you can easily add a script for detect vulnerability. For Example To be more powerful, You can add something script (custom) like this: modules/form/yourscript.bash {WEB-URL}...
