Recaf : A Modern Java Bytecode Editor
Recaf is an easy to use modern Java bytecode editor based on Objectweb's ASM. No more hassling with the constant pool or stack-frames required. Also Read : IP Obfuscator – Simple Tool to Social Engineer and Bypass Firewall Requirements You can run Recaf with Java 8 or higher (Its recommended that you use the lastest jdk8 release from jdk.java.net). Using...
LOLBAS – Living Off The Land Binaries And Scripts
LOLBAS is the living off the land binaries and scripts. All the different files can be found behind a fancy frontend here: https://lolbas-project.github.io. This repo serves as a place where we maintain the YML files that are used by the fancy frontend. The goal of the LOLBAS project is to document every binary, script, and library that can...
Bolt : Cross-Site Request Forgery Scanner
Bolt is in beta phase of development which means there can be bugs. Any production use of this tool discouraged. Pull requests and issues are welcome. Also Read : PRETty : “PRinter Exploitation Toolkit” LAN Automation Tool Workflow Crawling Bolt crawls the target website to the specified depth and stores all the HTML forms found in a database for further processing. Evaluating In this phase,...
IP Obfuscator – Simple Tool to Social Engineer and Bypass Firewall
IP Obfuscator is a simple python script which converts an IP address into different obfuscated forms like integer, hexadecimal or into an octal form. What is Obfuscation? Obfuscation is a technique used by attackers to mask the malicious scripts between the legitimate source to bypass the detection engines, which makes it harder to analyze. An example to make this simpler:A normal IP address "172.217.24.174" can...
Exrex : Irregular Methods On Regular Expressions
Exrex is a command line tool and python module that generates all - or random - matching strings to a given regular expression and more. It's pure python, without external dependencies. There are regular expressions with infinite matching strings (eg.: +), in these cases it limits the maximum length of the infinite parts. It uses generators, so the memory usage does not...
PRETty : “PRinter Exploitation Toolkit” LAN Automation Tool
PRETty is useful when a large number of printers are present on a network. Instead of scanning, logging, and manually running PRET against each individual printer, it will automatically discover and run chosen PRET payloads against all printers on the target network. Additionally, it can be used to automate command/payload delivery to any given list of printers. Also Read : Kube-Hunter:Hunt...
Adapt : A Tool To Performs Automated Penetration Testing for WebApps
ADAPT is a tool that performs Automated Dynamic Application Penetration Testing for web applications. It is designed to increase accuracy, speed, and confidence in penetration testing efforts. ADAPT automatically tests for multiple industry standard OWASP Top 10 vulnerabilities, and outputs categorized findings based on these potential vulnerabilities. ADAPT also uses the functionality from OWASP ZAP to perform automated...
IdentYWAF : Blind WAF Identification Tool
identYwaf is an identification tool that can recognise web protection type (i.e. WAF) based on blind inference. Blind inference is being done by inspecting responses provoked by a set of predefined offensive (non-destructive) payloads, where those are used only to trigger the web protection system in between (e.g. http://<host>?aeD0oowi=1 AND 2>1). Currently it supports more than 70 different protection products (e.g. aeSecure, Airlock, CleanTalk, CrawlProtect, Imunify360, MalCare, ModSecurity, Palo Alto, SiteGuard, UrlScan, Wallarm, WatchGuard, Wordfence,...
Scanner CLI : A Project Security/Vulnerability/Risk Scanning Tool
The Hawkeye Scanner CLI is a project security, vulnerability and general risk highlighting tool. It is meant to be integrated into your pre-commit hooks and your pipelines. Running & Configuring the Scanner The Hawkeye scanner-cli assumes that your directory structure is such that it keeps the toolchain's files on top level. Roughly, this is what it boils down to: Node.js projects have...
Sh00t : A Testing Environment for Manual Security Testers
Sh00t is a testing environment for manual security testers. Security Testing is not as simple as right click > Scan. It's messy, a tough game. What if you had missed to test just that one thing and had to regret later? Sh00t is a highly customizable, intelligent platform that understands the life of bug hunters and emphasises on manual...
.png "PurplePanda : Identify Privilege Escalation Paths Within And Across Different Clouds")
