Psad : Intrusion Detection & Log Analysis with IPtables
The Port Scan Attack Detector psad is a lightweight system daemon written in is designed to work with Linux iptables/ip6tables/firewalld firewalling code to detect suspicious traffic such as port scans and sweeps, backdoors, botnet command and control communications, and more. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination,...
Flightsim : Utility to Generate Malicious Network Traffic & Evaluate Controls
Flightsim is a lightweight utility used to generate malicious network traffic and help security teams to evaluate security controls and network visibility. The tool performs tests to simulate DNS tunneling, DGA traffic, requests to known active C2 destinations, and other suspicious traffic patterns. Installation Download the latest flightsim binary for your OS from the GitHub Releases page. Alternatively, the utility can be...
Xori : An Automation-Ready Disassembly & Static Analysis Library
Xori is an automation-ready disassembly and static analysis library that consumes shellcode or PE binaries and provides triage analysis data. Architectures: i386x86-64 File Formats PE, PE+Plain shellcode Current Features Outputs json of the 1) Disassembly, 2) Functions, and 3) Imports.Manages Image and Stack memory.2 modes:Light Emulation - meant to enumerate all paths (Registers, Stack, Some Instructions).Full Emulation - only follows the code’s path (Slow...
LAPSToolkit : Tool to Audit & Attack LAPS Environments
LAPSToolkit functions written in PowerShell that leverage PowerView to audit and attack Active Directory environments that have deployed Microsoft's Local Administrator Password Solution (LAPS). It includes finding groups specifically delegated by sysadmins, finding users with "All Extended Rights" that can view passwords, and viewing all computers with LAPS enabled. Please submit issues or comments for any problems or performance improvements....
BoNeSi – The DDoS Botnet Simulator
BoNeSi, the DDoS Botnet Simulator is a Tool to simulate Botnet Traffic in a tested environment on the wire. It is designed to study the effect of DDoS attacks. What traffic can be generated? BoNeSi generates ICMP, UDP and TCP (HTTP) flooding attacks from a defined botnet size (different IP addresses). BoNeSi is highly configurable and rates, data volume, source IP addresses, URLs...
H2T : HTTP Hardening Tool Scans Website & Suggests Security Headers to Apply
H2T is a simple tool to help sysadmins to hardening their websites. Until now h2t checks the website headers and recommends how to make it better. Dependence Python 3coloramarequests Also Read - Androwarn : Static Code Analyzer for Malicious Android Applications Install $ git clone https://github.com/gildasio/h2t $ cd h2t $ pip install -r requirements.txt $ ./h2t.py -h Usage h2t has subcommands: list and scan.$ ./h2t.py -h usage:...
Got-Responded : Tool to Detect NBT-NS & LLMNR Spoofing
Got-Responded is a simple tool to detect NBT-NS and LLMNR spoofing and messing with them a bit. Pentesters, Redteamers and even real attackers love to use tools like Responder to spoof LLMNR and/or NBT-NS responses. There are some awesome other tools to help with detection, such as respounder. But I wanted to figure it out...
WPScan : WordPress Vulnerability Scanner Written for Security Professionals
WPScan is a free, for non-commercial use, black box WordPress vulnerability scanner written for security professionals and blog maintainers to test the security of their sites. Installation Prerequisites (Optional but highly recommended: RVM) Ruby >= 2.3 - Recommended: latest Ruby 2.5.0 to 2.5.3 can cause an 'undefined symbol: rmpd_util_str_to_d' error in some systems, see #1283 Curl >= 7.21 -...
Androguard : Reverse Engineering, Malware & Goodware Analysis of Android Applications
Androguard is a eeverse engineering, malware and goodware analysis of Android applications. It is a full python tool to play with Android files. DEX, ODEXAPKAndroid's binary xmlAndroid resourcesDisassemble DEX/ODEX bytecodesDecompiler for DEX/ODEX files Also Read - BLEAH – A BLE Scanner For SMART Devices Hacking Installation pip install -U androguard Projects using Androguard In alphabetical order AndroPyToolAppKnoxCuckoo SandboxDeckardDroidbotDroidstatxεxodusF-Droid ServergplaycliKoodousMobSFqiewViper Framework... and many more! Disclamier Unless required by applicable...
Androwarn : Static Code Analyzer for Malicious Android Applications
Androwarn is a tool whose main aim is to detect and warn the user about potential malicious behaviours developped by an Android application. The detection is performed with the static analysis of the application's Dalvik bytecode, represented as Smali, with the androguard library. This analysis leads to the generation of a report, according to a technical detail level chosen from the...
