Decker : Declarative Penetration Testing Orchestration Framework
Decker is a penetration testing orchestration framework. It leverages HashiCorp Configuration Language 2 (the same config language as Terraform) to allow declarative penetration testing as code, so your tests can be versioned, shared, reused, and collaborated on with your team or the community. Example of a decker config file: // variables are pulled from environment // ex: DECKER_TARGET_HOST //...
PFQ : Functional Network Framework for Multi-Core Architectures
PFQ is a functional framework designed for the Linux operating system built for efficient packets capture/transmission (10G, 40G and beyond), in-kernel functional processing, kernel-bypass and packets steering across groups of sockets/end-points. It is highly optimized for multi-core architecture, as well as for network devices equipped with multiple hardware queues. Compliant with any NIC, it provides a script that generates accelerated...
How to Install Ubuntu On Windows 10?
In this article will provide you with step by step instruction on installation of Ubuntu on the Windows 10 operating system. We assume that your machine comes pre-installed with Windows 10 OS or an older version of Microsoft Windows, such as Windows 8.1 or 8. Also Read : Kage – Graphical User Interface for Metasploit Meterpreter & Session Handler Installation First, we...
Hostintel : A Modular Python App to Collect Intelligence for Malicious Hosts
Hostintel is used to collect various intelligence sources for hosts. Hostintel is written in a modular fashion so new intelligence sources can be easily added. Hosts are identified by FQDN host name, Domain, or IP address. This tool only supports IPv4 at the moment. The output is in CSV format and sent to STDOUT so the data can be saved...
UserLAnd : Run a Linux Distribution or Application on Android
The assets that UserLAnd depends on and the scripts that build them are contained in other repositories. The common assets that are used for all distros and applications are found at CypherpunkArmory/UserLAnd-Assets-Support. The easiest way to run a Linux distribution or application on Android. Features: Run full linux distros or specific applications on top of Android. Install and uninstall like a...
IoT Home Guard : A Tool for Malicious Behavior Detection in IoT Devices
IoT Home Guard is a project to help people discover malware in smart home devices. For users the project can help to detect compromised smart home devices. For security researchers it is also useful in network analysis and malicious hehaviors detection. In July 2018 we had completed the first version. We will complete the second version by October 2018 with improvement...
Command Injection Payload List
Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a system shell. In this attack, the attacker-supplied operating system commands are usually executed with the privileges...
RootOS – macOS Root Helper
rootOS tries to use various CVEs to gain sudo or root access. All exploits have an end goal of adding ALL ALL=(ALL) NOPASSWD: ALL to /etc/sudoers allowing any user to run sudo commands. Also Read - Goca : Scanner Used To Find Metadata & Hidden Information Exploits CVE-2008-2830CVE-2015-3760CVE-2015-5889CVE-2017-13872AppleScript Dynamic PhishingSudo Piggyback Run python root.py Dynamic Phishing Download
Vuls : Vulnerability Scanner for Linux/FreeBSD, Agentless, Written in Go
Vuls is a vulnerability scanner for Linux/FreeBSD, agentless, written in golang. Also Read - Turbinia : Automation and Scaling of Digital Forensics Tools For a system administrator, having to perform security vulnerability analysis and software update on a daily basis can be a burden. To avoid downtime in production environment, it is common for system administrator to...
Kage – Graphical User Interface for Metasploit Meterpreter & Session Handler
Kage (ka-geh) is a tool inspired by AhMyth designed for Metasploit RPC Server to interact with meterpreter sessions and generate payloads.For now it only supports windows/meterpreter & android/meterpreter Prerequisites Metasploit-framework must be installed and in your PATH:MsfrpcdMsfvenomMsfdb Also Read - Legion : An Open Source, Easy-To-Use, Super-extensible & Semi-Automated Network Penetration Testing Tool Installing You can install Kage binaries from here. for developers to run the app from source...
