ProcDump : A Linux Version of the ProcDump Sysinternals Tool
It is a Linux re-imagining of the classic ProcDump tool from the Sysinternals suite of tools for Windows. It provides a convenient way for Linux developers to create core dumps of their application based on performance triggers. Also Read : LOLBAS – Living Off The Land Binaries And Scripts Installation & Usage Requirements Minimum OS: Red Hat Enterprise Linux / CentOS 7Fedora 26Mageia 6Ubuntu...
Recaf : A Modern Java Bytecode Editor
Recaf is an easy to use modern Java bytecode editor based on Objectweb's ASM. No more hassling with the constant pool or stack-frames required. Also Read : IP Obfuscator – Simple Tool to Social Engineer and Bypass Firewall Requirements You can run Recaf with Java 8 or higher (Its recommended that you use the lastest jdk8 release from jdk.java.net). Using...
LOLBAS – Living Off The Land Binaries And Scripts
LOLBAS is the living off the land binaries and scripts. All the different files can be found behind a fancy frontend here: https://lolbas-project.github.io. This repo serves as a place where we maintain the YML files that are used by the fancy frontend. The goal of the LOLBAS project is to document every binary, script, and library that can...
Bolt : Cross-Site Request Forgery Scanner
Bolt is in beta phase of development which means there can be bugs. Any production use of this tool discouraged. Pull requests and issues are welcome. Also Read : PRETty : “PRinter Exploitation Toolkit” LAN Automation Tool Workflow Crawling Bolt crawls the target website to the specified depth and stores all the HTML forms found in a database for further processing. Evaluating In this phase,...
IP Obfuscator – Simple Tool to Social Engineer and Bypass Firewall
IP Obfuscator is a simple python script which converts an IP address into different obfuscated forms like integer, hexadecimal or into an octal form. What is Obfuscation? Obfuscation is a technique used by attackers to mask the malicious scripts between the legitimate source to bypass the detection engines, which makes it harder to analyze. An example to make this simpler:A normal IP address "172.217.24.174" can...
Exrex : Irregular Methods On Regular Expressions
Exrex is a command line tool and python module that generates all - or random - matching strings to a given regular expression and more. It's pure python, without external dependencies. There are regular expressions with infinite matching strings (eg.: +), in these cases it limits the maximum length of the infinite parts. It uses generators, so the memory usage does not...
PRETty : “PRinter Exploitation Toolkit” LAN Automation Tool
PRETty is useful when a large number of printers are present on a network. Instead of scanning, logging, and manually running PRET against each individual printer, it will automatically discover and run chosen PRET payloads against all printers on the target network. Additionally, it can be used to automate command/payload delivery to any given list of printers. Also Read : Kube-Hunter:Hunt...
Adapt : A Tool To Performs Automated Penetration Testing for WebApps
ADAPT is a tool that performs Automated Dynamic Application Penetration Testing for web applications. It is designed to increase accuracy, speed, and confidence in penetration testing efforts. ADAPT automatically tests for multiple industry standard OWASP Top 10 vulnerabilities, and outputs categorized findings based on these potential vulnerabilities. ADAPT also uses the functionality from OWASP ZAP to perform automated...
IdentYWAF : Blind WAF Identification Tool
identYwaf is an identification tool that can recognise web protection type (i.e. WAF) based on blind inference. Blind inference is being done by inspecting responses provoked by a set of predefined offensive (non-destructive) payloads, where those are used only to trigger the web protection system in between (e.g. http://<host>?aeD0oowi=1 AND 2>1). Currently it supports more than 70 different protection products (e.g. aeSecure, Airlock, CleanTalk, CrawlProtect, Imunify360, MalCare, ModSecurity, Palo Alto, SiteGuard, UrlScan, Wallarm, WatchGuard, Wordfence,...
Scanner CLI : A Project Security/Vulnerability/Risk Scanning Tool
The Hawkeye Scanner CLI is a project security, vulnerability and general risk highlighting tool. It is meant to be integrated into your pre-commit hooks and your pipelines. Running & Configuring the Scanner The Hawkeye scanner-cli assumes that your directory structure is such that it keeps the toolchain's files on top level. Roughly, this is what it boils down to: Node.js projects have...
