CRS – OWASP ModSecurity Core Rule Set
The OWASP ModSecurity Core Rule Set or CRS is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. It aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts. Also ReadXSS Fuzzer : Tool Which Generates XSS Payloads Based On User-Defined Vectors...
Hayat – Google Cloud Platform & Auditing & Hardening Script
Hayat tool used for Google Cloud Platform Auditing & Hardening Script. What does that mean Hayat? Well, I had a hard time finding a unique name, honestly. "Hayat" is a Turkish word which means "Life" in English and also my niece's name. Are you ready to meet her? Hayat is a auditing & hardening script for Google Cloud Platform services such as: ...
Secret Keeper : Python Script To Encrypt & Decrypt Files With A Given Key
Secret Keeper is a file encryptor written in python which encrypt your files using Advanced Encryption Standard (AES). CBC Mode is used when creating the AES cipher wherein each block is chained to the previous block in the stream. Also ReadXSS Fuzzer : Tool Which Generates XSS Payloads Based On User-Defined Vectors & Fuzzing Lists Secret Keeper Features Secret Keeper has...
Lightbulb Framework : Tools For Auditing WAFS
LightBulb Framework is an open source python framework for auditing web application firewalls and filters. LightBulb Framework Synopsis The framework consists of two main algorithms: GOFA: An active learning algorithm that infers symbolic representations of automate in the standard membership/equivalence query model. Active learning algorithms permits the analysis of filter and sanitizer programs remotely, i.e. given only the ability to query the targeted program...
PENTOL – Pentester Toolkit for Fiddler2 2018
PENTOL is a pentester Toolkit is built as a plugin for the Fiddler HTTP debugging proxy. Pentol Features CORS DETECTED Cross-Origin Resource Sharing CRLF DETECTED HTTP response splitting JSON DETECTED CSP DETECTED Headers DETECTED (X-Frame-Options) Also ReadKamerka – Build Interactive Map Of Cameras From Shodan USAGE Install Fiddler2 Open Fiddler2 Press Key CTRL + R or Rules > Customize Rules... Copy all...
theHarvester – Tool To Gather Email Address, Sub Domain and Hosts
“theHarvester Tool” is a simple and effective tool to gather the Email Address, Employee Names, Hostnames, Sub Domains, IP addresses, and Virtual Hosts, from different public sources (eg: Google, LinkedIn) How do we do it? - theHarvester git clone https://github.com/laramies/theHarvester.git Open the directory where the files are cloned to: Also read Mcreator – Encoded Reverse Shell Generator With Techniques To Bypass AV’s Run the...
Triton – Dynamic Binary Analysis (DBA) Framework
Triton is a Dynamic Binary Analysis (DBA) framework. It provides internal components like a Dynamic Symbolic Execution (DSE) engine, a Taint Engine, AST representations of the x86 and the x86-64 instructions set semantics, SMT simplification passes, an SMT Solver Interface and, the last but not least, Python bindings. Based on these components, you are able to build program analysis tools,...
GTRS – Google Translator Reverse Shell 2018
GTRS tools uses Google Translator as a proxy to send arbitrary commands to an infected machine. ==HTTPS==> ==HTTP==> GTRS Environment Configuration First you need a VPS and a domain GTRS Server Start the server.py on your VPS python2.7 server.py Server running on port: 80 Secret Key: e294a11e-bb6f-49ed-b03a-9ec42be55062 It will provide you secret key which will be used on the client. Also ReadMcreator – Encoded Reverse Shell Generator...
PyCPU – Central Processing Unit Information Gathering Tool
PyCPU tool you can access detailed information of your processor information. You can also check the security vulnerability based on the current processor information of the processor you have used. PyCPU RUN root@ismailtasdelen:~# git clone https://github.com/ismailtasdelen/PyCPU.git root@ismailtasdelen:~# cd PyCPU root@ismailtasdelen:~/PyCPU# python PyCPU.py Also ReadMiasm – Reverse Engineering Framework In Python What's on the tool menu ? CPU All Information Gathering Default Information Gathering CPU Vulnerability...
XSS Fuzzer : Tool Which Generates XSS Payloads Based On User-Defined Vectors & Fuzzing Lists
XSS Fuzzer is a simple application written in plain HTML/JavaScript/CSS which generates XSS payloads based on user-defined vectors using multiple placeholders which are replaced with fuzzing lists. It offers the possibility to just generate the payloads as plain-text or to execute them inside an iframe. Inside iframes, it is possible to send GET or POST requests from the browser to...
