MCExtractor – Intel, AMD, VIA & Freescale Microcode Extraction Tool
MCExtractor is a tool which parses Intel, AMD, VIA and Freescale processor microcode binaries. It can be used by end-users who are looking for all relevant microcode information such as CPUID, Platform, Version, Date, Release, Size, Checksum etc. It is capable of converting Intel microcode containers (dat, inc, h, txt) to binary images for BIOS integration, detecting new/unknown microcodes, checking...
Trape – People Tracker On The Internet
Trape is a OSINT analysis and research tool, which allows people to track and execute intelligent social engineering attacks in real time. It was created with the aim of teaching the world how large Internet companies could obtain confidential information such as the status of sessions of their websites or services and control over their users through the browser, without...
Skiptracer – OSINT Python Webscaping Framework
Initial attack vectors for recon usually involve utilizing pay-for-data/API (Recon-NG), or paying to utilize transforms (Maltego) to get data mining results. Skiptracer utilizes some basic python webscraping (BeautifulSoup) of PII paywall sites to compile passive information on a target on a ramen noodle budget. Also ReadHassh : Tool Used To Identify Specific Client & Server SSH Implementations Skiptracer Installation $ git clone...
Janusec – Golang Based Application Security Solution Which Provides WAF
Janusec Application Gateway, an application security solutions which provides WAF (Web Application Firewall), unified web administration portal, private key protection, web routing and scalable load balancing. With Janusec, you can build secure and scalable applications. Also ReadPastego – Scrape/Parse Pastebin Using GO & Expression Grammar Janusec Key Features WAF (Web Application Firewall), block SQL Injection, Cross-site Scripting, Sensitive Data Leakage, CC...
Sheepl – Creating Realistic User Behaviour For Supporting Tradecraft Development Within Lab Environments
Sheepl is a tool for creating realistic user behaviour for supporting tradecraft development within lab environments. There are lots of resources available online relating to how you can build AD network environments for the development of blue team and red team tradecraft. However the current solutions tend to lack one important aspect in representing real world network configurations. A network...
ZIP File Raider – Burp Extension for ZIP File Payload Testing
ZIP File Raider is a Burp Suite extension for attacking web application with ZIP file upload functionality. You can easily inject Burp Scanner/Repeater payloads in ZIP content of the HTTP requests which is not feasible by default. This extension helps to automate the extraction and compression steps. ZIP File Raider Installation Set up Jython standalone Jar in Extender > Options...
NodeJsScan – Static Security Code Scanner For Node.js Applications
NodeJsScan is a static security code scanner (SAST) for Node.js applications. Configure & Run Install Postgres and configure SQLALCHEMY_DATABASE_URI in core/settings.py pip3 install -r requirements.txt python3 migrate.py # Run once to create database entries required python3 app.py # Testing Environment gunicorn -b 0.0.0.0:9090 app:app --workers 3 --timeout 10000 # Production Environment This will run it on http://0.0.0.0:9090 If you need to debug, set DEBUG = True in...
Vba2Graph – Generate Call Graphs From VBA Code For Easier Analysis Of Malicious Documents
Vba2Graph is a tool for security researchers, who waste their time analyzing malicious Office macros. Generates a VBA call graph, with potential malicious keywords highlighted. Allows for quick analysis of malicous macros, and easy understanding of the execution flow. Vba2Graph Features Keyword highlighting VBA Properties support External function declarion support Tricky macros with "_Change" execution triggers Fancy color schemes! Pros Pretty fast ...
Ache – Web Crawler For Domain-Specific Search
ACHE is a focused web crawler. It collects web pages that satisfy some specific criteria, e.g., pages that belong to a given domain or that contain a user-specified pattern. ACHE differs from generic crawlers in sense that it uses page classifiers to distinguish between relevant and irrelevant pages in a given domain. A page classifier can be from a simple regular...
SSH Auditor – Scan For Weak SSH Passwords On Your Network
SSH Auditor is the best way to scan for weak ssh passwords on your network. SSH Auditor will automatically: Re-check all known hosts as new credentials are added. It will only check the new credentials. Queue a full credential scan on any new host discovered. Queue a full credential scan on any known host whose ssh version or key...
