Fiber – Using Fibers To Run In-Memory Code
A fiber is a unit of execution that must be manually scheduled by the application rather than rely on the priority-based scheduling mechanism built into Windows. Fibers are often called lightweight threads. For more detailed information about what are and how fibers work consult the official documentation. Fibers allow to have multiple execution flows in a single thread, each...
XSS-Exploitation-Tool : A Penetration Testing Tool
.png "XSS-Exploitation-Tool : A Penetration Testing Tool")
XSS Exploitation Tool is a penetration testing tool that focuses on the exploit of Cross-Site Scripting vulnerabilities. Disclaimer: This tool is only for educational purpose, do not use it against real environment Features Technical Data about victim browser Geolocation of the victim Snapshot of the hooked/visited page Source code of the hooked/visited page Exfiltrate input field data Exfiltrate cookies Keylogging Display alert box Redirect user Installation Tested on Debian 11 You may need Apache,...
Promptmap
.webp "Promptmap")
Prompt injection is a type of security vulnerability that can be exploited to control the behavior of a ChatGPT instance. By injecting malicious prompts into the system, an attacker can force the ChatGPT instance to take unintended actions. promptmap is a tool that automatically tests prompt injection attacks on ChatGPT instances. It analyzes your ChatGPT rules to understand their context...
Firefly – Black Box Fuzzer For Web Applications
Firefly is an advanced black-box fuzzer and not just a standard asset discovery tool. Firefly provides the advantage of testing a target with a large number of built-in checks to detect behaviors in the target. NOTE : Firefly is in a very new stage (v1.0) but works well for now, if the target does not contain too much dynamic content....
Winit : Cross-Platform Window Creation And Management In Rust
Winit is a robust, cross-platform library designed for creating and managing windows in Rust applications. Tailored to be a foundational component in a broader system of libraries, it facilitates direct window manipulation and event handling. Ideal for developers seeking a versatile toolset for desktop applications, Winit offers precise control through platform-specific features and extensive documentation. [dependencies] winit = "0.30.7" Documentation For features within...
Browser Autofill Phishing – The Hidden Dangers And Security Risks
In today’s digital age, convenience often comes at the cost of security. One such overlooked convenience is the browser autofill feature—a handy tool that can inadvertently become a gateway for phishing attacks. This article explores a subtle yet significant vulnerability: browser autofill phishing. We delve into how browsers handle autofill differently, the risks involved, and a demonstration of how...
Terminal GPT (tgpt) – Your Direct CLI Gateway To ChatGPT 3.5
.png "Terminal GPT (tgpt) – Your Direct CLI Gateway To ChatGPT 3.5")
Terminal GPT (tgpt) offers a seamless way to bring the power of ChatGPT 3.5 directly to your command line. This cross-platform CLI tool negates the need for API keys and is equipped with a range of flags and options to tailor your experience. From generating shell commands and code to engaging in interactive modes, tgpt simplifies interactions with ChatGPT...
garak, LLM Vulnerability Scanner : The Comprehensive Tool For Assessing Language Model Security
garak checks if an LLM can be made to fail in a way we don't want. garak probes for hallucination, data leakage, prompt injection, misinformation, toxicity generation, jailbreaks, and many other weaknesses. If you know nmap or msf / Metasploit Framework, garak does somewhat similar things to them, but for LLMs. garak focuses on ways of making an LLM or...
Vermilion : Mastering Linux Post-Exploitation For Red Team Success
Vermilion is a simple and lightweight CLI tool designed for rapid collection, and optional exfiltration of sensitive information from Linux systems.Its primary purpose is to streamline the process of gathering critical data in red teaming scenarios. How It Works Vermilion is a Linux-focused tool designed for efficient information gathering and sensitive data exfiltration. It collects: System Information : OS details, hostname, network...
AD-CS-Forest-Exploiter : Mastering Security Through PowerShell For AD CS Misconfiguration
ADCFFS is a PowerShell script that can be used to exploit the AD CS container misconfiguration allowing privilege escalation and persistence from any child domain to full forest compromise. The tool can also be used to first scan the forest to determine if it is vulnerable to the attack and can remedy the permission misconfiguration as well. More information...
