JShell – Get a JavaScript shell with XSS
JShell get a JavaScript shell with XSS. The Java Shell tool is an interactive tool for learning the Java programming language and prototyping Java code. JShell Usages Run shell.py and it will automatically try to detect your IP address, default LPORT is 33. As you can see the payload has been generated and now all you have to do is to deliver...
AWS Key Disabler – Lambda Script That Will Disable Access Keys Older Than A Given Amount Of Days
The AWS Key disabler is a Lambda Function that disables AWS IAM User Access Keys after a set amount of time in order to reduce the risk associated with old access keys. AWS Lambda Architecture SysOps Output for EndUser Developer Toolchain Also ReadHow Safe is to Use the Internet From Public WiFi? AWS Key Disabler Current Limitations A report containing the output (json) of...
Drltrace – A Library Calls Tracer For Windows & Linux Applications
Drltrace is a dynamic API calls tracer for Windows and Linux applications designed primarily for malware analysis. Drltrace is built on top of DynamoRIO dynamic binary instrumentation framework. The release build can be downloaded here. Why Drltrace Rock? Fast enough to perform analysis of malicious samples without being detected by time-based anti-research techniques. Supports both x86 and x64 (ARM in future). ...
Neofetch – A command-line System Information Tool
Neofetch is a command-line system information tool written in bash 3.2+. Neofetch displays information about your operating system, software and hardware in an aesthetic and visually pleasing way. The overall purpose of Neofetch is to be used in screen-shots of your system. Neofetch shows the information other people want to see. There are other tools available for proper system statistic/diagnostics. The...
Drozer v2.4.4 – The Leading Security Assessment Framework For Android
Drozer 2.4.4 is the leading security testing framework for Android. Drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Dalvik VM, other apps' IPC endpoints and the underlying OS. Drozer provides tools to help you use, share and understand public Android exploits. It helps you to...
Put2Win – Script To Automatize Shell Upload By PUT HTTP Method To Get Meterpreter
Put2Win is a script to automatize shell upload by PUT HTTP method to get meterpreter. It's necessary to have installed nmap and msfvenom tools for a correct operation. Also ReadJoomscan – OWASP Joomla Vulnerability Scanner Project Put2Win Usage ./Put2win.sh -h This script automatize shell upload by PUT HTTP method to get meterpreter. Usage: ./Put2win.sh -t TARGET -u URL_PATH -l LHOST Examples: ./Put2win.sh -t 192.168.1.80 -u...
UDP2Raw Tunnel – A Tunnel which Turns UDP Traffic into Encrypted UDP/FakeTCP/ICMP
Udp2raw Tunnel is a tunnel which turns UDP Traffic into Encrypted FakeTCP/UDP/ICMP Traffic by using Raw Socket, helps you Bypass UDP FireWalls(or Unstable UDP Environment). It can defend Replay-Attack and supports Multiplexing. It also acts as a Connection Stabilizer. When used alone,udp2raw tunnels only UDP traffic. Nevertheless,if you used udp2raw + any UDP-based VPN together,you can tunnel any traffic(include TCP/UDP/ICMP),currently...
Mail Security Testing – Framework For Mail Security & Filtering Solutions
Mail Security Testing Framework is a testing framework for mail security and filtering solutions. Mail Security Testing Installation The mail security testing framework works with with Python >=3.5. Just pull this repository and go ahead. No further dependencies are required. Usage The script mail-tester.py runs the tests. Read the help message with ./mail-tester.py --help and check the list of test and evasion modules...
SocialBox – A Bruteforce Attack Framework[ Facebook , Gmail , Instagram ,Twitter]
SocialBox is a Bruteforce Attack Framework . SocialBox Installation sudo apt-get install git sudo git clone https://github.com/TunisianEagles/SocialBox.git cd SocialBox chmod +x SocialBox.sh chmod +x install-sb.sh ./install-sb.sh ./SocialBox.sh Tested On Backbox linux Ubuntu Kali linux Also ReadDVR-Exploiter : DVR-Exploiter a Bash Script Program Exploit The DVR’s Screenshots Credit: Belahsan Ouerghi
SharpSploit – A .NET Post-Exploitation Library Written in C#
SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers. It is named, in part, as a homage to the PowerSploit project, a personal favorite of mine! While SharpSploit does port over some functionality from PowerSploit, my intention is not at...
