Mallet – A Framework For Creating Proxies
Mallet is a tool for creating proxies for arbitrary protocols, along similar lines to the familiar intercepting web proxies, just more generic. It is built upon the Netty framework, and relies heavily on the Netty pipeline concept, which allows the graphical assembly of graphs of handlers. In the Netty world, handler instances provide frame delimitation (i.e. where does a message...
RiskySPN – Collection of PowerShell Scripts Focused on Detecting and Abusing SPNs Accounts
RiskySPN is a collection of PowerShell scripts focused on detecting and abusing accounts associated with SPNs (Service Principal Name). This module can assist blue teams to identify potentially risky SPNs as well as red teams to escalate privileges by leveraging Kerberos and Active Directory. Also Read Metasploit Framework – A Beginner’s Guide for Penetration Testing, Exploit Development and Vulnerability Research RiskySPN Usage...
PowerUpSQL Tool kit to Audit SQL Server for Weak Configuration Auditing, Privilege Escalation on Scale, and Post Exploitation Attacks
PowerUpSQL includes functions that support SQL Server discovery, weak configuration auditing, privilege escalation on the scale, and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However, PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS...
PacVim – A Game That Teaches You Vim Commands
PacVim is a free open source, text-based game that teaches you vim commands in a simple and fun manner. In spite of the fact that Vim is a prominent content editor on Linux systems, individuals still think that its difficult to learn, it has a precarious expectation to learn and adapt particularly the propelled highlights, a considerable measure of...
lbd – Tool to Detect Whether a Domain has Load Balancing Enabled
Load balancing(lbd) is the technique used in different services for balancing the load across different servers or NICs. It can be in any form. Load balancing can be done to evenly distribute workload through a series of Computer clusters. Or it can be used within a single system to balance connections across a set of network interface cards or disks....
CGPwn – Ubuntu VM For Hardware Hacking, RE and Wargaming
CGPwn is a lightweight VM for hardware hacking, RE (fuzzing, symEx, exploiting etc) and wargaming task. Tools included in CGPwn; Fire up the VM git clone https://github.com/0xM3R/cgPwn cd cgPwn vagrant up ... Grab a beer and relax until everything is getting setup for you ;) vagrant ssh CGPwn Default settings By default, personal dotfiles are installed onto the VM. Simply comment out the following lines in cgPwn.sh if...
Introspy-iOS : Security Tool For Profiling iOS Application at Runtime
Introspy-iOS is a blackbox tool to help understand what an iOS application is doing at runtime and assist in the identification of potential security issues. This is the repository for the Introspy-iOS tracer. The tracer can be installed on a jailbroken device to hook and log security-sensitive iOS APIs called by applications running on the device. The tool records details...
HABU – Network Penetration Testing Toolkit for Hackers and Pentesters
Habu is a python network hacking toolkit. This tool basic functions that help with some tasks for Ethical Hacking and Penetration Testing. Most of them are related to networking, and the implementations are intended to be understandable for who wants to read the source code and learn from that. Some techniques implemented in the current version are: ARP Poisoning ARP...
SQLMAP – Enumeration of Databases & Users from Vulnerable Web Forms
Sqlmap is a database assessment tool which pentesters & security researchers can use to enumerate databases of various types. Sqlmap automates a normal & advanced sql injection techniques and performs them on a regular form. Refer to the article on Introduction to SQLMAP for getting started. The following lab sessions are a continuation of the previous one on sqlmap. So I...
Ua-tester – A tool for User Agent WAF, IDS/IPS, Redirection testing
UA-tester is a tool to check whether a website provides different pages for different user agents like for mobile, desktop bots etc. Well, this tool also delivers a lot of information. It is basically a python script which runs through various user-agents on a specified site. It also tries various options like setting cookie, redirection, URL-stability(whether the URL expires or...
