PDFMtEd – Simplifying PDF Metadata Management On Linux
PDFMtEd (PDF Metadata Editor) is a set of tools designed to simplify working with PDF metadata on Linux. The utilities hosted in this repository are graphical front-ends to the marvelous ExifTool by Phil Harvey. Components PDFMtEd Editor PDFMtEd Editor is an easy-to-use graphical metadata editor that supports viewing and modifying all major metadata fields found in PDF documents. Features: easily process multiple files and folders right from your file...
Crime Data Explorer : An In-Depth Look At FBI’s Open Crime Data Initiative
The FBI collects and publishes Uniform Crime Reporting (UCR) data on an annual basis. Over 18,000 law enforcement agencies across the country voluntarily participate in the program by submitting data through a state UCR program or directly to the FBI. This open data project is part of our ongoing efforts to improve the accuracy and timeliness of the nation’s crime statistics. The...
XMGoat – Mastering Azure Security Through Hands-On Attack Scenario
XM Goat is composed of XM Cyber terraform templates that help you learn about common Azure security issues. Each template is a vulnerable environment, with some significant misconfigurations. Your job is to attack and compromise the environments. Here’s what to do for each environment: Run installation and then get started. With the initial user and service principal credentials, attack the environment based...
VulnNodeApp – Exploring Web Vulnerabilities With A Node.js Educational Tool
A vulnerable application made using node.js, express server and ejs template engine. This application is meant for educational purposes only. Setup Clone This Repository git clone https://github.com/4auvar/VulnNodeApp.git Application Setup: Install the latest node.js version with npm. Open terminal/command prompt and navigate to the location of downloaded/cloned repository. Run command: npm install DB Setup Install and configure latest mysql version and start the mysql service/deamon Login with root user in mysql...
Hfinger – Fingerprinting Malware HTTP Requests
Tool for fingerprinting HTTP requests of malware. Based on Tshark and written in Python3. Working prototype stage. Its main objective is to provide unique representations (fingerprints) of malware requests, which help in their identification. Unique means here that each fingerprint should be seen only in one particular malware family, yet one family can have multiple fingerprints. Hfinger represents the request in a...
CloudBrute – Unleashing Automated Security Testing Across Multiple Cloud Platforms
A tool to find a company (target) infrastructure, files, and apps on the top cloud providers (Amazon, Google, Microsoft, DigitalOcean, Alibaba, Vultr, Linode). The outcome is useful for bug bounty hunters, red teamers, and penetration testers alike. Motivation we are always thinking of something we can automate to make black-box security testing easier. We discussed this idea of creating a multiple...
Ashok – The Ultimate Reconnaissance Toolkit For Penetration Testers
Reconnaissance is the first phase of penetration testing which means gathering information before any real attacks are planned So Ashok is an Incredible fast recon tool for penetration tester which is specially designed for Reconnaissance phase. And in Ashok-v1.1 you can find the advanced google dorker and wayback crawling machine. Main Features - Wayback Crawler Machine - Google Dorking without limits - Github Information Grabbing - Subdomain Identifier - Cms/Technology...
IconJector – Exploiting Windows Explorer With DLL Injection Through Icon Changes
Firstly, a folder is created in the temp directory, and the properties of the folder are opened using SHObjectProperties. To retrieve the handle of the window independently of the system language, EnumWindows is used with a callback function that checks for the distinct folder name in every open window. Through the properties page, the change icon dialog is invoked, whose...
SharpGraphView – A Modular Toolkit For Advanced Azure Cloud Attacks
.webp "SharpGraphView – A Modular Toolkit For Advanced Azure Cloud Attacks")
Sharp post-exploitation toolkit providing modular access to the Microsoft Graph API (graph.microsoft.com) for cloud and red team operations. Created during the new Advanced Azure Cloud Attacks Lab. Inspired by GraphRunner and TokenTactics. Index Updates Build Usage Flags Methods Auth Methods Post-Auth Methods Demo Get-GraphTokens Invoke-RefreshToAzureManagementToken Invoke-RefreshToMSGraphToken Invoke-RefreshToVaultToken Invoke-CertToAccessToken Get-TokenScope New-SignedJWT Observations Common HTTP Error Codes Build Compiled executable in bin/Release is ready to go. If loading and building for the first time select the 'Restore' button in VS (may need to add and use nuget.org as a package source...
Gungnir : Monitoring Certificate Transparency In Real-Time
.webp "Gungnir : Monitoring Certificate Transparency In Real-Time")
Gungnir is a command-line tool written in Go that continuously monitors certificate transparency (CT) logs for newly issued SSL/TLS certificates. Its primary purpose is to aid security researchers and penetration testers in discovering new domains and subdomains as soon as they are issued certificates, allowing for timely security testing. The tool connects to multiple CT logs and actively watches for...
.png "Fingerprintx : Standalone Utility For Service Discovery On Open Ports!")
