Goblob: Azure Blob Storage Enumeration Tool
Goblob is a lightweight and fast enumeration tool designed to aid in the discovery of sensitive information exposed publicy in Azure blobs, which can be useful for various research purposes such as vulnerability assessments, penetration testing, and reconnaissance. Warning. Goblob will issue individual goroutines for each container name to check in each storage account, only limited by the maximum number...
Top Penetration Testing Software & Tools – Essential for Security Assessments
This article offers a comprehensive overview of the nine most commonly utilized penetration testing tools in the cybersecurity domain. The utilization of tools such as Netsparker, Wireshark, and Kali Linux is crucial in the process of identifying vulnerabilities across diverse digital environments. Each tool provides distinct functionalities for conducting web application scanning, network analysis, ethical hacking, and other related...
Padre: A Powerful Tool for Exploiting Padding Oracle Attacks
Padre is a sophisticated and efficient software tool specifically engineered to leverage the inherent weaknesses in CBC mode encryption through the exploitation of Padding Oracle vulnerabilities. The system incorporates concurrent operations to optimize the process of decryption and encryption of user-defined data. Additionally, it includes an automated mechanism to identify padding oracles and cipher block lengths. In addition, Padre...
LightsOut: Disabling AMSI & ETW with an Obfuscated DLL
LightsOut will generate an obfuscated DLL that will disable AMSI & ETW while trying to evade AV. This is done by randomizing all WinAPI functions used, xor encoding strings, and utilizing basic sandbox checks. Mingw-w64 is used to compile the obfuscated C code into a DLL that can be loaded into any process where AMSI or ETW are present...
CrossLinked: Mastering LinkedIn Enumeration with Search Engine Scraping
CrossLinked is a LinkedIn enumeration tool that uses search engine scraping to collect valid employee names from an organization. This technique provides accurate results without the use of API keys, credentials, or accessing LinkedIn directly! Table of Contents Install Prerequisites Naming Format Advanced Formatting Search Example Usage Screenshots Parse Example Usage Screenshots Additional Options Proxy Rotation Command-Line Arguments Contribute Sponsors Scrape public LinkedIn profile data at scale with Proxycurl APIs. • Scraping Public profiles are battle tested in...
Splunk RCE – PoC: In-Depth Analysis and Exploitation Methodology
This article delves into a critical vulnerability in Splunk, identified as CVE-2023-46214. It provides a detailed analysis and a Proof of Concept (PoC) script to demonstrate the vulnerability's exploitation. The script is designed for educational purposes, helping to understand the security implications of this vulnerability in Splunk, a popular data processing and analytics platform. The article emphasizes responsible usage,...
CVE Half-Day Watcher
CVE Half-Day Watcher is a security tool designed to highlight the risk of early exposure of Common Vulnerabilities and Exposures (CVEs) in the public domain. It leverages the National Vulnerability Database (NVD) API to identify recently published CVEs with GitHub references before an official patch is released. By doing so, CVE Half-Day Watcher aims to underscore the window of...
WhatsApp OSINT Tool: Revolutionizing Digital Investigations
The WhatsApp OSINT Tool is a pioneering tool developed for intelligence gathering on WhatsApp. It enables tracking and monitoring of user activities, offering insights and data analysis for digital investigations. This versatile tool supports multiple languages and provides Excel format outputs, making it essential for online investigations and digital forensics. Welcome to the first WhatsApp OSINT tool. This was developed...
Compose StyleSheet: Revolutionizing UI Design in Jetpack Compose
Compose StyleSheet is an innovative framework designed to enhance user interface development in Jetpack Compose. Offering a versatile array of customizable UI components, this library simplifies the design process, allowing for dynamic styling and seamless integration of design elements like colors, fonts, and sizes. Ideal for developers seeking to streamline UI creation, Compose StyleSheet is a game-changer in the...
ZMap 4.0.0 RC1 – Revolutionizing Network Scanning With Multi-Port Support And More
ZMap 4.0.0 (RC1) introduces the notion of multi-port scanning, which has been a long requested feature. This is a breaking change since ZMap now operates on a metric of (ip,port) target instead of simply IP (e.g., for scan rate). It also introduces new dependencies (e.g., libjudy) to support multi-port scanning and changes ZMap's command-line interface. Features: Multi-port scanning support Store link-layer timestamp in icmp_echo_time module...