.webp "Arena-Hard-Auto : Advancing LLM Evaluation With Style Control Integration")
.webp "How To Install/Run – Streamlining OSINT Workflows For Enhanced Capabilities")
Domain Audit – Automated Active Directory Penetration Testing
.webp "Domain Audit – Automated Active Directory Penetration Testing")
The Tool is a wrapper around PowerView, Impacket, PowerUpSQL, BloodHound, Ldaprelayscan and Crackmapexec to automate the execution of enumeration and a lot of checks performed during a On-Prem Active Directory Penetration test. Thanks to all the authors of the original tools. Installation AND Setup Install python 3.10 (For example from the Windows store) git clone https://github.com/0xJs/domain_audit cd .domain_auditimport git clone https://github.com/SecureAuthCorp/impacket cd impacket; python3 -m...
Naabu – Fast and Efficient Port Scanner
Naabu is a powerful port scanning utility designed in the Go programming language, enabling fast and efficient port enumeration. Designed to swiftly detect valid ports on various hosts, this tool is optimized to perform SYN, CONNECT, and UDP scans. With its comprehensive feature set, Naabu not only lists ports that offer a reply but is also capable of Host...
Scan4All: A Next-Gen Automated Vulnerability Detection Security Tool
Scan4All is at the vanguard of modern cybersecurity solutions, offering a comprehensive suite of tools for automated vulnerability detection and threat analysis. Built on a robust Golang framework, this cross-platform toolkit seamlessly integrates with various systems, elevating the standard for next-generation security measures. Features What Is Scan4all: integrated vscan, nuclei, ksubdomain, subfinder, etc., fully automated and intelligent team tools? Code-level optimization, parameter...
CatSniffer – The Ultimate Multiprotocol IoT Attack Tool in USB Form
CatSniffer is an original multiprotocol, and multiband board made for sniffing, communicating, and attacking IoT (Internet of Things) devices. It was designed as a highly portable USB stick that integrates the new chips TI CC1352, Semtech SX1262, Microchip SAMD21E17 V2 or previous, and RP2040 V3 or later. This board is a Swiss army knife for IoT security researchers, developers, and...
Pineapple Mark VII REST Client
The Pineapple Mark VII REST Client offers a robust suite of tools for WiFi penetration testing and security analysis. Developed by TW-D and compatible with Ruby, it allows users to automate both active and passive network attacks. With an extensive library of payloads, this toolkit identifies vulnerable devices, facilitates WiFi exploitation, and offers comprehensive reconnaissance capabilities. Dive into the...
Fuzzing Forum – Advanced Software Testing
.webp "Fuzzing Forum – Advanced Software Testing")
This project aims at hosting tutorials, examples, discussions, research proposals, and other resources related to fuzzing. External contributions are welcome, please see CONTRIBUTING Contributing File for more information. The "Fuzzing Forum" is a place where people can find tutorials, examples, discussions, and more, all about the fuzzing method. The project has resources for both beginners and experts on how to use fuzzing tools and...
Clairvoyance – Unmasking Hidden GraphQL Schemas
Clairvoyance is a game-changer for GraphQL API developers. This tool gets the GraphQL API schema from sites where introspection is turned off and displays it in a user-friendly JSON format. Learn how to install it, how to use it in more advanced ways, and how to get help from a dedicated team of contributors. You'll also find out how to...
Anti-Qakbot – Disabling The Malicious Threat
.webp "Anti-Qakbot – Disabling The Malicious Threat")
Kill a live running QAKbot on an infected machine. More on this : Operation Duckhunt : Field Testing the FBI’s Anti-Qakbot Payload (C) Raashid Bhat In the constantly changing world of online threats, Qakbot has become a powerful foe. This malware has caused problems on many systems because it stays around and does damage. But there is a bright side to every...
Server-Side Request Forgery (SSRF) – Exploitation And Defense Insights
.webp "Server-Side Request Forgery (SSRF) – Exploitation And Defense Insights")
In this section, we'll explain what server-side request forgery is, describe some common examples, and explain how to find and exploit various kinds of SSRF vulnerabilities. What is SSRF? Server-side request forgery (also known as SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make requests to an unintended location. In a typical SSRF attack,...
Coustom Bash – A Tool To Automate Penetration Testing Tasks
Custom bash scripts have emerged as powerful tools for automating a range of penetration testing tasks, from reconnaissance to payload creation. Tailored specifically for use with Kali Linux, these scripts streamline activities like scanning, enumeration, and the generation of malicious payloads using Metasploit. This article delves into the intricacies of setting up and leveraging such scripts, ensuring that security professionals...
