.webp "Arena-Hard-Auto : Advancing LLM Evaluation With Style Control Integration")
.webp "How To Install/Run – Streamlining OSINT Workflows For Enhanced Capabilities")
ShadowSpray : Tool To Spray Shadow Credentials
ShadowSpray is a tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain. Why this tool In a lot of engagements I see (in BloodHound) that the group "Everyone" / "Authenticated Users" / "Domain Users" or some other wide group, which contains almost all the users in the...
Lfi-Space : Lfi Scan Tool
Screenshots How to use https://www.youtube.com/watch?v=rpcGqwZU2As Read Me LFI Space is a robust and efficient tool designed to detect Local File Inclusion (LFI) vulnerabilities in web applications. This tool simplifies the process of identifying potential security flaws by leveraging two distinct scanning methods: Google Dork Search and Targeted URL Scan. With its comprehensive approach, LFI Space assists security professionals, penetration testers,...
NucleiFuzzer – An Automation Tool
NucleiFuzzer is an automation tool that combines and enhances web application security testing. It uses ParamSpider to identify potential entry points and Nuclei's templates to scan for vulnerabilities. NucleiFuzzer streamlines the process, making it easier for security professionals and web developers to detect and address security risks efficiently. Download NucleiFuzzer to protect your web applications from vulnerabilities and attacks. Note: Nuclei + Paramspider = NucleiFuzzer Tools Included: ParamSpider git clone https://github.com/0xKayala/ParamSpider.git Nuclei git clone https://github.com/projectdiscovery/nuclei.git Templates: Fuzzing Templates git clone https://github.com/projectdiscovery/fuzzing-templates.git Output Usage nucleifuzzer -h This...
BadZure – A PowerShell To Set Up Azure Active Directory Tenants
.webp "BadZure – A PowerShell To Set Up Azure Active Directory Tenants")
BadZure is a PowerShell script that uses the Microsoft Graph SDK to set up Azure Active Directory tenants. It fills them with different entities and makes common security mistakes to make tenants that are easy to attack and have multiple entry points. BadZure automates the process of creating users, groups, application registrations, service principals, and administrative units, among other things. ...
CVE-2023-38035 – Arbitrary Command Execution As The Root user On Ivanti Sentry
Ivanti has just put out a warning about CVE-2023-38035. The vulnerability has been added to CISA KEV and is called an authentication bypass in the Ivanti Sentry user interface. This new flaw comes after a flaw in Ivanti EPMM (CVE-2023-35078) that was already being used in the wild. In this post, we'll look closely at how this new flaw...
SysReptor – An Offensive Security Reporting Tool
SysReptor is a fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike. You can create designs based on simple HTML and CSS, write your reports in user-friendly Markdown and convert them to PDF with just a single click, in the cloud or self-hosted! Your Benefits Write in markdown Design in HTML/VueJS Render your report to PDF Fully...
PwnFox – A Firefox/Burp Extension For Security Audit
PwnFox is a Firefox/Burp extension that provide usefull tools for your security audit. If you are a chrome user you can check https://github.com/nccgroup/autochrome. PwnFox Features Single click BurpProxy Containers Profiles PostMessage Logger Toolbox Security header remover Installation Build All Firefox Burp Changelog Features Single click BurpProxy Connect to Burp with a simple click, this will probably remove the need for other addons like foxyProxy. However if you need the extra features provided by foxyProxy you can leave...
AD_Enumeration_Hunt – AD Pentesting Toolkit
Description Welcome to the AD Pentesting Toolkit! This repository contains a collection of PowerShell scripts and commands that can be used for Active Directory (AD) penetration testing and security assessment. The scripts cover various aspects of AD enumeration, user and group management, computer enumeration, network and security analysis, and more. The toolkit is intended for use by penetration testers, red teamers, and...
TLDHunt : Domain Availability Checker
TLDHunt is a command-line tool designed to help users find available domain names for their online projects or businesses. By providing a keyword and a list of TLD (top-level domain) extensions, TLDHunt checks the availability of domain names that match the given criteria. This tool is particularly useful for those who want to quickly find a domain name that...
SpiderSuite : Advance Web Spider/Crawler
.png "SpiderSuite : Advance Web Spider/Crawler")
SpiderSuite is an Advance web spider/crawler for cyber security professionals. An advance cross-platform and multi-feature GUI web spider/crawler for cyber security proffesionals. Spider Suite can be used for attack surface mapping and analysis. For more information visit SpiderSuite's website. Installation and Usage Spider Suite is designed for easy installation and usage even for first timers. First, download the package of your choice. Then install...
