Kali
Subparse, is a modular framework developed by Josh Strochein, Aaron Baker, and Odin Bernstein. The framework is designed to parse and index malware files and present the information found during the parsing in a searchable web-viewer. The framework is modular, making use of a core parsing engine, parsing modules, and a variety of enrichers that …
Continue reading “Subparse : Modular Malware Analysis Artifact Collection And Correlation Framework”
Havoc is a modern and malleable post-exploitation command and control framework, created by @C5pider. ⚠️Havoc is in an early state of release. Breaking changes may be made to APIs/core structures as the framework matures. Support Consider supporting C5pider on Patreon/Github Sponsors. Additional features are planned for supporters in the future, such as custom agents/plugins/commands/etc. Quick …
Continue reading “Havoc : Modern and malleable post-exploitation command and control framework”
Shennina is an automated host exploitation framework. The mission of the project is to fully automate the scanning, vulnerability scanning/analysis, and exploitation using Artificial Intelligence. Shennina is integrated with Metasploit and Nmap for performing the attacks, as well as being integrated with an in-house Command-and-Control Server for exfiltrating data from compromised machines automatically. This was …
Continue reading “Shennina : Automating Host Exploitation With AI”
The SteaLinG is an open-source penetration testing framework designed for social engineering After the hack, you can upload it to the victim’s device and run it. Disclaimers This is only for testing purposes and can only be used where strict consent has been given. Do not use this for illegal purposes How can I benefit …
graphql-threat-matrix was built for bug bounty hunters, security researchers and hackers to assist with uncovering vulnerabilities across multiple GraphQL implementations. The differences in how GraphQL implementations interpret and conform to the GraphQL specification may lead to security gaps and unique attack vectors. By analyzing and comparing the factors that drive the security risks across different implementations …
Continue reading “Graphql-Threat-Matrix : GraphQL Threat Framework Used By Security Professionals”
KrbRelay should be working on most fully patched Windows systems. There may be difficulties with Server OS in lab environments because of the firewall blocking the OXID resolver however, this will most likely not be an issue during real life engagements, same goes for CLSIDs. Supported Protocols and Features Some protocols are more completed than …
Continue reading “KrbRelay : Framework For Kerberos Relaying”
Maat is an open-source Dynamic Symbolic Execution and Binary Analysis framework. It provides various functionalities such as symbolic execution, taint analysis, constraint solving, binary loading, environment simulation, and leverages Ghidra’s sleigh library for assembly lifting: https://maat.re Key Features Fast & Portable: Designed to scale to real-world applications. Fully written in C++ for good runtime performance. There …
Continue reading “Maat : Open-source Symbolic Execution Framework”
FormatFuzzer is a framework for high-efficiency, high-quality generation and parsing of binary inputs. It takes a binary template that describes the format of a binary input and generates an executable that produces and parses the given binary format. From a binary template for GIF, for instance, FormatFuzzer produces a GIF generator – also known as GIF fuzzer. Generators produced by FormatFuzzer are highly efficient, producing thousands of …
Combobulator is an Open-Source, modular and extensible framework to detect and prevent dependency confusion leakage and potential attacks. This facilitates a holistic approach for ensuring secure application releases that can be evaluated against different sources (e.g., GitHub Packages, JFrog Artifactory) and many package management schemes (e.g., ndm, maven). Intended Audiences The framework can be used …
BloodyAD is an Active Directory Privilege Escalation Framework, it can be used manually using bloodyAD.py or automatically by combining pathgen.py and autobloody.py. This framework supports NTLM (with password or NTLM hashes) and Kerberos authentication and binds to LDAP/LDAPS/SAMR services of a domain controller to obtain AD privesc. It is designed to be used transparently with a SOCKS proxy. bloodyAD Description …
Continue reading “BloodyAD : An Active Directory Privilege Escalation Framework”
.png)
.png)
.png)
.png)
.png)
.png)
