Clik here to view.
BadExclusionsNWBO - An Evolution From BadExclusions To Identify Folder Custom...
BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR.How it works?BadExclusionsNWBO copies and runs Hook_Checker.exe in all folders and...
View ArticleClik here to view.
SQLMC - Check All Urls Of A Domain For SQL Injections
SQLMC (SQL Injection Massive Checker) is a tool designed to scan a domain for SQL injection vulnerabilities. It crawls the given URL up to a specified depth, checks each link for SQL injection...
View ArticleClik here to view.
LOLSpoof - An Interactive Shell To Spoof Some LOLBins Command Line
LOLSpoof is a an interactive shell program that automatically spoof the command line arguments of the spawned process. Just call your incriminate-looking command line LOLBin (e.g. powershell -w hidden...
View ArticleClik here to view.
PingRAT - Secretly Passes C2 Traffic Through Firewalls Using ICMP Payloads
PingRAT secretly passes C2 traffic through firewalls using ICMP payloads.Features:Uses ICMP for Command and ControlUndetectable by most AV/EDR solutionsWritten in GoInstallation:Download the binariesor...
View ArticleClik here to view.
BypassFuzzer - Fuzz 401/403/404 Pages For Bypasses
The original 403fuzzer.py :)Fuzz 401/403ing endpoints for bypassesThis tool performs various checks via headers, path normalization, verbs, etc. to attempt to bypass ACL's or URL validation.It will...
View ArticleClik here to view.
Hakuin - A Blazing Fast Blind SQL Injection Optimization And Automation...
Hakuin is a Blind SQL Injection (BSQLI) optimization and automationframework written in Python 3. It abstracts away the inference logic and allows users to easily and efficiently extract databases (DB)...
View ArticleClik here to view.
Subhunter - A Fast Subdomain Takeover Tool
Subdomain takeover is a common vulnerability that allows an attacker to gain control over a subdomain of a target domain and redirect users intended for an organization's domain to a website that...
View ArticleClik here to view.
Invoke-SessionHunter - Retrieve And Display Information About Active User...
Retrieve and display information about active user sessions on remote computers. No admin privileges required.The tool leverages the remote registry service to query the HKEY_USERS registry hive on the...
View ArticleClik here to view.
ShellSweep - PowerShell/Python/Lua Tool Designed To Detect Potential Webshell...
Tags: Aspx, Encryption, Entropy, Hashes, Malware, Obfuscation, PowerShell, Processes, Scan, Scanning, Scripts, Toolbox, ShellSweepShellSweep - ShellSweeping the evil.Shellsweep - Shellsweeping The...
View ArticleClik here to view.
Linux-Smart-Enumeration - Linux Enumeration Tool For Pentesting And CTFs With...
First, a couple of useful oneliners ;)wget "https://github.com/diego-treitos/linux-smart-enumeration/releases/latest/download/lse.sh" -O lse.sh;chmod 700 lse.shcurl...
View ArticleClik here to view.
JAW - A Graph-based Security Analysis Framework For Client-side JavaScript
An open-source, prototype implementation of property graphs for JavaScript based on the esprima parser, and the EsTree SpiderMonkey Spec. JAW can be used for analyzing the client-side of web...
View ArticleClik here to view.
Drs-Malware-Scan - Perform File-Based Malware Scan On Your On-Prem Servers...
Perform malware scan analysis of on-prem servers using AWS servicesChallenges with on-premises malware detectionIt can be difficult for security teams to continuously monitor all on-premises servers...
View ArticleClik here to view.
Vger - An Interactive CLI Application For Interacting With Authenticated...
V'ger is an interactive command-line application for post-exploitation of authenticated Jupyter instances with a focus on AI/ML security operations.User StoriesAs a Red Teamer, you've found Jupyter...
View ArticleClik here to view.
Above - Invisible Network Protocol Sniffer
Invisible protocol sniffer for finding vulnerabilities in the network. Designed for pentesters and security engineers.Above: Invisible network protocol snifferDesigned for pentesters and security...
View ArticleClik here to view.
Go-Secdump - Tool To Remotely Dump Secrets From The Windows Registry
Package go-secdump is a tool built to remotely extract hashes from the SAM registry hive as well as LSA secrets and cached hashes from the SECURITY hive without any remote agent and without touching...
View ArticleClik here to view.
PoolParty - A Set Of Fully-Undetectable Process Injection Techniques Abusing...
A collection of fully-undetectable process injection techniques abusing Windows Thread Pools. Presented at Black Hat EU 2023 Briefings under the title -...
View ArticleClik here to view.
JA4+ - Suite Of Network Fingerprinting Standards
JA4+ is a suite of network Fingerprinting methods that are easy to use and easy to share. These methods are both human and machine readable to facilitate more effective threat-hunting and analysis. The...
View ArticleClik here to view.
Domainim - A Fast And Comprehensive Tool For Organizational Network Scanning
Domainim is a fast domain reconnaissance tool for organizational network scanning. The tool aims to provide a brief overview of an organization's structure using techniques like OSINT, bruteforcing,...
View ArticleClik here to view.
SherlockChain - A Streamlined AI Analysis Framework For Solidity, Vyper And...
SherlockChain is a powerful smart contract analysisframework that combines the capabilities of the renowned Slither tool with advanced AI-powered features. Developed by a team of security experts and...
View ArticleClik here to view.
Pyrit - The Famous WPA Precomputed Cracker
Pyrit allows you to create massive databases of pre-computed WPA/WPA2-PSKauthentication phase in a space-time-tradeoff. By using the computational power of Multi-Core CPUs and other platforms through...
View Article