Nim-Loader – WIP Shellcode Loader In Nim With EDR Evasion Techniques
a very rough work-in-progress adventure into learning nim by cobbling resources together to create a shellcode loader that implements common...
Tools
Authcov – Web App Authorisation Coverage Scanning
Web app authorisation coverage scanning. Introduction AuthCov crawls your web application using a Chrome headless browser while logged in as...
Norimaci – Simple And Lightweight Malware Analysis Sandbox For macOS
"Norimaci" is a simple and lightweight Installation git clone https://github.com/mnrkbys/norimaci.git Future Work YARA scanning VirusTotal scanning Author Minoru Kobayashi License...
TrelloC2 – Simple C2 Over The Trello API
Simple C2 over Trello's API (Proof-of-Concept) By: Fabrizio Siciliano (@0rbz_) Update 12/30/2019 Removed hardcoded API key and Token, use input()...
WEF – Wi-Fi Exploitation Framework
A fully offensive framework to the 802.11 networks and protocols with different types of attacks for WPA and WEP, Created...
MalSCCM – Tool To Abuse Local Or Remote SCCM Servers To Deploy Malicious Applications
This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage. To...
GooFuzz – Tool To Perform Fuzzing With An OSINT Approach, Managing To Enumerate Directories, Files, Subdomains Or Parameters Without Leaving Evidence On The Target’s Server With Google Dorking
CreditsAuthor: M3n0sD0n4ldTwitter: @David_UtonDescription:GooFuzz is a script written in Bash Scripting that uses advanced Google search techniques to obtain sensitive information...
Naabu – A Fast Port Scanner Written In Go With A Focus On Reliability And Simplicity
Naabu is a port scanning tool written in Go that allows you to enumerate valid ports for hosts in a...
Msprobe – Finding All Things On-Prem Microsoft For Password Spraying And Enumeration
Finding all things on-prem Microsoft for password spraying and enumeration. The tool will used a list of common subdomains associated...
SharpSniper – Find Specific Users In Active Directory Via Their Username And Logon IP Address
Often a Red Team engagement is more than just achieving Domain Admin. Some clients will want to see if specific...
Xss_Vulnerability_Challenges – This Repository Is A Docker Containing Some “XSS Vulnerability” Challenges And Bypass Examples
This repository is a Dockerized php application containing some XSS vulnerability challenges. The ideas behind challenges are: Javascript validation bypass...
VAmPI – Vulnerable REST API With OWASP Top 10 Vulnerabilities For Security Testing
The Vulnerable API (Based on OpenAPI 3) VAmPI is a vulnerable API made with Flask and it includes vulnerabilities from...
Cervantes – Collaborative Platform For Pentesters Or Red Teams Who Want To Save Time To Manage Their Projects, Clients, Vulnerabilities And Reports In One Place
Cervantes is an opensource collaborative platform for pentesters or red teams who want to save time to manage their projects,...
Hunt-Sleeping-Beacons – Aims To Identify Sleeping Beacons
The idea of this project is to identify beacons which are unpacked at runtime or running in the context of...
Nightingale – Docker Environment For Pentesting Which Having All The Required Tool For VAPT
In today's technological era, docker is the most powerful technology in each and every domain, whether it is Development, cyber...
OSIPs – Gathers All Valid IP Addresses From All Text Files From A Directory, And Checks Them Against Whois Database, TOR Relays And Location
This script scans every file from a given folder recursively, extracts every IPv4 and IPv6 address, filters out the public...
LambdaGuard – AWS Serverless Security
AWS Lambda is an event-driven, serverless computing platform provided by Amazon Web Services. It is a computing service that...
Frostbyte – FrostByte Is A POC Project That Combines Different Defense Evasion Techniques To Build Better Redteam Payloads
FrostByte Progolue: In the past few days I've been experimenting with the Steps to build Signed Shellcode Executable Pick any...
Admin-Panel_Finder – A Burp Suite Extension That Enumerates Infrastructure And Application Admin Interfaces (OTG-CONFIG-005)
A burp suite extension that enumerates infrastructure and application Admin Interfaces. OWASP References: Classification: Web Application Security Testing > 02-Configuration...
Gshell – A Flexible And Scalable Cross-Plaform Shell Generator Tool
A simple yet flexible cross-platform shell generator tool. Name: G(Great) Shell Description: A cross-platform shell generator tool that lets you...
Goreplay – Open-Source Tool For Capturing And Replaying Live HTTP Traffic Into A Test Environment In Order To Continuously Test Your System With Real Data
GoReplay is an open-source network monitoring tool which can record your live Check latest documentation. Installation Download the latest binary...
SharpEventPersist – Persistence By Writing/Reading Shellcode From Event Log
Persistence by writing/reading shellcode from Event Log. Usage The SharpEventPersist tool takes 4 case-sensitive parameters: -file "C:pathtoshellcode.bin" -instanceid 1337 -source...
confluencePot – Simple Honeypot For Atlassian Confluence (CVE-2022-26134)
ConfluencePot is a simple honeypot for the Atlassian Confluence unauthenticated and remote OGNL injection vulnerability (CVE-2022-26134). About the vulnerability You...
DOMDig – DOM XSS Scanner For Single Page Applications
DOMDig is a DOM XSS scanner that runs inside the Chromium web browser and it can scan single page applications...
