FireStorePwn – Firestore Database Vulnerability Scanner Using APKs
fsp scans an APK and checks the Firestore database for rules that are not secure, testing with or without authentication....
Tools
DNS-Black-Cat(DBC) – Multi Platform Toolkit For An Interactive DNS Shell Commands Exfiltration, By Using DNS-Cat You Will Be Able To Execute System Commands In Shell Mode Over DNS Protocol
Multi-platform toolkit for an interactive C2C DNS shell, by using DNS-Black-Cat, you will be able to execute system commands in...
Qvm-Create-Windows-Qube – Spin Up New Windows Qubes Quickly, Effortlessly And Securely
qvm-create-windows-qube is a tool for quickly and conveniently installing fresh new Windows qubes with Qubes Windows Tools (QWT) drivers automatically....
Php_Code_Analysis – San your PHP code for vulnerabilities
This script will scan your codethe script can find check_file_upload issues host_header_injection SQl injection insecure deserialization open_redirect SSRF XSS LFI...
Solr-GRAB – Steal Apache Solr Instance Queries With Or Without A Username And Password
Steal Apache Solr instance Queries with or without a username and password. DISCLAIMER: This project should be used for authorized...
CiLocks – Android LockScreen Bypass
CiLocks - Android LockScreen BypassFeaturesBrute Pin 4 Digit Brute Pin 6 Digit Brute LockScreen Using Wordlist Bypass LockScreen {Antiguard} Not...
MurMurHash – Tool To Calculate A MurmurHash Value Of A Favicon To Hunt Phishing Websites On The Shodan Platform
This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.What...
Exploit to SYSTEM for CVE-2021-21551
SpoolPrinter Privesc using SeImpersonatePrivileges was made thanks to @_ForrestOrr https://github.com/forrest-orr/DoubleStar/tree/main/Payloads/Source/Stage3_SpoolPotato I basically just tossed the exploit function in his code and altered...
Using AWS + Socat Port Forwarder
This script is designed for using AWS and SOCAT as a forwarder to another IP or Server, for Red Team...
AMSITrigger – The Hunt For Malicious Strings
Hunting for Malicious StringsUsage:AMSI calls (xmas tree mode) -d, --debug Show Debug Info -m, --maxsiglength=VALUE Maximum signature Length to cater...
SQLFluff – A SQL Linter And Auto-Formatter For Humans
SQLFluff is a dialect-flexible and configurable SQL linter. Designed with ELT applications in mind, SQLFluff also works with jinja templating...
Charlotte – C++ Fully Undetected Shellcode Launcher
c++ fully undetected shellcode launcher ;) releasing this to celebrate the birth of my newborndescription13/05/2021: c++ shellcode launcher, fully undetected...
GraphQLmap – A Scripting Engine To Interact With A Graphql Endpoint For Pentesting Purposes
GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes.Install$ git clone https://github.com/swisskyrepo/GraphQLmap$ python graphqlmap.py _____...
DivideAndScan – Divide Full Port Scan Results And Use It For Targeted Nmap Runs
Divide Et Impera And Scan (and also merge the scan results) DivideAndScan is used to efficiently automate port scanning routine...
AutoPentest-DRL – Automated Penetration Testing Using Deep Reinforcement Learning
AutoPentest-DRL is an automated penetration testing framework based on Deep Reinforcement Learning (DRL) techniques. The framework determines the most appropriate...
ABPTTS – TCP Tunneling Over HTTP/HTTPS For Web Application Servers
A Black Path Toward The Sun(TCP tunneling over HTTP for web application servers) https://www.blackhat.com/us-16/arsenal.html#a-black-path-toward-the-sun Ben Lincoln, NCC Group, 2016 ABPTTS...
Etherblob-Explorer – Search And Extract Blob Files On The Ethereum Blockchain Network
Search and extract blob files on the Ethereum network using Etherscan.io API.IntroductionEtherBlob Explorer is a tool intended for researchers, analysts,...
IPED – Digital Forensic Tool – Process And Analyze Digital Evidence, Often Seized At Crime Scenes By Law Enforcement Or In A Corporate Investigation By Private Examiners
IPED is an open source software that can be used to process and analyze digital evidence, often seized at crime...
Ghidra-Evm – Module For Reverse Engineering Smart Contracts
In the last few years, attacks on deployed smart contracts in the Ethereum blockchain have ended up in a significant...
Msldap – LDAP Library For Auditing MS AD
msldapLDAP library for MS AD DocumentationAwesome documentation here! FeaturesComes with a built-in console LDAP client All parameters can be conrolled...
Mediator – An Extensible, End-To-End Encrypted Reverse Shell With A Novel Approach To Its Architecture
Mediator is an end-to-end encrypted reverse shell in which the operator and the shell connect to a "mediator" server that...
Corsair_Scan – A Security Tool To Test Cross-Origin Resource Sharing (CORS)
Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS) misconfigurations. CORS is a mechanism that allows restricted resources...
Eyeballer – Convolutional Neural Network For Analyzing Pentest Screenshots
Eyeballer is meant for large-scope network penetration tests where you need to find "interesting" targets from a huge set of...
