Defending Against the Zero Day: Analyzing Attacker Behavior Post-Exploitation of Microsoft Exchange
In recent weeks, there has been quite a lot of reporting on the exploitation of the latest disclosed vulnerabilities in...
tools
ProxyLogon – PoC Exploit for Microsoft Exchange
PoC Exploit for Microsoft Exchange Launche Original PoC: https://github.com/testanullHow to use:python proxylogon.py <name or IP of server> <user@fqdn> Example:python proxylogon.py...
Netmap.Js – Fast Browser-Based Network Discovery Module
Fast browser-based network discovery module Descriptionnetmap.js provides browser-based host discovery and port scanning capabilities to allow you to map website...
SOC Automation with InsightIDR and InsightConnect: Three Key Use Cases to Explore to Optimize Your Security Operations
You probably already know that SOC automation with InsightIDR and InsightConnect can decrease your #MeanTimeToResponse. It may not be a...
Vajra – A Highly Customi zable Target And Scope Based Automated Web Hacking Framework To Automate Boring Recon Tasks
An automated web hacking framework for web applications Detailed insight about Vajra can be found athttps://hackwithproxy.medium.com/introducing-vajra-an-advanced-web-hacking-framework-bd8307a01aa8 About Vajra Vajra is an...
Subcert – An Subdomain Enumeration Tool, That Finds All The Subdomains From Certificate Transparency Logs
Subcert is a subdomain enumeration tool, that finds all the valid subdomains from certificate transparency logs. SetupStep 1: Install Python...
Mole – A Framework For Identifying And Exploiting Out-Of-Band Application Vulnerabilities
A framework for identifying and exploiting out-of-band (OOB) vulnerabilities. Installation & SetupMole InstallPython >= 3.6 virtualenv -p /usr/bin/python3 venv source...
Invoke-SocksProxy – Socks Proxy, And Reverse Socks Server Using Powershell
Creates a local or "reverse" Socks proxy using powershell. The local proxy is a simple Socks 4/5 proxy. The reverse...
Reverse-Shell-Generator – Hosted Reverse Shell Generator With A Ton Of Functionality
Hosted Reverse Shell generator with a ton of functionality -- (great for CTFs) Hosted Instancehttps://revshells.com FeaturesGenerate common listeners and reverse...
OffensivePipeline – Tool To Download, Compile (Without Visual Studio) And Obfuscate C# Tools For Red Team Exercises
OffensivePipeline allows to download, compile (without Visual Studio) and obfuscate C# tools for Red Team exercises. OffensivePipeline downloads the tool...
Rafel-Rat – Android Rat Written In Java With WebPanel For Controlling Victims
Rafel is Remote Access Tool Used to Control Victims Using WebPanel With More Advance Features.Main FeaturesAdmin Permission Add App To...
AnonX – An Encrypted File Transfer Via AES-256-CBC
An Encrypted File transfer via AES-256-CBC AnonX is an encrypted file uploader and downloader. The uploaded archive lasts for one...
Strafer – A Tool To Detect Potential Infections In Elasticsearch Instances
Elasticsearch infections are rising exponentially. The adversaries are exploiting open and exposed Elasticsearch interfaces to trigger infections in the cloud...
F5 Discloses Eight Vulnerabilities—Including Four Critical Ones—in BIG-IP Systems
On March 10, 2021, F5 disclosed eight vulnerabilities, four of which are deemed "critical", the most severe of which is...
Turbo-Intruder – A Burp Suite Extension For Sending Large Numbers Of HTTP Requests And Analyzing The Results
Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results. It's intended...
Lazy-RDP – Script For AutomRDPatic Scanning And Brute-Force
Script For AutomRDPatic Scanning And Brute-Force.Demo Video: Lazy-RDP over SSH: Script for automatic scanning of the address list for the...
SnitchDNS – Database Driven DNS Server With A Web UI
SnitchDNS is a database driven DNS Server with a Web UI, written in Python and Twisted, that makes DNS administration...
Genisys – Powerful Telegram Members Scraping And Adding Toolkit
Powerful Telegram Members Scraping and Adding Toolkit FeaturesADDS IN BULK Scrapes and adds to public groups Works in Windows systems...
Rapid7 Announces Release of New tCell Amazon CloudFront Agent
Cloud-native approaches to building, hosting, and delivering web applications are growing rapidly. Content delivery networks (CDNs) such as Amazon CloudFront...
Confused – Tool To Check For Dependency Confusion Vulnerabilities In Multiple Package Management Systems
A tool for checking for lingering free namespaces for private package names referenced in dependency configuration for Python (pypi) requirements.txt,...
DLLHSC – DLL Hijack SCanner A Tool To Assist With The Discovery Of Suitable Candidates For DLL Hijacking
DLL Hijack SCanner - A tool to generate leads and automate the discovery of candidates for DLL Search Order HijackingContents...
HTTP Bridge – Send TCP Stream Packets Over Simple HTTP Request
I've wrote this program as a proof of concept to test the idea of be able to send tcp stream...
Gitls – Enumerate Git Repository URL From List Of URL / User / Org
Enumerate git repository URL from list of URL / User / Org. Friendly to pipeline This tool is available when...
Go-RouterSocks – Router Sock. One Port Socks For All The Others.
The next step after compromising a machine is to enumerate the network behind. Many tools exist to expose a socks...
