SGN – Encoder Ported Into Go With Several Improvements
SGN is a polymorphic binary encoder for offensive security purposes such as generating statically undetecable binary payloads. It uses a...
tools
How Rapid7 Customers Are Using Network Traffic Analysis in Detection and Response
In case you missed it, we introduced Network Traffic Analysis for our InsightIDR and MDR customers a few months back....
TeaBreak – A Productivity Burp Extension Which Reminds To Take Break While You Are At Work!
TeaBreak is a simple burp extension for security researchers and bug bounty hunters for helping them to increase their work...
Digital Signature Hijack – Binaries, PowerShell Scripts And Information About Digital Signature Hijacking
Hijacking legitimate digital signatures is a technique that can be used during red team assessments in order to sign PowerShell...
The Security Practitioner’s Intro to the Cloud: Everything You Ever Wanted to Know But Were Afraid to Ask
Before I bought a house a few years ago, my understanding of mortgages was pretty shaky at best. I only...
SecretFinder – A Python Script For Find Sensitive Data (Apikeys, Accesstoken, JWT…) And Search Anything On Javascript Files
SecretFinder is a python script based on LinkFinder, written to discover sensitive data like apikeys, accesstoken, authorizations, jwt,..etc in JavaScript...
SIEM Security Tools: Six Expensive Misconceptions
How next-gen SIEM security solutions increase time to value in a modern threat environmentThe changing security landscape demands the most...
Unlocking the Power of Macro Authentication: Part One
This blog post is part one in a three-part series on macro authentication.You may have come across macro authentication when...
Fsociety – A Modular Penetration Testing Framework
Become a Patron! Installpip install fsocietyUpdatepip install --upgrade fsocietyUsageusage: fsociety A Penetration Testing Frameworkoptional arguments: -h, --help show this help...
EvilDLL – Malicious DLL (Reverse Shell) Generator For DLL Hijacking
Read the license before using any part from this code :)Malicious DLL (Win Reverse Shell) generator for DLL HijackingFeatures:Reverse TCP...
Axiom – A Dynamic Infrastructure Toolkit For Red Teamers And Bug Bounty Hunters!
Project Axiom is a set of utilities for managing a small dynamic infrastructure setup for bug bounty and pentesting. Axiom...
Introducing a New InsightVM Dashboard to Monitor External and Remote Workforce Assets in Your Environment
As our economies start to slowly reopen, knowledge-based jobs are still heavily relying on working from home during the COVID-19...
Fast-Google-Dorks-Scan – Fast Google Dorks Scan
A script to enumerate web-sites using Google dorks.Usage example: ./FGDS.sh megacorp.oneVersion: 0.035, June 07, 2020Features:Looking for the common admin panelLooking...
URLCADIZ – A Simple Script To Generate A Hidden Url For Social Engineering
A simple script to generate a hidden url for social engineering.Legal disclaimer:Usage of URLCADIZ for attacking targets without prior mutual...
Shodanfy.py – Get Ports, Vulnerabilities, Informations, Banners, ..Etc For Any IP With Shodan (No Apikey! No Rate-Limit!)
Get ports,vulnerabilities,informations,banners,..etc for any IP with Shodan (no apikey! no rate limit!)Usage# python3 shodanfy.py <ip> e.g: python3 shodanfy.py 111.111.111.111 python3...
KatroLogger – KeyLogger For Linux Systems
KeyLogger for Linux Systems. FeaturesRuns on GUI systems or CLISending data by email Dependenciescurllibx11-dev (Debian-Based)libX11-devel (RHEL-Based) Compiling# ./configure# make# make...
Attacker-Group-Predictor – Tool To Predict Attacker Groups From The Techniques And Software Used
The tool predicts attacker groups from techniques and softwares used. It searches based on the MITRE ATT&CK frameworkHow it works?1-...
EvilPDF – Embedding Executable Files In PDF Documents
Read the license before using any part from this code :)Hiding executable files in PDF documentsLegal disclaimer:Usage of EvilPDF for...
Needle – Instant Access To You Bug Bounty Submission Dashboard On Various Platforms + Publicly Disclosed Reports + #Bugbountytip
Chrome extension for Instant access to your bug bounty submission dashboard of various platforms + publicly disclosed reports + #bugbountytipNeedle...
RMIScout – Wordlist And Bruteforce Strategies To Enumerate Java RMI Functions And Exploit RMI Parameter Unmarshalling Vulnerabilities
RMIScout performs wordlist and bruteforce attacks against exposed Java RMI interfaces to safely guess method signatures without invocation.On misconfigured servers,...
Support FAQs: Managing Your Organization’s Security in Response to COVID-19
The security industry has always evolved rapidly, but we have never dealt with changes as drastic and unprecedented as we...
Atlas – Quick SQLMap Tamper Suggester
Atlas is an open source tool that can suggest sqlmap tampers to bypass WAF/IDS/IPS, the tool is based on returned...
Stegcloak – Hide Secrets With Invisible Characters In Plain Text Securely Using Passwords
StegCloak is a pure JavaScript steganography module designed in functional programming style, to hide secrets inside text by compressing and...
How Team Collaboration Can Help You Scale the Vulnerability Mountain
“I feel like I’m buried under my growing mountain of vulnerabilities,” said every security professional ever. While this is a...
