Loading
svg
Open

Pentesting Tools

  • January 6, 2025By Prapattimynk

    An essential HTTP multi-purpose Probing Tool for Penetration Testers and Security Researchers with Asynchronous httpx client support Overview Subprober is a powerful and efficient tool designed for penetration testers and security professionals. This release introduces several enhancements, bug fixes, and new features to elevate your probing experience. Subprober facilitates fast and reliable information extraction, making

  • January 5, 2025By Prapattimynk

    Your malware’s favorite sandbox – where red teamers come to bury their payloads. A sandbox environment designed specifically for malware development and payload testing. This Web Application enables red teamers to validate evasion techniques, assess detection signatures, and test implant behavior before deployment in the field. Think of it as your personal LitterBox for perfecting

  • December 27, 2024By Prapattimynk

    The ARP protocol relies on mapping IP addresses to MAC addresses. In an ARP spoofing attack, an attacker sends fake ARP messages to devices on the network, claiming to have the MAC address of another device (such as a router or another computer). This misleads other devices, so their data traffic is sent to the

  • December 23, 2024By Prapattimynk

    ZigStrike is a robust shellcode loader developed in Zig, offering a variety of injection techniques and anti-sandbox features. It leverages compile-time capabilities for efficient shellcode allocation, demonstrating proven success in bypassing advanced security solutions. ZigStrike includes a custom payload builder, allowing users to easily select and construct payloads via a web application built with Python.

  • December 23, 2024By Prapattimynk

    SCCMHound is a C# BloodHound collector for Microsoft Configuration Manager (MCM). If you’re looking for a way to collect BloodHound session information from Configuration Manager’s users and computers then this is the tool for you! Highly recommend importing collected data with another collector’s data (SharpHound, SOAPHound, etc.). Doesn’t matter whether it’s imported before or after

  • December 23, 2024By Prapattimynk

    gocheck is a golang implementation of Matterpreter’s DefenderCheck that aims to aid red teams in their malware development capabilities by identifying the exact bytes in their malware that are flagged by security solutions (incomplete integration with enterprise AV, see External Scanners) I also wrote a blog post showcasing this project: Identifying Malicious Bytes in Malware

  • December 23, 2024By Prapattimynk

    Android application that runs a local VPN service to bypass DPI (Deep Packet Inspection) and censorship. This application runs a SOCKS5 proxy ByeDPI and redirects all traffic through it. Installation <img src=”https://github.com/machiav3lli/oandbackupx/blob/034b226cea5c1b30eb4f6a6f313e4dadcbb0ece4/badge_github.png”alt=”Get it on GitHub”height=”80″><img src=”https://gitlab.com/IzzyOnDroid/repo/-/raw/master/assets/IzzyOnDroid.png”alt=”Get it on IzzyOnDroid”height=”80″> Or use Obtainium Settings To bypass some blocks, you may need to change the settings. More

  • December 16, 2024By Prapattimynk

    Improved Speed & Efficiency: Significantly faster and smoother DNS brute-forcing with lightweight resource usage. Memory & Resource Management: Optimized to handle large-scale DNS scans without consuming excessive system resources. Flexible Input: Supports both stdin and file-based domain lists for DNS brute-forcing. Concurrency Control: Rate limiting and concurrency management to ensure stable performance under heavy loads.

  • June 26, 2024By Prapattimynk

    Installation pip install git+https://github.com/blacklanternsecurity/trevorproxy See the accompanying Blog Post for a fun rant and some cool demos! A SOCKS proxy written in Python that randomizes your source IP address. Round-robin your evil packets through SSH tunnels or give them billions of unique source addresses! TREVORproxy IPv6 Subnet Proxy Diagram TREVORproxy SSH Proxy Demo TREVORproxy Subnet

  • June 21, 2024By Prapattimynk

    Most web application firewalls (WAFs) have limitations for how much data they can process when a request body is sent. This means for HTTP requests that contain a request body (i.e. POST, PUT, PATCH etc), it is usually possible to bypass the WAF by simply prepending junk data. When the request is padded with this

  • June 21, 2024By Prapattimynk

    SafeLine is a web security gateway to protect your websites from attacks and exploits. It defenses for all of web attacks, such as sql injection, code injection, os command injection, CRLF injection, ldap injection, xpath injection, rce, xss, xxe, ssrf, path traversal, backdoor, bruteforce, http-flood, bot abused and so on. šŸ Home   |  šŸ“–Documentation  

  • June 21, 2024By Prapattimynk

    Content Introduction Architecture Demo pages Requirements Quick start Administrator’s guide Sensor Server User’s guide Reporting interface Real-life cases Mass scans Anonymous attackers Service attackers Malware Suspicious domain lookups Suspicious ipinfo requests Suspicious direct file downloads Suspicious HTTP requests Port scanning DNS resource exhaustion Data leakage False positives Best practice(s) License Sponsors Developers Presentations Publications Blacklist

  • June 18, 2024By Prapattimynk

    403JUMP is a tool designed for penetration testers and bug bounty hunters to audit the security of web applications. It aims to bypass HTTP 403 (Forbidden) pages using various techniques. Features Multiple Bypass Techniques Including: Different HTTP Verbs Different Headers Path Fuzzing. Customization: Allows customization of headers and cookies for more targeted testing. Concurrency: Performs

  • June 17, 2024By Prapattimynk

    About – v3.6 This is a Chrome/Firefox Extension that can do the following: The ability to show an alert for reflected parameters was inspired by a comment by @renniepak on Episode 42 of the Critical Thinking – Bug Bounty Podcast where he mentioned he had his own browser extension that let him know about any

  • June 17, 2024By Prapattimynk

    A new approach to Browser In The Browser (BITB) without the use of iframes, allowing the bypass of traditional framebusters implemented by login pages like Microsoft. This POC code is built for using this new BITB with Evilginx, and a Microsoft Enterprise phishlet. Before diving deep into this, I recommend that you first check my

  • June 16, 2024By Prapattimynk

    What is keyFinder? keyFinder is chrome extension that searches the DOM for any embedded script link, as script tag may contain keys for specific API(such as Google maps API) and you can add keywords to search for it at any website you visit. Features: it searches the DOM for “src” of scripts and see if

svg