All posts tagged in Pentesting Tool
https://github.com/TheCyb3rAlpha/BobTheSmuggler “Bob the Smuggler”: A tool that leverages HTML Smuggling Attack and allows you to create HTML files with embedded 7z/zip archives. The tool would compress your binary (EXE/DLL) into 7z/zip file format, then XOR encrypt the archive and then hides inside PNG/GIF image file format (Image Polyglots). Quick Update Jan 15th, 2024 – Support for
Get visibility of what’s going on on your WIFI/LAN network. Scan for devices, port changes and get alerts if unknown devices or changes are found. Write your own Plugins with auto-generated UI and in-build notification system. https://github.com/jokob-sk/Pi.Alert Why PiAlert❓ Most of us don’t know what’s going on on our home network, but we want our
This repository contains an advanced Bash script designed for conducting digital forensics on Linux systems. The script automates the collection of a wide range of system and user data, making it a valuable tool for IT professionals, system administrators, and digital forensic investigators. https://github.com/vm32/Digital-Forensics-Script-for-Linux Features Usage Requirements Security and Privacy Linux Distribution Compatibility The advanced
https://github.com/MegaManSec/SSH-Snake SSH-Snake is a powerful tool designed to perform automatic network traversal using SSH private keys discovered on systems, with the objective of creating a comprehensive map of a network and its dependencies to identify the extent that a network can be compromised using SSH and SSH private keys starting from a particular system. SSH-Snake
https://github.com/BeichenDream/GodPotato Based on the history of Potato privilege escalation for 6 years, from the beginning of RottenPotato to the end of JuicyPotatoNG, I discovered a new technology by researching DCOM, which enables privilege escalation in Windows 2012 – Windows 2022, now as long as you have “ImpersonatePrivilege” permission. Then you are “NT AUTHORITY\SYSTEM”, usually WEB
https://github.com/emrekybs/AD-AssessmentKit Contains a collection of Bash scripts designed for comprehensive security audits and network mapping of Active Directory (AD) environments. The scripts automate various tasks including LDAP querying, Kerberos ticket analysis, SMB enumeration, and exploitation of known vulnerabilities like Zerologon and PetitPotam. AD-SecurityAudit.sh Focuses on initial reconnaissance and vulnerability identification in AD domains, requiring only
https://github.com/Aditya-dom/moonwalk-back Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps. moonwalk-back is a 400 KB single-binary executable that can clear your traces while penetration testing a Unix machine. It saves the state of system logs pre-exploitation and reverts that state including the filesystem timestamps post-exploitation leaving zero traces of a ghost in
https://github.com/Quitten/Autorize Autorize is an automatic authorization enforcement detection extension for Burp Suite. It was written in Python by Barak Tawily, an application security expert. Autorize was designed to help security testers by performing automatic authorization tests. With the last release now Autorize also perform automatic authentication tests. Installation User Guide – How to use? Authorization
https://github.com/doyensec/inql InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration. 🌟 Features The InQL user interface is equipped with two primary components: the Scanner and the Attacker. 🔎 Scanner The Scanner is the core of InQL v5.0, where you can analyze a GraphQL endpoint or a local
Hey Hunters and Penetration tester I’m again bringing back my new too with its new version Probuster. Now probuster has been improber for its concurrency to fuzz the directory and file then get accurate results, Probuster now works efficiently in you low end to high end system with concurrency because Python’s coroutine and now update
https://github.com/Mxcoders2s/Slient-Url-Exploit-Slient-Builder-Exploit-Database-Cve-2023-Malware URL Contamination (Muted Java Drive-By) URL Contamination Exploit Muted Java Drive-By downloads can transpire during the act of perusing a website, inaugurating an electronic mail communication. It might even occur through engaging with a malevolent pop-up interface: enticed by the illusion that it pertains to an error dossier from the operating system of the
https://github.com/d0ge/sessionless Sessionless is a Burp Suite extension for editing, signing, verifying, attacking signed tokens: Django TimestampSigner, ItsDangerous Signer, Express cookie-session middleware, OAuth2 Proxy and Tornado’s signed cookies. It provides automatic detection and in-line editing of token within HTTP requests/responses and WebSocket messages, signing of tokens and automation of brute force attacks against signed tokens implementations. It was inspired by Fraser Winterborn
https://github.com/gchq/CyberChef https://gchq.github.io/CyberChef The Cyber Swiss Army Knife CyberChef is a simple, intuitive web app for carrying out all manner of “cyber” operations within a web browser. These operations include simple encoding like XOR and Base64, more complex encryption like AES, DES and Blowfish, creating binary and hexdumps, compression and decompression of data, calculating hashes and
https://github.com/akamai/ddspoof DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments. For additional information, please refer to our blog posts: For information on how to mitigate DDSpoofing attacks in your networks, please refer to Invoke-DHCPCheckup.ps1 Setup Usage Commandline arguments: At startup, DDSpoof will perform the following: After the
https://github.com/Hackmanit/TInjA Features Supported Template Engines .NET Elixir Go Java JavaScript PHP Python Ruby Installation Option 1: Prebuilt Binary Prebuilt binaries of TInjA are provided on the releases page. Option 2: Install Using Go Requirements: go1.21 or higher go install -v github.com/Hackmanit/TInjA@latest
https://github.com/Unit-259/DataBouncing Data Bouncing is a technique for transmitting data between two endpoints using DNS lookups and HTTP header manipulation. This PowerShell version encapsulates core functionalities of data bouncing, including reconnaissance, data exfiltration, and file reassembly, based on a proof of concept (PoC) by John and Dave. More details can be found at The Contractor. This
- 1
- 2
