GraphStrike GraphStrike is a suite of tools that enables Cobalt Strike’s HTTPS Beacon to use Microsoft Graph API for C2 communications. All Beacon traffic will be transmitted via two files created in the attacker’s SharePoint site,...
Daksh SCRA (Source Code Review Assist) Daksh SCRA (Source Code Review Assist) tool is built to enhance the efficiency of the source code review process, providing a well-structured and organized approach for code reviewers....
HBSQLI: Automated Tester For Header-Based Blind SQL Injection HBSQLI is an automated command-line tool for performing Header Based Blind SQL injection attacks on web applications. It automates the process of detecting Header Based Blind...
Ingram This is a webcam device vulnerability scanning tool, that already supports Hikvision, Dahua, and other devices. Installation Firstly, clone this repo: git clone https://github.com/jorhelp/Ingram.git Then, go to the repo dir, create a virtual...
NucleiFuzzer = Nuclei + Paramspider NucleiFuzzer is an advanced automation tool designed to streamline and optimize web application security testing by integrating a suite of powerful URL discovery and vulnerability scanning tools. It combines...
TInjA – the Template INJection Analyzer TInjA is a CLI tool for testing web pages for template injection vulnerabilities. It supports 44 of the most relevant template engines (as of September 2023) for eight different programming languages. Features...
cyberbro This project aims to provide a simple and efficient way to check the reputation of your observables using multiple services, without having to deploy a complex solution. Features Effortless Input Handling: Paste raw logs, IoCs,...
KrbRelayEx-RPC Kerberos Relay and Forwarder for (Fake) RPC/DCOM MiTM Server KrbRelayEx-RPC is a tool similar to my KrbRelayEx designed for performing Man-in-the-Middle (MitM) attacks by relaying Kerberos AP-REQ tickets. This version implements a fake RPC/DCOM server:...
YATAS – Yet Another Testing & Auditing Solution The goal of YATAS is to help you create a secure AWS environment without too much hassle. It won’t check for all best practices but only...
GPT_Vuln-analyzer This is a Proof Of Concept application that demonstrates how AI can be used to generate accurate results for vulnerability analysis and also allows further utilization of the already super useful ChatGPT made...
JSpector JSpector is a Burp Suite extension that passively crawls JavaScript files and automatically creates issues with URLs and endpoints found on the JS files. Prerequisites Before installing JSpector, you need to have Jython...
LitterBox Your malware’s favorite sandbox – where red teamers come to bury their payloads. A sandbox environment designed specifically for malware development and payload testing. This Web Application enables red teamers to validate evasion...
psudohash Psudohash is a password list generator for orchestrating brute force attacks and cracking hashes. It imitates certain password creation patterns commonly used by humans, like substituting a word’s letters with symbols or numbers...
web-check Get an insight into the inner workings of a given website: uncover potential attack vectors, analyse server architecture, view security configurations, and learn what technologies a site is using. Currently, the dashboard will...
Callisto An Intelligent Automated Binary Vulnerability Analysis Tool Callisto is an intelligent automated binary vulnerability analysis tool. Its purpose is to autonomously decompile a provided binary and iterate through the pseudo code output looking...
SMShell PoC for an SMS-based shell. Send commands and receive responses over SMS from mobile broadband-capable computers. This tool came as an inspiration during research on eSIM security implications led by Markus Vervier, presented...
