The pentester's Swiss knife

HTTP Parameter Discovery Suite

Arjun: HTTP parameter discovery suite

Arjun Arjun can find query parameters for URL endpoints. If you don’t get what that means, it’s okay, read along. Web applications use parameters (or queries) to accept user input, consider the following example...

Binary instrumentation framework

medusa: automates processes and techniques practised

medusa MEDUSA is an extensible and modularized framework that automates processes and techniques practiced during the dynamic analysis of Android and iOS Applications. Some of the framework’s features are the following: Tracing and instrumentation of API calls...

privilege escalation tool

RustPotato: privilege escalation tool

RustPotato is a Rust-based implementation of GodPotato, a privilege escalation tool that abuses DCOM and RPC to leverage SeImpersonatePrivilege and gain NT AUTHORITY\SYSTEM privileges on Windows systems. Key Features TCP-based Reverse Shell: RustPotato features a TCP-based reverse shell based on Rustic64Shell. It leverages Winsock APIs...

NTLM relays exploitation

NTLM Relay Gat: automate the exploitation of NTLM relays

NTLM Relay Gat NTLM Relay Gat is a powerful tool designed to automate the exploitation of NTLM relays using ntlmrelayx.py from the Impacket tool suite. By leveraging the capabilities of ntlmrelayx.py, NTLM Relay Gat streamlines...

Hfinger

Hfinger: fingerprinting HTTP requests

Hfinger – fingerprinting HTTP requests Tool for fingerprinting HTTP requests of malware. Based on Tshark and written in Python3. Working prototype stage 🙂 Its main objective is to provide a representation of malware requests...

capture raw 5G radio frames

QCSuper: capture raw 2G/3G/4G/ 5G radio frames

QCSuper QCSuper is a tool communicating with Qualcomm-based phones and modems, allowing to capture raw 2G/3G/4G (and for certain models 5G) radio frames, among other things. It will allow you to generate PCAP captures of it using either...