Nov. 28, 2024 |
Brainstorm Tool Release: Optimizing Web Fuzzing With Local LLMs |
https://www.reddit.com/r/netsec/comments/1h090sb/brainstorm_tool_release_optimizing_web_fuzzing/
|
Nov. 26, 2024 |
New NachoVPN attack uses rogue VPN servers to install malicious updates |
https://www.bleepingcomputer.com/news/security/new-nachovpn-attack-uses-rogue-vpn-servers-to-install-malicious-updates/
|
Nov. 22, 2024 |
Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests |
http://www.kitploit.com/2024/09/mass-assigner-simple-tool-made-to-probe.html
|
Nov. 22, 2024 |
File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add |
http://www.kitploit.com/2024/09/file-unpumper-tool-that-can-be-used-to.html
|
Nov. 22, 2024 |
Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking |
http://www.kitploit.com/2024/09/damn-vulnerable-drone-intentionally.html
|
Nov. 22, 2024 |
PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit |
http://www.kitploit.com/2024/09/polydrop-byosi-bring-your-own-script.html
|
Nov. 22, 2024 |
SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits |
http://www.kitploit.com/2024/09/safeline-serve-as-reverse-proxy-to.html
|
Nov. 22, 2024 |
Imperius - Make An Linux Kernel Rootkit Visible Again |
http://www.kitploit.com/2024/09/imperius-make-linux-kernel-rootkit.html
|
Sept. 12, 2024 |
SSH Keystroke Obfuscation Bypass |
https://www.reddit.com/r/netsec/comments/1fejh1k/ssh_keystroke_obfuscation_bypass/
|
Aug. 14, 2024 |
Hfinger - Fingerprinting HTTP Requests |
http://www.kitploit.com/2024/06/hfinger-fingerprinting-http-requests.html
|
Aug. 14, 2024 |
Web-Check: The Ultimate Toolkit for Website Analysis and Security Assessment |
https://securityonline.info/web-check-the-ultimate-toolkit-for-website-analysis-and-security-assessment/
|
Aug. 14, 2024 |
Volana - Shell Command Obfuscation To Avoid Detection Systems |
http://www.kitploit.com/2024/06/volana-shell-command-obfuscation-to.html
|
Aug. 14, 2024 |
BokuLoader - A Proof-Of-Concept Cobalt Strike Reflective Loader Which Aims To Recreate, Integrate, And Enhance Cobalt Strike's Evasion Features! |
http://www.kitploit.com/2024/06/bokuloader-proof-of-concept-cobalt.html
|
Aug. 14, 2024 |
Extrude - Analyse Binaries For Missing Security Features, Information Disclosure And More... |
http://www.kitploit.com/2024/06/extrude-analyse-binaries-for-missing.html
|
Aug. 14, 2024 |
VulnNodeApp - A Vulnerable Node.Js Application |
http://www.kitploit.com/2024/06/vulnnodeapp-vulnerable-nodejs.html
|
July 8, 2024 |
Avast Cracks DoNex Ransomware, Offering the Decryptor |
https://securityonline.info/avast-cracks-donex-ransomware-offering-the-decryptor/
|
June 7, 2024 |
PIP-INTEL - OSINT and Cyber Intelligence Tool |
http://www.kitploit.com/2024/06/pip-intel-osint-and-cyber-intelligence.html
|
June 7, 2024 |
ROPDump - A Command-Line Tool Designed To Analyze Binary Executables For Potential Return-Oriented Programming (ROP) Gadgets, Buffer Overflow Vulnerabilities, And Memory Leaks |
http://www.kitploit.com/2024/06/ropdump-command-line-tool-designed-to.html
|
June 7, 2024 |
Thief Raccoon - Login Phishing Tool |
http://www.kitploit.com/2024/06/thief-raccoon-login-phishing-tool.html
|
May 26, 2024 |
Memory Pollution in LLMs: Understanding New AI Security Concerns |
https://www.reddit.com/r/netsec/comments/1cy3iow/memory_pollution_in_llms_understanding_new_ai/
|
May 16, 2024 |
cybersectroll/SharpPersistSD |
https://www.reddit.com/r/netsec/comments/1cr7ioy/cybersectrollsharppersistsd/
|
May 15, 2024 |
VMware makes Workstation Pro and Fusion Pro free for personal use |
https://www.bleepingcomputer.com/news/software/vmware-makes-workstation-pro-and-fusion-pro-free-for-personal-use/
|
May 14, 2024 |
PingRAT - Secretly Passes C2 Traffic Through Firewalls Using ICMP Payloads |
http://www.kitploit.com/2024/05/pingrat-secretly-passes-c2-traffic.html
|
May 14, 2024 |
Gftrace - A Command Line Windows API Tracing Tool For Golang Binaries |
http://www.kitploit.com/2024/05/gftrace-command-line-windows-api.html
|
May 14, 2024 |
Ioctlance - A Tool That Is Used To Hunt Vulnerabilities In X64 WDM Drivers |
http://www.kitploit.com/2024/05/ioctlance-tool-that-is-used-to-hunt.html
|
May 14, 2024 |
BypassFuzzer - Fuzz 401/403/404 Pages For Bypasses |
http://www.kitploit.com/2024/05/bypassfuzzer-fuzz-401403404-pages-for.html
|
May 13, 2024 |
Fuzz just about anything (network, GUI, editors, compilers, etc.) with Program Environment Fuzzing |
https://www.reddit.com/r/netsec/comments/1cqpxyo/fuzz_just_about_anything_network_gui_editors/
|
May 12, 2024 |
LOLSpoof - An Interactive Shell To Spoof Some LOLBins Command Line |
http://www.kitploit.com/2024/05/lolspoof-interactive-shell-to-spoof.html
|
May 5, 2024 |
pcap-did-what: Analyze pcaps with Zeek and a Grafana Dashboard |
https://www.reddit.com/r/netsec/comments/1ckd7ou/pcapdidwhat_analyze_pcaps_with_zeek_and_a_grafana/
|
May 4, 2024 |
BadExclusionsNWBO: identify folder custom or undocumented exclusions on AV/EDR |
https://securityonline.info/badexclusionsnwbo-identify-folder-custom-or-undocumented-exclusions-on-av-edr/
|
April 28, 2024 |
proctools: extracting information and dumping sensitive strings from Windows processes |
https://securityonline.info/proctools-extracting-information-and-dumping-sensitive-strings-from-windows-processes/
|
April 26, 2024 |
Moriarty v1.2 has been released! |
https://www.reddit.com/r/netsec/comments/1ccuggi/moriarty_v12_has_been_released/
|
April 24, 2024 |
ASPJinjaObfuscator: Heavily obfuscated ASP web shell generation tool. |
https://www.reddit.com/r/netsec/comments/1cbx0ob/aspjinjaobfuscator_heavily_obfuscated_asp_web/
|
April 20, 2024 |
EvilLsassTwin - PPL Bypass, Fast 12MB In-Memory Dumps |
https://www.reddit.com/r/netsec/comments/1c7zmpx/evillsasstwin_ppl_bypass_fast_12mb_inmemory_dumps/
|
April 19, 2024 |
Customised CVE Notifier based on keywords |
https://www.reddit.com/r/netsec/comments/1c4mxx3/customised_cve_notifier_based_on_keywords/
|
April 18, 2024 |
Introducing Cloud Console Cartographer: An Open-Source Tool To Help Security Teams Easily Understand Log Events Generated by AWS Console Activity |
https://www.reddit.com/r/netsec/comments/1c7449q/introducing_cloud_console_cartographer_an/
|
April 17, 2024 |
Attackgen - Cybersecurity Incident Response Testing Tool That Leverages The Power Of Large Language Models And The Comprehensive MITRE ATT&CK Framework |
http://www.kitploit.com/2024/04/attackgen-cybersecurity-incident.html
|
April 17, 2024 |
Cookie-Monster - BOF To Steal Browser Cookies & Credentials |
http://www.kitploit.com/2024/04/cookie-monster-bof-to-steal-browser.html
|
April 16, 2024 |
NoArgs - Tool Designed To Dynamically Spoof And Conceal Process Arguments While Staying Undetected |
http://www.kitploit.com/2024/04/noargs-tool-designed-to-dynamically.html
|
April 14, 2024 |
MultiDump - Post-Exploitation Tool For Dumping And Extracting LSASS Memory Discreetly |
http://www.kitploit.com/2024/03/multidump-post-exploitation-tool-for.html
|
April 14, 2024 |
Sicat - The Useful Exploit Finder |
http://www.kitploit.com/2024/04/sicat-useful-exploit-finder.html
|
April 14, 2024 |
Porch-Pirate - The Most Comprehensive Postman Recon / OSINT Client And Framework That Facilitates The Automated Discovery And Exploitation Of API Endpoints And Secrets Committed To Workspaces, Collections, Requests, Users And Teams |
http://www.kitploit.com/2024/04/porch-pirate-most-comprehensive-postman.html
|
April 14, 2024 |
GAP-Burp-Extension - Burp Extension To Find Potential Endpoints, Parameters, And Generate A Custom Target Wordlist |
http://www.kitploit.com/2024/03/gap-burp-extension-burp-extension-to.html
|
April 14, 2024 |
GDBFuzz - Fuzzing Embedded Systems Using Hardware Breakpoints |
http://www.kitploit.com/2024/04/gdbfuzz-fuzzing-embedded-systems-using.html
|
Feb. 13, 2024 |
NTLM Relay Gat: Automating Mass Exploitation of ntlmrelayx Authenticated Sessions |
https://github.com/ad0nis/ntlm_relay_gat
|
Feb. 13, 2024 |
Binary Refinery: High Octane Triage Analysis |
https://github.com/binref/refinery/
|
Feb. 12, 2024 |
Disable Windows Defender (+ UAC Bypass, + Upgrade to SYSTEM) |
https://github.com/EvilGreys/Disable-Windows-Defender-?tab=readme-ov-file#we-will-have-to-restart-the-process-as-many-as-2-times-to-get-all-the-necessary-rights
|
Feb. 11, 2024 |
BadExclusions is a tool to identify folder custom or undocumented exclusions on AV/EDR |
https://github.com/iamagarre/BadExclusions
|
Feb. 11, 2024 |
Source generator to add D/Invoke and indirect syscall methods to a C# project. |
https://github.com/rasta-mouse/CsWhispers
|
Feb. 11, 2024 |
RedPersist is a Windows Persistence tool written in C# |
https://github.com/mertdas/RedPersist
|
Feb. 10, 2024 |
LdrLockLiberator: For when DLLMain is the only way |
https://github.com/ElliotKillick/LdrLockLiberator
|
Dec. 28, 2023 |
EDRSilencer: Windows Filtering Platform (WFP) to block (EDR) agents from reporting security events to the server |
https://github.com/netero1010/EDRSilencer
|
Dec. 25, 2023 |
Patching DLLs with BDF |
https://cryptonominom.com/2023/12/22/DLL-Patching.html
|
Dec. 23, 2023 |
Basebanheimer: Now I Am Become Death, The Destroyer Of Chains |
https://labs.taszk.io/articles/post/basebanheimer_hwio/
|
Dec. 8, 2023 |
CloakQuest3r - Uncover The True IP Address Of Websites Safeguarded By Cloudflare |
https://www.kitploit.com/2023/12/cloakquest3r-uncover-true-ip-address-of.html?m=1#google_vignette
|
Dec. 6, 2023 |
MLX is an array framework for machine learning on Apple silicon |
https://github.com/ml-explore/mlx
|
Dec. 6, 2023 |
pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team. |
https://github.com/knownsec/pocsuite3
|
Dec. 6, 2023 |
PassBreaker - Command-line Password Cracking Tool Developed In Python |
https://www.kitploit.com/2023/12/passbreaker-command-line-password.html
|
Dec. 5, 2023 |
Python tool and library for decrypting MS Office files with passwords or other keys |
https://github.com/nolze/msoffcrypto-tool
|
Dec. 4, 2023 |
Azure DevOps Services Attack Toolkit |
https://github.com/xforcered/ADOKit
|
Dec. 4, 2023 |
WTSRM2 - Writing Tiny Small Reliable Malware 2 |
https://github.com/rad9800/WTSRM2
|
Dec. 4, 2023 |
WTSRM - Writing Tiny Small Reliable Malware |
https://github.com/rad9800/WTSRM
|
Dec. 3, 2023 |
NimExec - Fileless Command Execution For Lateral Movement In Nim |
https://www.kitploit.com/2023/12/nimexec-fileless-command-execution-for.html
|
Nov. 29, 2023 |
Artemis - C++ Hell's Gate Syscall Extractor |
https://github.com/JetP1ane/Artemis
|
Nov. 27, 2023 |
Nidhogg is an all-in-one simple to use rootkit for red teams. |
https://github.com/Idov31/Nidhogg/tree/dev
|
Nov. 27, 2023 |
TrustedSec's Impede Detection Platform is designed to revolutionize detection engineering. |
https://impede.ai/
|
Nov. 24, 2023 |
Offensive Lua: collection of offensive security scripts written in Lua |
https://github.com/hackerhouse-opensource/OffensiveLua
|
Nov. 20, 2023 |
Detects use of Cobalt Strike commands accidentally entered in the CMD shell |
https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_hktl_cobaltstrike_bloopers_cmd/
|
Nov. 19, 2023 |
Mockingjay revisisted - Process stomping and loading beacon with sRDI |
https://www.naksyn.com/edr%20evasion/2023/11/18/mockingjay-revisited-process-stomping-srdi-beacon.html
|
Nov. 19, 2023 |
Introducing the Best EDR Of The Market:
A Little AV/EDR Bypassing Lab |
https://xacone.github.io/BestEdrOfTheMarket.html
|
Nov. 14, 2023 |
Mandiant releases offensive tool to Uncover hidden MSI files in your system with msi-search |
https://github.com/mandiant/msi-search
|
Nov. 2, 2023 |
BOF to add or remove Windows Defender exclusions |
https://github.com/EspressoCake/Defender-Exclusions-Creator-BOF
|
Oct. 30, 2023 |
Hashed and rehashed a tale of Goodware hashes |
https://dansec.medium.com/hashed-and-rehashed-a-tale-of-goodware-hashes-61da19c65528
|
Oct. 20, 2023 |
FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is designed to be used in conjunction with a SIEM or other log aggregation tool |
https://github.com/FalconForceTeam/FalconHound
|
Oct. 17, 2023 |
threat9/routersploit: Exploitation Framework for Embedded Devices |
https://github.com/threat9/routersploit
|
Oct. 14, 2023 |
RecycledInjector - Native Syscalls Shellcode Injector |
https://www.kitploit.com/2023/10/recycledinjector-native-syscalls.html?m=1
|
Oct. 14, 2023 |
Config Extraction from in-memory CobaltStrike Beacons |
https://cyber.wtf/2023/10/13/config-extraction-from-in-memory-cobaltstrike-beacons/
|
Oct. 12, 2023 |
Cobalt Strike 4.5-4.9 Yara Detection |
https://github.com/paranoidninja/Cobaltstrike-Detection/blob/main/cs49.yara
|
Oct. 11, 2023 |
Updated version of System Management Mode backdoor for UEFI based platforms: old dog, new tricks |
https://github.com/Cr4sh/SmmBackdoorNg
|
Oct. 10, 2023 |
perfect-loader: Load a dynamic library from memory by modifying the native Windows loader |
https://github.com/EvanMcBroom/perfect-loader
|
Oct. 9, 2023 |
Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes. |
https://github.com/zer0condition/mhydeath
|
Sept. 30, 2023 |
JonMon for Windows Internals Monitoring |
https://github.com/jsecurity101/JonMon
|
Sept. 24, 2023 |
Bypass EDR Hooks by patching NT API stub, and resolving SSNs and syscall instructions at runtime |
https://github.com/TheD1rkMtr/UnhookingPatch
|
Sept. 24, 2023 |
EDRaser - Tool For Remotely Deleting Access Logs, Windows Event Logs, Databases, And Other Files |
https://www.kitploit.com/2023/09/edraser-tool-for-remotely-deleting.html?m=1
|
Sept. 19, 2023 |
Cheat sheet that contains common enumeration and attack methods for Windows Active Directory. |
https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet
|
Sept. 18, 2023 |
Fully Integrated Adversarial Operations Toolkit (C2, stagers, agents, ephemeral infrastructure, phishing engine, and automation) |
https://github.com/malcomvetter/Periscope
|
Sept. 14, 2023 |
EchoDrv: Tool permitting to abuse Kernel read/write vulnerability in ECHOAC anti-cheat driver echo_driver.sys |
https://github.com/YOLOP0wn/EchoDrv
|
Sept. 14, 2023 |
POSTDump: Another tool to perform minidump of LSASS process using few technics to avoid detection. |
https://github.com/YOLOP0wn/POSTDump
|
Sept. 3, 2023 |
Associated-Threat-Analyzer - Detects Malicious IPv4 Addresses And Domain Names Associated With Your Web Application Using Local Malicious Domain And IPv4 Lists |
https://www.kitploit.com/2023/09/associated-threat-analyzer-detects.html?utm_source=dlvr.it&utm_medium=twitter&m=1
|
Aug. 30, 2023 |
dtlspipes: Generic DTLS wrapper for UDP sessions |
https://github.com/Snawoot/dtlspipe
|
Aug. 30, 2023 |
DNSWatch - DNS Traffic Sniffer and Analyzer |
https://www.kitploit.com/2023/08/dnswatch-dns-traffic-sniffer-and.html?m=1
|
Aug. 29, 2023 |
SandBlaster: Reversing the Apple sandbox from Cellubrite Labs |
https://github.com/cellebrite-labs/sandblaster
|
Aug. 29, 2023 |
FavFreak: Making Favicon.ico based Recon Great again ! |
https://github.com/devanshbatham/FavFreak
|
Aug. 29, 2023 |
CrackMapExec: A swiss army knife for pentesting networks |
https://github.com/mpgn/CrackMapExec
|
Aug. 28, 2023 |
All-in-one OSINT tool for analysing any website |
https://github.com/Lissy93/web-check
|
Aug. 27, 2023 |
CoFuzz: Coordinated hybrid fuzzing framework with advanced coordination mode |
https://github.com/Tricker-z/CoFuzz
|
Aug. 27, 2023 |
GenSym: high-performance, parallel, compilation-based symbolic execution engine |
https://github.com/Generative-Program-Analysis/GenSym
|
Aug. 24, 2023 |
Abacus - AI LLM Context Expansion project |
https://github.com/abacusai/long-context
|
Aug. 23, 2023 |
AD_Enumeration_Hunt - Collection Of PowerShell Scripts And Commands That Can Be Used For Active Directory (AD) Penetration Testing And Security Assessment |
https://www.kitploit.com/2023/08/adenumerationhunt-collection-of.html?m=1
|
Aug. 22, 2023 |
OSINT Tool (github accounts tracker) |
https://github.com/N0rz3/GitSint
|
Aug. 19, 2023 |
RogueSliver: disrupt campaigns using the Sliver C2 framework |
https://github.com/ACE-Responder/RogueSliver
|
Aug. 19, 2023 |
Redeye - A Tool Intended To Help You Manage Your Data During A Pentest Operation |
https://www.kitploit.com/2023/08/redeye-tool-intended-to-help-you-manage.html?m=1
|
Aug. 19, 2023 |
Callisto: An Intelligent Binary Vulnerability Analysis Tool |
https://github.com/JetP1ane/Callisto
|
Aug. 19, 2023 |
Bryobio - NETWORK Pcap File Analysis |
https://www.kitploit.com/2023/08/bryobio-network-pcap-file-analysis.html?m=1
|
Aug. 16, 2023 |
Home Grown Red Team: SMB Pivots With Havoc C2 |
https://assume-breach.medium.com/home-grown-red-team-smb-pivots-with-havoc-c2-554362101d27
|
Aug. 14, 2023 |
Chimera - Automated DLL Sideloading Tool With EDR Evasion Capabilities |
https://www.kitploit.com/2023/08/chimera-automated-dll-sideloading-tool.html?m=1
|
Aug. 14, 2023 |
LTESniffer: An Open-source LTE Downlink/Uplink Eavesdropper |
https://github.com/SysSec-KAIST/LTESniffer
|
Aug. 13, 2023 |
ARTful library for dynamically modifying the Android Runtime |
https://github.com/LaurieWired/ARTful
|
Aug. 13, 2023 |
NixImports - A .NET Malware Loader, Using API-Hashing To Evade Static Analysis |
https://www.kitploit.com/2023/08/niximports-net-malware-loader-using-api.html?m=1
|
Aug. 13, 2023 |
Obligato: implant framework designed for long term persistent access to Windows machines |
https://github.com/BeetleChunks/Obligato
|
Aug. 12, 2023 |
VED-eBPF: Kernel Exploit and Rootkit Detection using eBPF |
https://github.com/hardenedvault/ved-ebpf
|
Aug. 10, 2023 |
ProtoBurp: Encode and Fuzz Custom Protobuf Messages in Burp Suite |
https://www.dillonfrankesecurity.com/posts/protoburp-encode-custom-protobuf-messages-in-burp/
|
Aug. 10, 2023 |
Xurlfind3R - A CLI Utility To Find Domain'S Known URLs From Curated Passive Online Sources |
https://www.kitploit.com/2023/08/xurlfind3r-cli-utility-to-find-domains.html?m=1
|
Aug. 10, 2023 |
Nemesis is an offensive data enrichment pipeline and operator support system. |
https://github.com/specterops/nemesis
|
Aug. 9, 2023 |
https://github.com/microsoft/ics-forensics-tools |
https://github.com/microsoft/ics-forensics-tools
|
Aug. 9, 2023 |
EmploLeaks is an OSINT tool that helps detect members of a company with leaked credentials |
https://github.com/infobyte/emploleaks
|
Aug. 9, 2023 |
DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced |
https://github.com/ShorSec/DavRelayUp
|
Aug. 7, 2023 |
Chimera: Automated DLL Sideloading Tool With EDR Evasion Capabilities |
https://github.com/georgesotiriadis/Chimera#visual-studio-project-setup
|
Aug. 7, 2023 |
AiCEF - An AI-assisted cyber exercise content generation framework using named entity recognition |
https://www.kitploit.com/2023/08/aicef-ai-assisted-cyber-exercise.html?m=1
|
Aug. 4, 2023 |
D1rkInject: Threadless injection that loads a module into the target process and stomps it, and reverting back memory protections and original memory state |
https://github.com/TheD1rkMtr/D1rkInject
|
Aug. 4, 2023 |
RogueSliver: A suite of tools to disrupt campaigns using the Sliver C2 framework. |
https://github.com/ACE-Responder/RogueSliver
|
Aug. 4, 2023 |
Metasploit: This week's wrap up includes 10 new modules with OS X M1/M2 payloads, a Citrix RCE, and AWS Instance sessions |
https://www.rapid7.com/blog/post/2023/08/04/metasploit-weekly-wrap-up-22/
|
Aug. 3, 2023 |
Noir is an attack surface detector from source code. |
https://github.com/hahwul/noir
|
Aug. 3, 2023 |
NixImports: .NET malware loader, using API-Hashing and dynamic invoking to evade static analysis |
https://github.com/dr4k0nia/NixImports#how-to-use
|
Aug. 3, 2023 |
Legit-Labs/legitify: Detect and remediate misconfigurations and security risks across all your GitHub GitLab assets. |
https://github.com/Legit-Labs/legitify
|
Aug. 3, 2023 |
Apollon - Proof-of-Concept to evade auditd by writing /proc/PID/mem |
https://github.com/codewhitesec/apollon
|
Aug. 3, 2023 |
Daphne - Proof-of-Concept to evade auditd by tampering via ptrace |
https://github.com/codewhitesec/daphne
|
Aug. 1, 2023 |
WAF bypasses collection from the Twitter community |
https://github.com/waf-bypass-maker/waf-community-bypasses
|
Aug. 1, 2023 |
seekr: multi-purpose toolkit for gathering and managing OSINT-Data |
https://github.com/seekr-osint/seekr#getting-started---installation
|
Aug. 1, 2023 |
PsudoHash - Generates millions of keyword-based password mutations in seconds |
https://github.com/t3l3machus/psudohash#installation
|
July 30, 2023 |
RansomLord is a proof-of-concept Anti-Ransomware exploitation tool that automates the creation of PE files, used to compromise Ransomware pre-encryption. |
https://github.com/malvuln/RansomLord
|
July 30, 2023 |
LFI-FINDER - Tool Focuses On Detecting Local File Inclusion (LFI) Vulnerabilities |
https://www.kitploit.com/2023/07/lfi-finder-tool-focuses-on-detecting.html?m=1
|
July 29, 2023 |
UAC Bypass By Abusing Kerberos Tickets |
https://github.com/wh0amitz/KRBUACBypass
|
July 28, 2023 |
RWXFinder: Windows-specific tool written in C which uses Windows API functions to traverse through directories and look for DLL files with an RWX section in memory. |
https://github.com/pwnsauc3/RWXFinder
|
July 28, 2023 |
Cartographer: A Ghidra plugin for mapping out code coverage data. Aka Lighthouse for Ghidra. |
https://research.nccgroup.com/2023/07/20/tool-release-cartographer/
|
July 28, 2023 |
Tools & Interesting Things for RedTeam Ops |
https://github.com/bigb0sss/RedTeam-OffensiveSecurity
|
July 27, 2023 |
WSPCoerce: PoC to coerce authentication from Windows hosts using MS-WSP |
https://github.com/slemire/WSPCoerce
|
July 27, 2023 |
UACME - Defeating Windows User Account Control |
https://github.com/hfiref0x/UACME
|
July 27, 2023 |
Mapsdumper - Dump Place Details From Google Maps Like Phone, Email, Website, And Reviews |
https://www.kitploit.com/2023/07/mapsdumper-dump-place-details-from.html?m=1
|
July 27, 2023 |
IMDShift: Prevent SSRF attacks on AWS EC2 |
https://github.com/ayushpriya10/IMDShift#installation
|
July 26, 2023 |
dfir toolkit - CLI tools for forensic investigation of Windows artifacts |
https://github.com/dfir-dd/dfir-toolkit
|
July 26, 2023 |
Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C |
https://github.com/n1nj4sec/pupy
|
July 26, 2023 |
Bashfuscator - A Fully Configurable And Extendable Bash Obfuscation Framework |
https://www.kitploit.com/2023/07/bashfuscator-fully-configurable-and.html?m=1
|
July 26, 2023 |
SSH-PuTTY-login-bruteforcer: Turn PuTTY into an SSH login bruteforcing tool. |
https://github.com/InfosecMatter/SSH-PuTTY-login-bruteforcer
|
July 26, 2023 |
exe_to_dll: Converts a EXE into DLL |
https://github.com/hasherezade/exe_to_dll
|
July 26, 2023 |
A Collection of Chrome Sandbox Escape POCs/Exploits for learning |
https://github.com/allpaca/chrome-sbx-db
|
July 25, 2023 |
AlternativeShellcodeExec: Alternative Shellcode Execution Via Callbacks |
https://github.com/aahmad097/AlternativeShellcodeExec
|
July 24, 2023 |
Redeye is a tool intended to help you manage your data during a pentest operation |
https://github.com/redeye-framework/Redeye#installation
|
July 24, 2023 |
Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel. |
https://github.com/Idov31/Jormungandr
|
July 24, 2023 |
Nuclei v2.8.0 - URL Fuzzing and more |
https://blog.projectdiscovery.io/nuclei-fuzz-all-the-way/
|
July 24, 2023 |
go-secdump is a tool built to remotely extract hashes from the SAM registry hive as well as LSA secrets and cached hashes from the SECURITY hive without any remote agent and without touching disk |
https://github.com/jfjallid/go-secdump
|
July 24, 2023 |
"wptsextensions.dll: WptsExtensions.dll for exploiting DLL hijacking of the task scheduler." |
https://github.com/phackt/wptsextensions.dll
|
July 24, 2023 |
Burp Suite - The top 10 community-created BChecks, so far ... |
https://portswigger.net/blog/the-top-10-community-created-bchecks-so-far
|
July 24, 2023 |
New DLL hijacking opportunities, triggered using DCOM for lateral movement: |
https://github.com/WKL-Sec/dcomhijack
|
July 23, 2023 |
WiFi-OSINT - Some great Wifi, resources, tools and blogs |
https://github.com/cqcore/WiFi-OSINT
|
July 23, 2023 |
stark0de/nginxpwner: Nginxpwner is a simple tool to look for common Nginx misconfigurations and vulnerabilities |
https://github.com/stark0de/nginxpwner
|
July 23, 2023 |
Grimlockx - An ADCS Exploitation Automation Tool Weaponizing Certipy and Coercer |
https://github.com/grimlockx/ADCSKiller
|
July 23, 2023 |
compcheck - Quick and dirty script to check Pre2K computers for default creds via a TGS |
https://github.com/xpn/RandomTSScripts/tree/master
|
July 23, 2023 |
Firefox Decrypt - A tool to extract passwords from Mozilla (Firefox, Waterfox, Thunderbird, SeaMonkey) profiles. |
https://github.com/unode/firefox_decrypt
|
July 23, 2023 |
GitHub - jasperan/whatsapp-osint: WhatsApp spy - logs online/offline events from ANYONE in the world |
https://github.com/jasperan/whatsapp-osint
|
July 22, 2023 |
Various Cobalt Strike BOFs |
https://github.com/rvrsh3ll/BOF_Collection
|
July 22, 2023 |
CitrixInspector - Accurately fingerprint and detect vulnerable (and patched!) versions of Netscaler / Citrix ADC to CVE-2023-3519 |
https://github.com/securekomodo/citrixInspector
|
July 22, 2023 |
PE obfuscator with Evasion in mind |
https://github.com/TheD1rkMtr/PE-Obfuscator#video
|
July 21, 2023 |
PyCript: A burp extension to bypass client side encryption using java python and javascript using custom logic to support any encryption. |
https://github.com/Anof-cyber/PyCript
|
July 21, 2023 |
Web Environment Integrity Explainer |
https://github.com/RupertBenWiser/Web-Environment-Integrity/blob/main/explainer.md
|
July 21, 2023 |
ShadowClone: Boost Your Pentesting Performance in Seconds |
https://securityonline.info/shadowclone-boost-your-pentesting-performance-in-seconds/
|
July 21, 2023 |
WSAST - Static Code Analysis Framework |
https://www.wsast.co.uk/
|
July 21, 2023 |
Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers. |
https://github.com/BC-SECURITY/Empire
|
July 21, 2023 |
Citrix NetScaler ADC CVE-2023-3519 resources |
https://twitter.com/cyb3rops/status/1682297555424628736
|
July 20, 2023 |
hypobrychium - Duplicate (unowned) token from a running process without detections |
https://github.com/foxlox/hypobrychium
|
July 19, 2023 |
Impacket is a collection of Python classes for working with network protocols. |
https://github.com/fortra/impacket
|
July 19, 2023 |
canTot: exploit framework focused on known CAN Bus vulnerabilities or fun CAN Bus hacks |
https://securityonline.info/cantot-exploit-framework-focused-on-known-can-bus-vulnerabilities-or-fun-can-bus-hacks/
|
July 19, 2023 |
Pandas AI is a Python library that integrates generative artificial intelligence capabilities into Pandas, making dataframes conversational |
https://github.com/gventuri/pandas-ai
|
July 19, 2023 |
BrutePrint: bypassing smartphone fingerprint protection |
https://www.kaspersky.com/blog/fingerprint-brute-force-android/48303/?reseller=gb_kdaily-sm_awarn_ona_smm__all_b2c_some_sma_sm-team______&utm_source=twitter&utm_medium=social&utm_campaign=uk_kdaily_db
|
July 19, 2023 |
Network_Assessment - With Wireshark Or TCPdump, You Can Determine Whether There Is Harmful Activity On Your Network Traffic That You Have Recorded On The Network You Monitor |
https://www.kitploit.com/2023/07/networkassessment-with-wireshark-or.html?m=1
|
July 19, 2023 |
Tick3tDump - dump Kerberos tickets using Powershell |
https://github.com/MzHmO/PowershellKerberos/blob/main/dumper.ps1
|
July 18, 2023 |
Introducing CS2BR pt. II – One tool to port them all |
https://blog.nviso.eu/2023/07/17/introducing-cs2br-pt-ii-one-tool-to-port-them-all/
|
July 18, 2023 |
LolDriverScan - Scan vulnerable drivers on Windows with loldrivers.io |
https://github.com/FourCoreLabs/LolDriverScan
|
July 18, 2023 |
HexWalk 1.4.0 , Hex Analyzer new release for Windows/Mac/Linux, new release with Byte Patterns |
https://github.com/gcarmix/HexWalk
|
July 18, 2023 |
Blackbone - Windows Memory Hacking Library |
https://www.kitploit.com/2023/07/blackbone-windows-memory-hacking-library.html?m=1
|
July 17, 2023 |
Drew-Alleman - powershell-backdoor-generator - Reverse backdoor written in PowerShell and obfuscated with Python. |
https://github.com/Drew-Alleman/powershell-backdoor-generator
|
July 17, 2023 |
CISA shares free tools to help secure data in the cloud |
https://www.bleepingcomputer.com/news/security/cisa-shares-free-tools-to-help-secure-data-in-the-cloud/
|
July 17, 2023 |
RoustKit - Rust out-of-tree Linux Kernel Modules (LKMs) experimentation framework |
https://github.com/0xor0ne/RoustKit
|
July 17, 2023 |
VX-API - Collection Of Various Malicious Functionality To Aid In Malware Development |
https://www.kitploit.com/2023/07/vx-api-collection-of-various-malicious.html?m=1
|
July 17, 2023 |
Hacking Active Directory with Sliver C2 |
https://rootsecdev.medium.com/hacking-active-directory-with-sliver-c2-19d7ceabbf13
|
July 17, 2023 |
DakshSCRA: Source Code Review Assist |
https://securityonline.info/dakshscra-source-code-review-assist/
|
July 17, 2023 |
PPLcontrol - Controlling Windows PP(L)s |
https://www.kitploit.com/2023/07/pplcontrol-controlling-windows-ppls.html?m=1
|
July 17, 2023 |
udpy_proto_scanner is a Python script which discovers UDP services by sending triggers to a list of hosts |
https://github.com/CiscoCXSecurity/udpy_proto_scanner
|
July 16, 2023 |
PrivKit: simple beacon object file that detects privilege escalation vulnerabilities |
https://securityonline.info/privkit-simple-beacon-object-file-that-detects-privilege-escalation-vulnerabilities/
|
July 16, 2023 |
RPC Investigator - A new tool for Windows RPC research |
https://blog.trailofbits.com/2023/01/17/rpc-investigator-microsoft-windows-remote-procedure-call/
|
July 15, 2023 |
GitHub - FourCoreLabs/LolDriverScan: Scan vulnerable drivers on Windows System |
https://github.com/FourCoreLabs/LolDriverScan
|
July 15, 2023 |
IAMActionHunter: Identify complex IAM PrivEsc in AWS |
https://rhinosecuritylabs.com/aws/iamactionhunter-aws-iam-permissions/
|
July 15, 2023 |
WormGPT: New AI Tool Allows Cybercriminals to Launch Sophisticated Cyber Attacks |
https://thehackernews.com/2023/07/wormgpt-new-ai-tool-allows.html?m=1
|
July 14, 2023 |
TinySA Ultra Spectrum Analyzer |
https://brushbeater.store/products/tinysa-ultra-spectrum-analyzer
|
July 13, 2023 |
NetAtlas C2 Server Search: detect Command and Control (C2) servers |
https://securityonline.info/netatlas-c2-server-search-detect-command-and-control-c2-servers/
|
July 13, 2023 |
ShuckNT : Shuck hash before trying to crack it |
https://github.com/yanncam/ShuckNT
|
July 13, 2023 |
BlackLotus UEFI Windows Bootkit |
https://github.com/ldpreload/BlackLotus
|
July 13, 2023 |
hvext - Windbg extension implementing commands helpful to study Hyper-V on Intel processors |
https://github.com/tandasat/hvext
|
July 12, 2023 |
BadZure is a PowerShell script that leverages the Microsoft Graph SDK to orchestrate the setup of Azure Active Directory tenants |
https://github.com/mvelazc0/BadZure/
|
July 12, 2023 |
Mantra - A Tool Used To Hunt Down API Key Leaks In JS Files And Pages |
https://www.kitploit.com/2023/07/mantra-tool-used-to-hunt-down-api-key.html?m=1
|
July 10, 2023 |
ShellGhost: memory-based evasion technique |
https://securityonline.info/shellghost-memory-based-evasion-technique/
|
July 8, 2023 |
ShortScan - IIS short filename enumeration tool |
https://github.com/bitquark/shortscan
|
July 8, 2023 |
A Burp Suite Extension for Application Penetration Testing to map flows and vulnerabilities |
https://github.com/Anof-cyber/Pentest-Mapper
|
July 7, 2023 |
apk.sh makes reverse engineering Android apps easier, automating some repetitive tasks like pulling, decoding, rebuilding and patching an APK. |
https://github.com/ax/apk.sh
|
July 7, 2023 |
Badsecrets - A Library For Detecting Known Secrets Across Many Web Frameworks |
https://www.kitploit.com/2023/07/badsecrets-library-for-detecting-known.html?m=1
|
July 7, 2023 |
HardHatC2/DragoQCC - C# Command & Control framework |
https://github.com/DragoQCC/HardHatC2
|
July 7, 2023 |
Behind-This-Website - Checklist for investigating the provenance and ownership of websites. |
https://github.com/jonkeegan/behind-this-website
|
July 7, 2023 |
CrimeFlare is a useful tool for bypassing websites protected by CloudFlare WAF, with this tool you can easily see the real IP of websites that have been protected by CloudFlare |
https://github.com/zidansec/CloudPeler
|
July 6, 2023 |
SOC-Multitool - A Powerful And User-Friendly Browser Extension That Streamlines Investigations For Security Professionals |
https://www.kitploit.com/2023/07/soc-multitool-powerful-and-user.html?m=1
|
July 3, 2023 |
NimExec: Fileless Command Execution for Lateral Movement in Nim |
https://securityonline.info/nimexec-fileless-command-execution-for-lateral-movement-in-nim/
|
July 3, 2023 |
Fully Undetected shellcode loader featuring EDR killer PoC |
https://github.com/florylsk/RecycledInjector
|
July 3, 2023 |
Bropper - An Automatic Blind ROP Exploitation Tool |
https://www.kitploit.com/2023/07/bropper-automatic-blind-rop.html
|
June 29, 2023 |
An automation plugin for Tiny-Tracer framework to trace functions directly out of the executable's import table. |
https://github.com/YoavLevi/IAT-Tracer
|
June 28, 2023 |
Poastal – the Email OSINT tool |
https://securityonline.info/poastal-the-email-osint-tool/
|
June 28, 2023 |
DNS Analyzer - Finding DNS vulnerabilities with Burp Suite |
https://sec-consult.com/blog/detail/dns-analyzer-finding-dns-vulnerabilities-with-burp-suite/
|
June 28, 2023 |
HardHatC2 - A C# Command And Control Framework |
https://www.kitploit.com/2023/06/hardhatc2-c-command-and-control.html?m=1
|
June 27, 2023 |
Coffee: A COFF loader made in Rust |
https://labs.hakaioffsec.com/coffee-a-coff-loader-made-in-rust/
|
June 27, 2023 |
Advanced macOS Command-Line Tools |
https://saurabhs.org/advanced-macos-commands
|
June 27, 2023 |
Cowitness: Enhancing Web Application Testing With External Service Interaction |
https://www.trustedsec.com/blog/introducing-cowitness-enhancing-web-application-testing-with-external-service-interaction/
|
June 25, 2023 |
Windows handle hijacker |
https://github.com/ZeroMemoryEx/Handle-Ripper
|
June 24, 2023 |
EndExt - Go Tool For Extracting All The Possible Endpoints From The JS Files |
https://www.kitploit.com/2023/06/endext-go-tool-for-extracting-all.html
|
June 24, 2023 |
Fileless command execution for Lateral Movement in Nim |
https://github.com/frkngksl/NimExec
|
June 23, 2023 |
The testing framework dedicated to ML models, from tabular to LLMs |
https://github.com/Giskard-AI/giskard
|
June 23, 2023 |
Certsync - Dump NTDS With Golden Certificates And UnPAC The Hash |
https://www.kitploit.com/2023/06/certsync-dump-ntds-with-golden.html
|
June 23, 2023 |
Reddit 1.0 Code in LISP |
https://github.com/reddit-archive/reddit1.0
|
June 23, 2023 |
PyDoS is a service spoofing (DoS) attack tool designed to test and check the stability of network systems |
https://github.com/Phamchie/PyDoS
|
June 22, 2023 |
libslub is a python library to examine the SLUB managements structures and object allocations (the Linux kernel heap implementation) |
https://github.com/nccgroup/libslub
|
June 22, 2023 |
Collection of scripts for reversing Qualcomm baseband / modem firmware |
https://github.com/mzakocs/qualcomm_baseband_scripts
|
June 22, 2023 |
Callisto - An Intelligent Automated Binary Vulnerability Analysis Tool |
https://github.com/JetP1ane/Callisto
|
June 22, 2023 |
SharpFtpC2: Streamlined FTP-Driven Command and Control Conduit |
https://securityonline.info/sharpftpc2-streamlined-ftp-driven-command-and-control-conduit/
|
June 21, 2023 |
Collection of Semgrep rules derived from the OWASP MASTG specifically for Android applications |
https://github.com/mindedsecurity/semgrep-rules-android-security
|
June 21, 2023 |
iOS Triangulation Spyware - VirusTotal |
https://www.virustotal.com/gui/file/fd9e97cfb55f9cfb5d3e1388f712edd952d902f23a583826ebe55e9e322f730f/detection
|
June 20, 2023 |
DebugOff - Linux anti-analysis Rust library |
https://github.com/0xor0ne/debugoff
|
June 20, 2023 |
Password Lists - Dictionaries, Leaks, Usernames |
https://wiki.skullsecurity.org/index.php/Passwords
|
June 20, 2023 |
UEFITool / UEFIExtract / UEFIFind - new GUID database with thousands of new GUIDs |
https://github.com/LongSoft/UEFITool/releases/tag/A67
|
June 20, 2023 |
nbutools is a Python toolbox that aims to assist security audits and analysis of NetBackup infrastructure |
https://github.com/airbus-seclab/nbutools
|
June 19, 2023 |
Python tool to discover login panels, and POST Form SQLi Scanning. Support multiple hosts scanning, targeted SQLi form scanning and proxies. |
https://github.com/Mr-Robert0/Logsensor
|
June 19, 2023 |
Specify what you want it to build, the AI asks for clarification, and then builds it.
GPT Engineer is made to be easy to adapt, extend, and make your agent learn how you want your code to look. It generates an entire codebase based on a prompt. |
https://github.com/AntonOsika/gpt-engineer
|
June 16, 2023 |
PassGPT outperforms existing methods based on generative adversarial networks (GAN) by guessing twice as many previ- ously unseen passwords. |
https://github.com/javirandor/passgpt
|