Information Security
Posta Posta is a tool for researching Cross-document Messaging communication. It allows you to track, explore and exploit postMessage vulnerabilities and includes features such as replaying messages sent between windows within any attached browser. Tabs...
The latest National Health Service (NHS) figures show that some 48 percent of GP appointments in the UK during May 2020 were conducted over the telephone. The same is also true of video calls...
pypykatz Mimikatz implementation in pure Python Why do I need these dumps files? In order to create mimikatz in Python, one would have to create structure definitions of a gazillion different structures (check the...
pwntools – CTF toolkit Pwntools is a CTF framework and exploits the development library. Written in Python, it is designed for rapid prototyping and development and intended to make exploit writing as simple as...
Name-That-Hash What is this? Have you ever come across a hash such as 5f4dcc3b5aa765d61d8327deb882cf99 and wondered what type of hash that is? 🤔 Name-that-hash will name that hash type! 🔥 Features 📺 Popularity Ratings – Name that hash...
Tracee – Container, and system tracing using eBPF Tracee is a lightweight and easy to use container and system tracing tool. It allows you to observe system calls and other system events in real-time....
r77 Rootkit Ring 3 rootkit r77 is a ring 3 Rootkit that hides the following entities from all processes: Files, directories, named pipes, scheduled tasks Processes CPU usage Registry keys & values TCP &...
The OWASP Amass tool suite obtains subdomain names by scraping data sources, recursive brute forcing, crawling web archives, permuting/altering names, and reverse DNS sweeping. Additionally, Amass uses the IP addresses obtained during resolution to...
ffuf – Fuzz Faster U Fool A fast web fuzzer written in Go. Heavily inspired by the great projects gobuster and wfuzz. Features Fast! Allows fuzzing of HTTP header values, POST data, and different parts of URL,...
Merlin Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang. An introductory blog post can be found here. Evade network detection during a penetration test/red team exercise by...
Suggested Reading