Information Security
AutoDirbuster Automatically run and save Dirbuster scans for multiple IPs Why? OWASP Dirbuster is a great directory buster but running it against multiple IPs and ports is a very manual process with a lot...
Utopia Framework Utopia Framework is a Linux post-exploitation framework that exploits Linux SSH vulnerability to provide a shell-like connection. Utopia Framework can be used to easily master Linux SSH exploitation. Why Utopia Framework Simple...
Scantron Scantron is a distributed nmap scanner comprised of two components. The first is a master node that consists of a web front end used for scheduling scans and storing nmap scan targets and...
SubFinder SubFinder is a subdomain discovery tool that uses various techniques to discover massive amounts of subdomains for any target. It has been aimed at a successor to the sublist3r project. SubFinder uses Passive Sources,...
SUDO_KILLER SUDO_KILLER is a tool that can be used for privilege escalation on the Linux environment by abusing SUDO in several ways. The tool helps to identify misconfiguration within sudo rules, vulnerability within the...
AMSI.fail C# Azure Function with an HTTP trigger that generates obfuscated PowerShell snippets that break or disable AMSI for the current process. The snippets are randomly selected from a small pool of techniques/variations before...
URL Tracker Change monitoring app that checks the content of web pages in different periods (hourly, daily, weekly, monthly) and detects if they were modified since the last check. It can be used to...
The Metasploit Project is a computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development. It is a penetration testing platform that enables you to find,...
xeca xeca is a project that creates encrypted PowerShell payloads for offensive purposes. Creating position independent shellcode from DLL files is also possible. How It Works Identify and encrypt the payload. Load encrypted payload...
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang. An introductory blog post can be found here. Evade network detection during a penetration test/red team exercise by using...
Suggested Reading