Security Training Share
The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext, APIs, custom algorithms, databases, etc.). This tool has been developed...
VyAPI – The Modern Cloud-Based Vulnerable Hybrid Android App VyAPI is a vulnerable hybrid Android app that’s vulnerable by design. We call it VyAPI because it’s flaws are pervasive and it communicates not just...
grinder Internet-connected Devices Census Python Framework The Grinder framework was created to automatically enumerate and fingerprint different hosts on the Internet using different back-end systems: search engines, such as Shodan or Censys, for discovering...
AsyncRAT AsyncRAT is a Remote Access Tool (RAT) designed to remotely monitor and control other computers through a secure encrypted connection. Included projects This project includes the following Access terminal for controlling clients Configurable...
DNS File EXfiltration Data exfiltration is a common technique used for post-exploitation, DNS is one of the most common protocols through firewalls. We take the opportunity to build a unique protocol for transferring files...
Start-ADEnum A tool to automate Active Directory enumeration. Tool Prereq This tool requires that you have a runas /netonly shell. Download git clone https://github.com/lkys37en/Start-ADEnum.git Functions Start-PreReqCheck Install-Tools Start-ADEnum Start-PreReqCheck This function determines if the...
Attack Surface Analyzer Attack Surface Analyzer (ASA) is a Microsoft-developed open source security tool that analyzes the attack surface of a target system and reports on potential security vulnerabilities introduced during the installation of...
The well-known penetration testing framework Metasploit recently added a utilization module for the high-risk vulnerability BlueKeep in its exploitation modules. BlueKeep is numbered CVE-2019-0708, a high-risk vulnerability discovered in May this year. It is...
Flying A False Flag This repo contains the slides and concept code for my BlackHat USA 2019 talk about Command and Control. There are three projects in this repo: CloudRacoon – Tools to hunt for...
What is Octopus? Octopus is an open-source, pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S. The main purpose of creating Octopus is for use before any red...
AIL framework – Framework for Analysis of Information Leaks AIL is a modular framework to analyze potential information leaks from unstructured data sources like pastes from Pastebin or similar services or unstructured data streams....
StalkPhish StalkPhish is a tool created for searching into free OSINT databases for specific phishing kits URL. More, StalkPhish is designed to try finding phishing kits sources. Some scammers can’t or don’t remove their phishing kit sources...
EAPHammer is a toolkit for performing targeted evil twin attacks against WPA2-Enterprise networks. It is designed to be used in full scope wireless assessments and red team engagements. As such, the focus is placed...
Shodan-Seeker Command-line tool using Shodan API. Generates and downloads CSV results, diffing of historic scanning results, alerts and monitoring of specific ports/IPs, etc. Diffing implementation for assets discovery on Real-Time or REST API approach....
