Information Gathering / Web Information Gathering
by do son · Published June 13, 2023 · Last modified August 29, 2023
DeepSecrets – a better tool for secret scanning Yet another tool – why? Existing tools don’t really “understand” code. Instead, they mostly parse texts. DeepSecrets expands classic regex-search approaches with...
PythonMemoryModule pure-python implementation of MemoryModule technique to load a dll or unmanaged exe entirely from memory PythonMemoryModule is a Python ctypes porting of the MemoryModule technique originally published by Joachim Bauch. It can...
Tokenizer Tokenizer is a kernel mode driver project that allows the replacement of a process token in EPROCESS with a system token, effectively elevating the privileges of the process. The...
EPI EPI (Entry Point Injection) is a tool that leverages a new threadless process injection technique that relies on hijacking loaded dll’s entry points. To achieve this goal, EPI patches the...
LightsOut LightsOut will generate an obfuscated DLL that will disable AMSI & ETW while trying to evade AV. This is done by randomizing all WinAPI functions used, xor encoding strings,...
Commander Commander is a command and control framework (C2) written in Python, Flask, and SQLite. It comes with two agents written in Python and C. Features Fully encrypted communication (TLS)...
KittyStager KittyStager is a stage 0 C2 comprising an API, client, and malware. The API is responsible for delivering basic tasks and shellcodes to be injected into memory by the...
IaC Scan Runner The IaC Scanner is an inspection service that aims to scan IaC (Infrastructure as Code) in order to find the problems and security vulnerabilities so that the users...
LTESniffer – An Open-source LTE Downlink/Uplink Eavesdropper LTESniffer is An Open-source LTE Downlink/Uplink Eavesdropper It first decodes the Physical Downlink Control Channel (PDCCH) to obtain the Downlink Control Informations (DCIs) and...
GATOR GATOR – GCP Attack Toolkit for Offensive Research, a tool designed to aid in research and exploiting Google Cloud Environments. It offers a comprehensive range of modules tailored to support users...
Aladdin Aladdin is a payload generation technique based on the work of James Forshaw (@tiraniddo) that allows the deseriallization of a .NET payload and execution in memory. The original vector...
QRExfiltrate This tool is a command line utility that allows you to convert any binary file into a QRcode GIF. The data can then be reassembled visually allowing the exfiltration...
Hades Hades is a basic Command & Control server built using Python. It is currently extremely bare-bones, but I plan to add more features soon. Features are a work in...
EC2StepShell EC2StepShell is an AWS post-exploitation tool for getting high privileges to reverse shells in public or private EC2 instances. It works by sending commands to EC2 instances using ssm:SendCommand...
Mantra The tool in question was created in Go and its main objective is to search for API keys in JavaScript files and HTML pages. It works by checking the...
Support Securityonline.info site. Thanks!
