ADOKit: Azure DevOps Services Attack Toolkit
ADOKit Azure DevOps Services Attack Toolkit – ADOKit is a toolkit that can be used to attack Azure DevOps Services by taking advantage of the available REST API. The tool allows the user to...
Category: Network PenTest
Cookie-Monster: BOF to steal browser cookies & credentials
Cookie-Monster Steal browser cookies for Edge, Chrome, and Firefox through a BOF or exe! Cookie-Monster will extract the WebKit master key, locate a browser process with a handle to the Cookies and Login Data...
LOLSpoof: An interactive shell to spoof some LOLBins command line
LOLSpoof LOLSpoof is an interactive shell program that automatically spoofs the command line arguments of the spawned process. Just call your incriminate-looking command line LOLBin (e.g. powershell -w hidden -enc ZwBlAHQALQBwAHIAbwBjAGUA….) and LOLSpoof will...
ioctlance: detect various vulnerability types in Windows Driver Model (WDM) drivers
IOCTLance Presented at CODE BLUE 2023, this project titled Enhanced Vulnerability Hunting in WDM Drivers with Symbolic Execution and Taint Analysis introduces IOCTLance, a tool that enhances its capacity to detect various vulnerability types in Windows Driver...
DockerExploit: Docker Remote API Scanner and Exploit
Docker Remote API Scanner and Exploit This repository contains a Docker Remote API Scanner and Exploit tool designed for educational and research purposes. It enables users to perform security assessments and experiments related to...
RemoteTLSCallbackInjection: execute a payload without spawning any threads in a remote process
Maldev Academy – RemoteTLSCallbackInjection This method utilizes TLS callbacks to execute a payload without spawning any threads in a remote process. This method is inspired by Threadless Injection as RemoteTLSCallbackInjection does not invoke any API calls...
AngryOxide v0.8.7b releases: 802.11 Attack Tool
AngryOxide AngryOxide was developed as a way to learn Rust, netlink, kernel sockets, and WiFi exploitation all at once. The overall goal of this tool is to provide a single-interface survey capability with advanced...
NovaLdr: Threadless Module Stomping In Rust
NovaLdr NovaLdr is a Threadless Module Stomping written in Rust, designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve...
SBSCAN: penetration testing tool specifically designed for the Spring framework
SBSCAN SBSCAN is a penetration testing tool specifically designed for the Spring framework, capable of scanning specified sites for Spring Boot sensitive information and verifying related Spring vulnerabilities. Most Comprehensive Dictionary for Sensitive Paths:...
avred: AntiVirus REDucer for AntiVirus REDteaming
avred AntiVirus REDucer for AntiVirus REDteaming. Avred is being used to identify which parts of a file are identified by an Antivirus and tries to show as much possible information and context about each...
xeol: scanner for end-of-life software in container images, filesystems, and SBOMs
xeol A scanner for end-of-life (EOL) packages in container images, filesystems, and SBOMs What is EOL software? End of Life (EOL) means the vendor has decided the software in question has reached the end...
LinikatzV2: A tool to attack Active Directory on UNIX
LinikatzV2 LinikatzV2 is a bash script based on the Linikatz tool developed by a time machine. It allows post-exploitation tasks on UNIX computers joined to Active Directory, using various methods for credential mining. This...
apk2url: quickly extract IP and URL endpoints from APKs
apk2url apk2url easily extracts URL and IP endpoints from an APK file to a .txt output. This is suitable for information gathering by the red team, penetration testers, and developers to quickly identify endpoints...
pandora v1.0 releases: A red team tool to extract credentials from password managers
Pandora This is a red team tool that assists in gathering credentials from different password managers. They are separated into three categories, Windows 10 desktop applications, browsers, and browser plugins. This may work on...
VulnMapAI: Revolutionizing Vulnerability Reports with GPT-4 and Nmap
VulnMapAI VulnMapAI combines the power of Nmap’s detailed network scanning and the advanced natural language processing capabilities of GPT-4 to generate comprehensive and intelligible vulnerability reports. It aims to facilitate the identification and understanding...
