Reverse Engineering / Smartphone PenTest
by do son · Published May 26, 2019 · Last modified May 24, 2020
APK Studio A Cross-Platform IDE for Reverse-Engineering (Disassembling, Hacking & Rebuilding) Android applications – featuring a friendly UI and Code editor with Syntax-highlighting support. Features Disassembling & Rebuilding APKs Code Editor with Syntax Highlighting...
airgeddon This is a multi-use bash script for Linux systems to audit wireless networks. Features Interface mode switcher (Monitor-Managed) keeping selection even on interface name changing DoS over wireless networks using different methods Assisted...
Information Gathering / Web Information Gathering
by do son · Published May 22, 2019 · Last modified October 25, 2022
h8mail Email OSINT and password finder. Use h8mail to find passwords through a different breach and reconnaissance services, or the infamous “Breach Compilation” torrent. Features 🔎 Email pattern matching (regexp), useful for all those raw HTML...
UACMe Defeating Windows User Account Control by abusing the built-in Windows AutoElevate backdoor. System Requirements x86-32/x64 Windows 7/8/8.1/10/11 (client, some methods, however, works on server version too). Admin account with UAC set on default...
Exploitation / Reverse Engineering
by do son · Published May 21, 2019 · Last modified November 25, 2019
Sickle Sickle is a shellcode development tool created to speed up the various steps needed to create functioning shellcode. Sickle can aid in the following: Identifying instructions resulting in bad characters. Formatting output in...
ACsploit: a tool for generating worst-case inputs for algorithms ACsploit is an interactive command-line utility to generate worst-case inputs to commonly used algorithms. These worst-case inputs are designed to result in the target program...
Kerbrute A tool to quickly bruteforce and enumerate valid Active Directory accounts through Kerberos Pre-Authentication. This tool grew out of some bash scripts I wrote a few years ago to perform bruteforcing using the Heimdal Kerberos...
Spray A Password Spraying tool for Active Directory Credentials by Jacob Wilkin(Greenwolf) Install Requirement All requirements come preinstalled on Kali Linux, to run on other flavors or Mac just make sure curl(owa & Lync)...
Infection Monkey The Infection Monkey is an open-source security tool for testing a data center’s resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self-propagate across a data center...
Password Attacks / Web Information Gathering / Web Vulnerability Analysis
by do son · Published May 19, 2019 · Last modified October 25, 2022
What is a CMS? A content management system (CMS) manages the creation and modification of digital content. It typically supports multiple users in a collaborative environment. Some noteable examples are: WordPress, Joomla, Drupal etc. Functions...
Atomic Caldera A Python 3 script to convert Red Canary Atomic Red Team Tests to MITRE Caldera Stockpile YAML ability files. Backstory While looking into tools to help test and develop Red/Blue (Purple) teams...
Muraena is an almost-transparent reverse proxy aimed at automating phishing and post-phishing activities. The tool re-implements the 15-years old idea of using a custom reverse proxy to dynamically interact with the origin to be targeted,...
THRecon THRecon -Threat Hunting Reconnaissance Toolkit- A collection of PowerShell modules designed for artifact gathering and reconnaissance of Windows-based endpoints. Use cases include incident response triage, threat hunting, baseline monitoring, snapshot comparisons, and more....
pydictor —— A useful hacker dictionary builder for a brute-force attack Q: Why I need to use pydictor? A: 1.it always can help you You can use pydictor to generate a general blast wordlist,...
Defense / Vulnerability Analysis
by do son · Published May 17, 2019 · Last modified October 10, 2021
polscan polscan (short for “Policy Scanner”) Makes your DevOps server configuration/security/automation policies explicit Easily detects configuration drift (Puppet 2/3/4) Provides details on package updates (Debian, PHP, Gem, CVEs via debsecan) Provides basic security checks (SSH,...
Secure Your Connection
