Bug Bounty Reconnaissance Framework The Bug Bounty Reconnaissance Framework (BBRF) can be used to coordinate your reconnaissance workflows across multiple devices. For more background, read the original blog post. If you...
IaC Scan Runner The IaC Scanner is an inspection service that aims to scan IaC (Infrastructure as Code) in order to find the problems and security vulnerabilities so that the users...
A recent security vulnerability has been unearthed in the popular WordPress plugin Gravity Forms, threatening the very fabric of the plugin’s security and the integrity of nearly a million active...
Hidden Desktop BOF Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol...
LTESniffer – An Open-source LTE Downlink/Uplink Eavesdropper LTESniffer is An Open-source LTE Downlink/Uplink Eavesdropper It first decodes the Physical Downlink Control Channel (PDCCH) to obtain the Downlink Control Informations (DCIs) and...
Goblob Goblob is a lightweight and fast enumeration tool designed to aid in the discovery of sensitive information exposed publicy in Azure blobs, which can be useful for various research...
GATOR GATOR – GCP Attack Toolkit for Offensive Research, a tool designed to aid in research and exploiting Google Cloud Environments. It offers a comprehensive range of modules tailored to support users...
Aladdin Aladdin is a payload generation technique based on the work of James Forshaw (@tiraniddo) that allows the deseriallization of a .NET payload and execution in memory. The original vector...
QRExfiltrate This tool is a command line utility that allows you to convert any binary file into a QRcode GIF. The data can then be reassembled visually allowing the exfiltration...
Hades Hades is a basic Command & Control server built using Python. It is currently extremely bare-bones, but I plan to add more features soon. Features are a work in...
EC2StepShell EC2StepShell is an AWS post-exploitation tool for getting high privileges to reverse shells in public or private EC2 instances. It works by sending commands to EC2 instances using ssm:SendCommand...
Afuzz – An automated web path fuzzing tool Afuzz is an automated web path fuzzing tool for the Bug Bounty projects. Features Afuzz automatically detects the development language used by...
Mantra The tool in question was created in Go and its main objective is to search for API keys in JavaScript files and HTML pages. It works by checking the...
EntropyReducer: Reduce The Entropy Of Your Payload And Obfuscate It With Serialized Linked Lists How Does It Work EntropyReducer algorithm is determined by BUFF_SIZE and NULL_BYTES values. The following is how would EntropyReducer organize your payload if BUFF_SIZE was...
rebindMultiA rebindMultiA is a tool to perform a Multiple A Record rebind attack. rebindmultia.com is a domain that I’ve set up to assist with these attacks. It makes every IP its own...
Support Securityonline.info site. Thanks!
