WPAxFuzz: full-featured open-source Wi-Fi fuzzer
WPAxFuzz This tool is capable of fuzzing either any management, control, or data frame of the 802.11 protocol or the SAE exchange. For the management, control, or data frames, you...
WPAxFuzz This tool is capable of fuzzing either any management, control, or data frame of the 802.11 protocol or the SAE exchange. For the management, control, or data frames, you...
acltoolkit ACL Toolkit is an ACL abuse swiss-knife. Install git clone https://github.com/zblurx/acltoolkit.git cd acltoolkit pip install . Use Commands get-objectacl The get-objectacl will take a sAMAccountName, a name, a DN,...
dontgo403 dontgo403 is a tool to bypass 40X errors. Customization If you want to edit or add new bypasses, you can add them directly to the specific file in the...
Crassus Windows privilege escalation discovery tool Why “Crassus”? Accenture made a tool called Spartacus, which finds DLL hijacking opportunities on Windows. Using Spartacus as a starting point, we created Crassus to...
APKHunt | OWASP MASVS Static Analyzer APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily...
of-CORS of-CORS is Truffle Security’s tool suite for identifying and exploiting CORS misconfigurations on the internal networks of bug bounty targets using typosquatting. How Does it Work?? of-CORS is a Python3 web...
ScrapPY: PDF Scraping Made Easy ScrapPY is a Python utility for scraping manuals, documents, and other sensitive PDFs to generate targeted wordlists that can be utilized by offensive security tools...
Maintaining Access / Web Maintaining Access
by do son · Published March 13, 2023 · Last modified June 30, 2023
Kraken – a modular multi-language webshell coded by @secu_x11 Support On the one hand, Kraken is supported by different technologies and versions. The following is a list of where Kraken...
ModSecurity Backdoor This is a proof-of-concept of malicious software running inside of ModSecurity WAF. The software has two main functions: Retrieving the content of files. Running commands and retrieving output...
DarkAngel DarkAngel is a fully automatic white hat vulnerability scanner, which can monitor hacker and bugcrowd assets, generate vulnerability reports, and send enterprise WeChat notifications. Currently supported features: Hackerone asset...
ThunderCloud Cloud Exploit Framework This framework can find issues like: 1. S3 directory listing due to misconfigured Cloudfront settings 2. Amazon Cognito misconfiguration to generate AWS temporary credentials 3. Public...
Super Xray xray is an excellent web vulnerability scanning tool, but only the command line version, starts via config.yaml file. In many cases, it is difficult to get started, and...
APCLdr: Payload Loader With Evasion Features Features: no crt functions imported indirect syscalls using HellHall api hashing using the CRC32 hashing algorithm payload encryption using rc4 – payload is saved in .rsrc...
Invoke-PSObfuscation Traditional obfuscation techniques tend to add layers to encapsulate standing code, such as base64 or compression. These payloads do continue to have a varied degree of success, but they...
FindUncommonShares The script FindUncommonShares.py is a Python equivalent of PowerView‘s Invoke-ShareFinder.ps1 allowing you to quickly find uncommon shares in vast Windows Active Directory Domains. Features Only requires a low privileged domain user account. Automatically gets...