Vulnerable NodeJS Application Vulnerable NodeJS application is developed for web application penetration testers, developers, and secure code review. It can be easily deployed using docker or by manual install complete...
Powershell obfuscation A simple and effective powershell obfuscation tool bypass Anti-Virus, VT. AMSI-bypass obfuscation + ETW-block obfuscation + powershell command obfuscation. The tool with the best anti-obfuscation effect at present...
ShadowSpray A tool to spray Shadow Credentials across an entire domain in hopes of abusing long-forgotten GenericWrite/GenericAll DACLs over other objects in the domain. Why this tool In a lot of...
GitFive GitFive is an OSINT tool to investigate GitHub profiles. Main features : Usernames / names history Usernames / names variations Email address to GitHub account Find GitHub’s accounts from...
BrokenFlow A simple PoC to invoke an encrypted shellcode by using a hidden call. Introduction This code uses a simple trick to hide the instruction that effectively will jump to our...
EvilTree A standalone python3 remake of the classic “tree” command with the additional feature of searching for user-provided keywords/regex in files, highlighting those that contain matches. Created for two main...
Havoc Havoc is a modern and malleable post-exploitation command and control framework, created by @C5pider. Features Client Cross-platform UI written in C++ and Qt Modern, dark theme based on Dracula Teamserver Written...
Web Information Gathering / Web Vulnerability Analysis
by do son · Published December 18, 2022 · Last modified July 17, 2023
Vesta Vesta is a static analysis of vulnerabilities, Docker, and Kubernetes cluster configuration detect toolkit. It inspects Kubernetes and Docker configures cluster pods and containers with safe practices. It also...
Cohab_Processes This Aggressor script is intended to help internal Red Teams identify suspicious or foreign processes (“Cohabitation”) running in their environments. Red Teams may assemble a list of “known” processes...
YAWNING-TITAN YAWNING-TITAN (YT) is an abstract, graph based cyber-security simulation environment that supports the training of intelligent agents for autonomous cyber operations. YAWNING-TITAN currently only supports defensive autonomous agents who...
Freeze Freeze is a payload creation tool used for circumventing EDR security controls to execute shellcode in a stealthy manner. Freeze utilizes multiple techniques to not only remove Userland EDR...
RustChain This tool is a simple PoC of how to hide memory artifacts using an ROP chain in combination with hardware breakpoints. The ROP chain will change the main module...
BlueMap The BlueMap is an interactive tool for identifying IAM misconfigurations, information gathering, abuse of managed identities, detection of user permissions, and much more. All are in interactive mode without...
SEVulDet SEVulDet is a semantics-enhanced deep learning-based framework that can accurately pinpoint vulnerability patterns by extracting, preserving, and learning more semantics. Details of SEVulDet Recent years have seen increased attention...
LDAP Nom Nom Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP) Looks for enabled normal user accounts. No Windows audit logs were generated. High-speed...
Support Securityonline.info site. Thanks!
