SQLiDetector Simple python script supported with BurpBouty profile that helps you to detect SQL injection “Error based” by sending multiple requests with 14 payloads and checking for 152 regex patterns...
Maintaining Access / Networking
by do son · Published October 23, 2022 · Last modified January 23, 2024
sish An open-source serveo/ngrok alternative. How it works SSH can normally forward local and remote ports. This service implements an SSH server that only handles forwarding and nothing else. The...
SSTImap SSTImap is a penetration testing software that can check websites for Code Injection and Server-Side Template Injection vulnerabilities and exploit them, giving access to the operating system itself. This...
exifLooter ExifLooter finds geolocation on all image urls and directories and also integrates with OpenStreetMap. Installation go install github.com/aydinnyunus/exifLooter@latest Exif Looter depends on exiftool, so make sure it is on your...
Programming / Smartphone PenTest
by do son · Published October 14, 2022 · Last modified September 24, 2023
What is Tai-e? Tai-e (Chinese: 太阿; pronunciation: [ˈtaɪə:]) is a new static analysis framework for Java (please see our technical report for details), which features arguably the “best” designs from both the...
Suborner – A Windows Bribery for Invisible Persistence A simple program to create a Windows account you will only know about 🙂 Create invisible local accounts without net user or...
monomorph MD5-Monomorphic Shellcode Packer – all payloads have the same MD5 hash What does it do? It packs up to 4KB of compressed shellcode into an executable binary, near-instantly. The...
DFShell D3Ext’s Forwarded Shell it’s a python3 script which use mkfifo to simulate a shell into the victim machine. It creates a hidden directory in /dev/shm/.fs/ and there are stored the...
Windows Oracle Database Attack Tool (wodat) Simple port of the popular Oracle Database Attack Tool (ODAT) to C# .Net Framework. Perform password-based attacks e.g. username as password, username list against given...
SteaLinG The SteaLinG is an open-source penetration testing framework designed for social engineering. After the hack, you can upload it to the victim’s device and run it. Features module Short...
Information Gathering / Web Information Gathering
by do son · Published October 4, 2022 · Last modified November 1, 2023
GooFuzz GooFuzz is a script written in Bash Scripting that uses advanced Google search techniques to obtain sensitive information in files or directories without making requests to the web server. GooFuzz performs...
FUD-UUID-Shellcode Another shellcode injection technique using C++ that attempts to bypass Windows Defender using XOR encryption sorcery and UUID strings madness :). How it works Shellcode generation Firstly, generate a payload in...
monkey365 Monkey365 is an Open Source security tool that can be used to easily conduct not only Microsoft 365 but also Azure subscriptions and Azure Active Directory security configuration reviews...
God Genesis God Genesis is a C2 server purely coded in Python3 created to help Red Teamers and Penetration Testers. Currently, It only supports TCP reverse shell but waits a...
Aced Aced is a tool to parse and resolve a single targeted Active Directory principal’s DACL. Aced will identify interesting inbound access allowed privileges against the targeted account, resolve the...
Support Securityonline.info site. Thanks!
