#IBM #APPSCAN #WEbscanner

#hpe #webinspect #webscanner

#sqlidumper #exploiting

#domhttpx is a google search engine #dorker with HTTP toolkit built with python, can make it easier for you to find many URLs/IPs at once with fast time.
https://github.com/naufalardhani/domhttpx/releases/tag/v0.0.1

#Karton Distributed malware processing framework based on Python, Redis, and MinIO.
karton

This repository. It contains the karton.system service - main service, responsible for dispatching tasks within the system. It also contains the karton.core module, that is used as a library by other systems.
karton-dashboard

A small Flask dashboard for task and queue management and monitoring.
karton-classifier

The "router". It recognises samples/files and produces various task types depending on the file format. Thanks to this, other systems may only listen for tasks with a specific format (for example, only zip archives).
karton-archive-extractor

Generic archive unpacker. Archives uploaded into the system will be extracted, and every file will be processed individually.
karton-config-extractor

Malware extractor. It uses Yara rules and Python modules to extract static configuration from malware samples and analyses. It's a fishing rod, not a fish - we don't share the modules themselves. But it's easy to write your own!
karton-mwdb-reporter

A very important part of the pipeline. Reporter submits all files, tags, comments and other intel produced during the analysis to MWDB. If you don't use MWDB yet or just prefer other backends, it's easy to write your own reporter.
karton-yaramatcher

Automatically runs Yara rules on all files in the pipeline, and tags samples appropriately. Rules not included ;).
karton-asciimagic

Karton system that decodes files encoded with common methods, like hex, base64, etc. (You wouldn't believe how common it is).
karton-autoit-ripper

A small wrapper around AutoIt-Ripper that extracts embedded AutoIt noscripts and resources from compiled AutoIt executables.
DRAKVUF Sandbox

Automated black-box malware analysis system with DRAKVUF engine under the hood, which does not require an agent on guest OS.
https://github.com/CERT-Polska/karton
Doc :
https://karton-core.readthedocs.io/en/latest/index.html

#NExfil is an #OSINT tool written in python for finding profiles by username. The provided usernames are checked on over 350 websites within few seconds. The goal behind this tool was to get results quickly while maintaining low amounts of false positives.
https://github.com/thewhiteh4t/nexfil

#coreimpact75 #Exploitpack #ImmunityCanvas5 #hunt #nessus #shijack

BloodHound
BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment.
https://github.com/BloodHoundAD/BloodHound/releases/tag/4.0.2
#bloodhound #postexploit #activedirectoy

Bettercap
The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and #MITM attacks.
https://github.com/bettercap/bettercap/releases/tag/v2.31.1
#bettercap #sslstrip1 #sslstrip2 #replayattack

"This noscript is intended to mitigate Print Spooler attacks (specifically PrintNightmare CVE-2021-34527) by disabling the Spooler service where it is not needed (non-Print Server servers & DCs)."
https://github.com/jokezone/PowerShell-Scripts/blob/main/Configure-PrintSpooler.ps1#powershell
#blueteam #mitigation #printnightmare

Autoharness
AutoHarness is a tool that automatically generates fuzzing harnesses for you.
https://github.com/parikhakshat/autoharness/releases/tag/1.0
#autoharness #harness #fuzzing

#Keyhacks is a repository which shows quick ways in which #API keys leaked by a bug bounty program can be checked to see if they're valid.
https://github.com/streaak/keyhacks

#GitDump A pentesting tool that dumps the source code from .git even when the directory traversal is disabled
https://github.com/Ebryx/GitDump

Cariddi
Take a list of domains, #crawl urls and #scan for endpoints, secrets, api keys, file extensions, tokens and more...
https://github.com/edoardottt/cariddi
#API #Crawler #information_extraction #API_Scraper #informationGathering

sx is the command-line network scanner designed to follow the UNIX philosophy.
https://github.com/v-byte-cpu/sx/releases/tag/v0.4.0
#Scanner #cli #SX #go #docker

DCRaT c# source Code
https://github.com/qwqdanchun/DcRat/releases/tag/v1.0.7
https://github.com/qwqdanchun/DcRat
#RAT #opensource

PowerShellArmoury
https://github.com/cfalta/PowerShellArmoury/releases/tag/1.5
#AMSI #bypassAV #PostExploit