OWASP Risk Assessment Calculator
source :
https://github.com/JavierOlmedo/OWASP-Calculator
online :
https://javierolmedo.github.io/OWASP-Calculator/
https://security-net.biz/files/owaspriskcalc.html
#owasp #Assessment #risk
source :
https://github.com/JavierOlmedo/OWASP-Calculator
online :
https://javierolmedo.github.io/OWASP-Calculator/
https://security-net.biz/files/owaspriskcalc.html
#owasp #Assessment #risk
GitHub
GitHub - JavierOlmedo/OWASP-Calculator: 🧮 An online calculator to assess the risk of web vulnerabilities based on OWASP Risk Assessment
🧮 An online calculator to assess the risk of web vulnerabilities based on OWASP Risk Assessment - JavierOlmedo/OWASP-Calculator
C2 Powershell Command & Control Framework with BuiltIn Commands
کلیه ابزارهای تست نفوذ در قالب اسکریپت ها و ماژول های پاورشل برای بایپس آنتی ویروس
https://github.com/r00t-3xp10it/meterpeter
https://github.com/r00t-3xp10it/meterpeter/releases/tag/v2.10.8
#AMSI #powershell #FUD
کلیه ابزارهای تست نفوذ در قالب اسکریپت ها و ماژول های پاورشل برای بایپس آنتی ویروس
https://github.com/r00t-3xp10it/meterpeter
https://github.com/r00t-3xp10it/meterpeter/releases/tag/v2.10.8
#AMSI #powershell #FUD
GitHub
GitHub - r00t-3xp10it/meterpeter: C2 Powershell Command & Control Framework with BuiltIn Commands
C2 Powershell Command & Control Framework with BuiltIn Commands - r00t-3xp10it/meterpeter
kraker
is a distributed password brute-force system that focused on easy use.
https://github.com/zzzteph/kraker
#bruteforce #kraker #docker
is a distributed password brute-force system that focused on easy use.
https://github.com/zzzteph/kraker
#bruteforce #kraker #docker
GitHub
GitHub - zzzteph/kraker: Kraker is a distributed password brute-force system that focused on easy use.
Kraker is a distributed password brute-force system that focused on easy use. - GitHub - zzzteph/kraker: Kraker is a distributed password brute-force system that focused on easy use.
Mobile Verification Toolkit (MVT) is a collection of utilities to simplify and automate the process of gathering forensic traces helpful to identify a potential compromise of Android and iOS devices.
https://github.com/mvt-project/mvt
#android #ios #forensic
https://github.com/mvt-project/mvt
#android #ios #forensic
GitHub
GitHub - mvt-project/mvt: MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find…
MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise. - mvt-project/mvt
Cobalt Strike Beacon Object File (BOF) that takes the name of of a PE file as an argument and spawns the process in a suspended state
https://github.com/boku7/bof-spawnSuspendedProcess
#cobaltstrike
https://github.com/boku7/bof-spawnSuspendedProcess
#cobaltstrike
GitHub
GitHub - boku7/spawn: Cobalt Strike BOF that spawns a sacrificial process, injects it with shellcode, and executes payload. Built…
Cobalt Strike BOF that spawns a sacrificial process, injects it with shellcode, and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (AC...
PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw function.
https://github.com/topotam/PetitPotam
#EFS #Windows
https://github.com/topotam/PetitPotam
#EFS #Windows
GitHub
GitHub - topotam/PetitPotam: PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw…
PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions. - topotam/PetitPotam
Meet Mushikago
=============
https://github.com/PowderKegTech/mushikago
Mushikago uses game AI technology to select and execute the most appropriate test content based on the environment in spot. The application of game AI technology to security products is new, and our work has shown that game AI is most suitable for penetration testing, where the content needs to change depending on the environment. In addition, Mushikago can automatically perform penetration testing in mixed environments of IT and OT(ICS), and can visualize and report the acquired device, account, and network information. The test contents are also displayed in a format consistent with MITRE ATT&CK. This allows the user to perform penetration testing at a certain level without manual intervention.
Features:
- Full Automatic penetration testing tool
- Device detection
- IT penetration testing
- ICS penetration testing
#penetrationtesting #pentesting #automation #ai #ics
=============
https://github.com/PowderKegTech/mushikago
Mushikago uses game AI technology to select and execute the most appropriate test content based on the environment in spot. The application of game AI technology to security products is new, and our work has shown that game AI is most suitable for penetration testing, where the content needs to change depending on the environment. In addition, Mushikago can automatically perform penetration testing in mixed environments of IT and OT(ICS), and can visualize and report the acquired device, account, and network information. The test contents are also displayed in a format consistent with MITRE ATT&CK. This allows the user to perform penetration testing at a certain level without manual intervention.
Features:
- Full Automatic penetration testing tool
- Device detection
- IT penetration testing
- ICS penetration testing
#penetrationtesting #pentesting #automation #ai #ics
GitHub
GitHub - PowderKegTech/mushikago: an automatic penetration testing tool
an automatic penetration testing tool. Contribute to PowderKegTech/mushikago development by creating an account on GitHub.
A collection of Hacker API tools utilizing the HackerOne API. To build your own Hacker API integration have a look at our getting started docs.
https://github.com/Hacker0x01/awesome-hacker-api-tools
#hackerone #apitools
https://github.com/Hacker0x01/awesome-hacker-api-tools
#hackerone #apitools
Beaconator
A beacon generator using Cobalt Strike and PEzor.
https://github.com/capt-meelo/Beaconator
A beacon generator using Cobalt Strike and PEzor.
https://github.com/capt-meelo/Beaconator
GitHub
GitHub - capt-meelo/Beaconator: A beacon generator using Cobalt Strike and a variety of tools.
A beacon generator using Cobalt Strike and a variety of tools. - capt-meelo/Beaconator
Request smuggler
Http request smuggling vulnerability scanner
https://github.com/sh1yo/request_smuggler
HTTP Desync Attacks: Request Smuggling Reborn
https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn
#request_smuggler
Http request smuggling vulnerability scanner
https://github.com/sh1yo/request_smuggler
HTTP Desync Attacks: Request Smuggling Reborn
https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn
#request_smuggler
GitHub
GitHub - Sh1Yo/request_smuggler: Http request smuggling vulnerability scanner
Http request smuggling vulnerability scanner. Contribute to Sh1Yo/request_smuggler development by creating an account on GitHub.
Medusa is a cross-platform C2 agent compatible with Python 2.7 and 3.8, compatible with Mythic
https://github.com/MythicAgents/Medusa
#c2 #python #medusa
https://github.com/MythicAgents/Medusa
#c2 #python #medusa
GitHub
GitHub - MythicAgents/Medusa: Medusa is a cross-platform C2 agent compatible with Python 2.7 and 3.8, compatible with Mythic
Medusa is a cross-platform C2 agent compatible with Python 2.7 and 3.8, compatible with Mythic - MythicAgents/Medusa
ShellShockHunter
Scan via Shodan search engine then try figure out Vulnerable or not
https://github.com/MrCl0wnLab/ShellShockHunter
#ShellShockHunter
Scan via Shodan search engine then try figure out Vulnerable or not
https://github.com/MrCl0wnLab/ShellShockHunter
#ShellShockHunter
GitHub
GitHub - MrCl0wnLab/ShellShockHunter: It's a simple tool for test vulnerability shellshock
It's a simple tool for test vulnerability shellshock - MrCl0wnLab/ShellShockHunter
Ghost Eye Informationgathering Footprinting Scanner and Recon Tool Release. Ghost Eye is an Information Gathering Tool I made in python 3. To run Ghost Eye, it only needs a domain or ip. Ghost Eye can work with any Linux distros if they support Python 3. Author: Jolanda de Koff
https://github.com/BullsEye0/ghost_eye
#Ghost_eye #informationGathering
https://github.com/BullsEye0/ghost_eye
#Ghost_eye #informationGathering
GitHub
GitHub - BullsEye0/ghost_eye: Ghost Eye Informationgathering Footprinting Scanner and Recon Tool Release. Ghost Eye is an Information…
Ghost Eye Informationgathering Footprinting Scanner and Recon Tool Release. Ghost Eye is an Information Gathering Tool I made in python 3. To run Ghost Eye, it only needs a domain or ip. Ghost Eye ...
#Exegol is a fully featured and community-driven hacking environment
It can be used in pentest engagements, #bugbounty, #CTF, #HackTheBox, #OSCP lab & exam and so on. Exegol's original fate was to be a ready-to-hack docker in case of emergencies during engagements.
https://github.com/ShutdownRepo/Exegol
It can be used in pentest engagements, #bugbounty, #CTF, #HackTheBox, #OSCP lab & exam and so on. Exegol's original fate was to be a ready-to-hack docker in case of emergencies during engagements.
https://github.com/ShutdownRepo/Exegol
GitHub
GitHub - ThePorgs/Exegol: Fully featured and community-driven hacking environment
Fully featured and community-driven hacking environment - ThePorgs/Exegol
Pure Nim implementation for exploiting CVE-2021-36934, the SeriousSAM local privilege escalation
https://github.com/HuskyHacks/ShadowSteal
#LPE
https://github.com/HuskyHacks/ShadowSteal
#LPE
GitHub
GitHub - HuskyHacks/ShadowSteal: Pure Nim implementation for exploiting CVE-2021-36934, the SeriousSAM local privilege escalation
Pure Nim implementation for exploiting CVE-2021-36934, the SeriousSAM local privilege escalation - HuskyHacks/ShadowSteal
https://us-cert.cisa.gov/ics/Downloading-and-Installing-CSET
https://github.com/cisagov/cset
#ICS #CSET
https://github.com/cisagov/cset
#ICS #CSET
www.cisa.gov
Downloading and Installing CSET | CISA
The Cyber Security Evaluation Tool (CSET®) provides a systematic, disciplined, and repeatable approach for evaluating an organization’s security posture. CSET is a desktop software tool that guides asset owners and operators through a step-by-step process…
Authentication testing framework
https://github.com/DigeeX/raider
https://github.com/DigeeX/raider
GitHub
GitHub - DigeeX/raider: DEPRECATED, please use the new repository from OWASP: https://github.com/OWASP/raider
DEPRECATED, please use the new repository from OWASP: https://github.com/OWASP/raider - GitHub - DigeeX/raider: DEPRECATED, please use the new repository from OWASP: https://github.com/OWASP/raider
We developed GRAT2 Command & Control (C2) project for learning purpose.
https://github.com/r3nhat/GRAT2
https://hakin9.org/grat2-command-and-control-c2-tool-written-in-python3-and-the-client-in-net-4-0/
#C2 #python
https://github.com/r3nhat/GRAT2
https://hakin9.org/grat2-command-and-control-c2-tool-written-in-python3-and-the-client-in-net-4-0/
#C2 #python
GitHub
GitHub - r3nhat/GRAT2: We developed GRAT2 Command & Control (C2) project for learning purpose.
We developed GRAT2 Command & Control (C2) project for learning purpose. - r3nhat/GRAT2
DNS Reset Checker
Tools to assess the DNS security of web applications
https://github.com/The-Login/DNS-Reset-Checker
#DNS #Email
Tools to assess the DNS security of web applications
https://github.com/The-Login/DNS-Reset-Checker
#DNS #Email
GitHub
GitHub - The-Login/DNS-Reset-Checker: Tools to assess the DNS security of web applications
Tools to assess the DNS security of web applications - The-Login/DNS-Reset-Checker