Blog

Short story about Clubhouse user scraping and social graphs

TL;DR During this RedTeam testing, Hexway team used Clubhouse as a social engineering tool to find out more about their client’s employees. UPDATE: While Hexway were preparing this article for publication, cybernews.com reported: 1.3 million scraped user records leaked online for free In this research, Hexway didn’t attack Clubhouse users and didn’t exploit any ClubhouseRead More

VAST – Visibility Across Space And Time

The network telemetry engine for data-driven security investigations. Getting Started — Installation — Documentation — Development — Changelog — License and Scientific Use Chat with us on Gitter, or join us on Matrix at #tenzir_vast:gitter.im. Key Features High-Throughput Ingestion: import numerous log formats over 100k events/second, including Zeek, Suricata, JSON, and CSV. Low-Latency Queries: sub-secondRead More

Baserunner – A Tool For Exploring Firebase Datastores

A tool for exploring and exploiting Firebase datastores. Set up git clone https://github.com/iosiro/baserunner.git cd baserunner npm install npm run build npm start Go to http://localhost:3000 in your browser. Usage The Baserunner interface looks like this: First, use the configuration textbox to load a Firebase configuration JSON structure from the app you’d like to test. ItRead More

DNSObserver – A Handy DNS Service Written In Go To Aid In The Detection Of Several Types Of Blind Vulnerabilities

A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester’s server for out-of-band DNS interactions and sends notifications with the received request’s details via Slack. DNSObserver can help you find bugs such as blind OS command injection, blind SQLi, blind XXE, and manyRead More

CyberBattleSim – An Experimentation And Research Platform To Investigate The Interaction Of Automated Agents In An Abstract Simulated Network Environments

CyberBattleSim is an experimentation research platform to investigate the interaction of automated agents operating in a simulated abstract enterprise network environment. The simulation provides a high-level abstraction of computer networks and cyber security concepts. Its Python-based Open AI Gym interface allows for training of automated agents using reinforcement learning algorithms. The simulation environment is parameterizedRead More

Lucifer – A Powerful Penetration Tool For Automating Penetration Tasks Such As Local Privilege Escalation, Enumeration, Exfiltration And More…

A Powerful Penetration Tool For Automating Penetration Tasks Such As Local Privilege Escalation, Enumeration, Exfiltration and More… Use Or Build Automation Modules To Speed Up Your Cyber Security Life Setup git clone https://github.com/Skiller9090/Lucifer.gitcd Luciferpip install -r requirements.txtpython main.py –help If you want the cutting edge changes add -b dev to the end of git cloneRead More

Waybackurls – Fetch All The URLs That The Wayback Machine Knows About For A Domain

Accept line-delimited domains on stdin, fetch known URLs from the Wayback Machine for *.domain and output them on stdout. Usage example: ▶ cat domains.txt | waybackurls > urls Install: ▶ go get github.com/tomnomnom/waybackurls Credit This tool was inspired by @mhmdiaa’s waybackurls.py script. Thanks to them for the great idea! Download Waybackurls

Red-Detector – Scan Your EC2 Instance To Find Its Vulnerabilities Using Vuls.io

Scan your EC2 instance to find its vulnerabilities using Vuls (https://vuls.io/en/). Audit your EC2 instance to find security misconfigurations using Lynis (https://cisofy.com/solutions/#lynis). Scan your EC2 instance for signs of a rootkit using Chkrootkit (http://www.chkrootkit.org/).  Requirements Configured AWS account with the EC2 actions mentioned below. The policy containing these requirements can be found in red-detector-policy.json. ActionsRead More

WordPress-Brute-Force – Super Fast Login WordPress Brute Force

WordPress Brute Force Super Fast Login .—. .———– / __ / —— / / ( )/ —– ////// ‘ / ` — //// / // : ★★ : — // / / /` ‘–// //.. WpCrack Brute Froce Tool™ ====UU====UU========================== ‘//||` ”“usage: python WpCrack.py [options] optional arguments: -h, –help show this help message and exitRead More

Special Offer for Hackers!Sign up to get your $5 Coupon code, weekly deals and latest hacking tools straight to your inbox!
X