Blog

Angrgdb – Use Angr Inside GDB – Create An Angr State From The Current Debugger State

Use angr inside GDB. Create an angr state from the current debugger state. Install pip install angrgdbecho “python import angrgdb.commands” >> ~/.gdbinit Usageangrgdb implements the angrdbg API in GDB.You can use it in scripts like this: from angrgdb import *gdb.execute(“b *0x004005f9”)gdb.execute(“r aaaaaaaa”)sm = StateManager()sm.sim(sm[“rax”], 100)m = sm.simulation_manager()m.explore(find=0x00400607, avoid=0x00400613)sm.to_dbg(m.found[0]) #write input to GDBgdb.execute(“x/s $rax”)#0x7fffffffe768: “ais3{I_tak3_g00d_n0t3s}”gdb.execute(“c”)#Correct! thatRead More

SSHPry v2.0 – Spy and Control os SSH Connected client’s TTY

This is a second release of SSHPry tool, with multiple features added. Control of target’s TTY Built-In Keylogger Console-Level phishing Record & Replay previous sessions Demo Blogpost: http://www.korznikov.com/2017/09/sshpry-v2-spy-control-ssh-connected.htmlTwitter: @nopernik Howto./sshpry2.py Files:sshpry2.py – the toolEverything else parts of code used in the tool (does not depends on them) Download SSHPry2.0

HikPwn – A Simple Scanner For Hikvision Devices

[*] HikPwn, a simple scanner for Hikvision devices with basic vulnerability scanning capabilities written in Python 3.8. This project was born out of curiosity while I was capturing and watching network traffic generated by some of Hikvision’s software and devices.Setup instructions: git clone https://github.com/4n4nk3/HikPwn.gitcd HikPwnpip install -r requirements.txt Tested on: Python 3.8 on Linux 4.19Read More

Sandcastle – A Python Script For AWS S3 Bucket Enumeration

[*] Inspired by a conversation with Instacart’s @nickelser on HackerOne, I’ve optimised and published Sandcastle – a Python script for AWS S3 bucket enumeration, formerly known as bucketCrawler.The script takes a target’s name as the stem argument (e.g. shopify) and iterates through a file of bucket name permutations, such as the ones below: -training-bucket-dev-attachments-photos-elasticsearch[…] GettingRead More

Tweetshell – Multi-thread Twitter BruteForcer In Shell Script

Tweetshell is an Shell Script to perform multi-threaded brute force attack against Twitter, this script can bypass login limiting and it can test infinite number of passwords with a rate of +400 passwords/min using 20 threads.Legal disclaimer:Usage of TweetShell for attacking targets without prior mutual consent is illegal. It’s the end user’s responsibility to obeyRead More

Jackdaw – Tool To Collect All Information In Your Domain And Show You Nice Graphs

Jackdaw is here to collect all information in your domain, store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reportingRead More

Frida API Fuzzer – This Experimetal Fuzzer Is Meant To Be Used For API In-Memory Fuzzing

This experimental fuzzer is meant to be used for API in-memory fuzzing.The design is highly inspired and based on AFL/AFL++.ATM the mutator is quite simple, just the AFL’s havoc and splice stages.I tested only the examples under tests/, this is a WIP project but is known to works at least on GNU/Linux x86_64 and AndroidRead More

FProbe – Take A List Of Domains/Subdomains And Probe For Working HTTP/HTTPS Server

FProbe – Fast HTTP Probe Installation GO111MODULE=on go get -u github.com/theblackturtle/fprobe Features Take a list of domains/subdomains and probe for working http/https server. Optimize RAM and CPU in runtime. Support special ports for each domain Verbose in JSON format with some additional headers, such as Status Code, Content Type, Location. Usage Usage of fprobe: -cRead More

MSSQLi-DUET – SQL Injection Script For MSSQL That Extracts Domain Users From An Active Directory Environment Based On RID Bruteforcing

SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing. Supports various forms of WAF bypass techniques through the implementation of SQLmap tamper functions. Additional tamper functions can be incorporated by the user depending on the situation and environment.Comes in two flavors: straight-up Python script for terminalRead More

X