Whatfiles is a Linux utility that logs what files another program reads/writes/creates/deletes on your system. It traces any new processes and threads that are created by the targeted process as well. Rationale: I’ve long been frustrated at the lack of a simple utility to see which files a process touches from main() to exit. WhetherRead More
Scans web applications for second-order subdomain takeover by crawling the app, and collecting URLs (and other data) that match certain rules, or respond in a certain way. Installation From binary Download a prebuilt binary from the releases page and unzip it. From source Go version 1.17 is recommended. go install -v github.com/mhmdiaa/[email protected] Docker docker pullRead More
This repository contains a PowerShell module for detecting artifacts that may be indicators of UNC2452 and other threat actor activity. Some indicators are “high-fidelity” indicators of compromise, while other artifacts are so called “dual-use” artifacts. Dual-use artifacts may be related to threat actor activity, but also may be related to legitimate functionality. Analysis and verificationRead More
Pwndora is a massive and fast IPv4 address range scanner, integrated with multi-threading. Using sockets, it analyzes which ports are open, and collects more information about targets, each result is stored in Elasticsearch. You can integrate with Kibana to be able to visualize and manipulate data, basically it’s like having your own IoT search engineRead More
T-Reqs (Two Requests) is a grammar-based HTTP Fuzzer written as a part of the paper titled “T-Reqs: HTTP Request Smuggling with Differential Fuzzing” which was presented at ACM CCS 2021. BibTeX of the paper: @inproceedings{ccs2021treqs, title={T-Reqs: HTTP Request Smuggling with Differential Fuzzing}, author={Jabiyev, Bahruz and Sprecher, Steven and Onarlioglu, Kaan and Kirda, Engin}, booktitle={Proceedings ofRead More
Wireshark is the most widely used network traffic analyzer. It is an important tool for both live traffic analysis & forensic analysis for forensic/malware analysts. Even though Wireshark provides incredibly powerful functionalities for protocol parsing & filtering, it does not provide any contextual information about network endpoints. For a typical analyst, who has to combRead More
dep-scan is a fully open-source security audit tool for project dependencies based on known vulnerabilities, advisories and license limitations. Both local repositories and container images are supported as input. The tool is ideal for CI environments with built-in build breaker logic. If you have just come across this repo, probably the best place to startRead More
Overview HTTP/1.1 went through a long evolution since 1991 to 2014: HTTP/0.9 – 1991 HTTP/1.0 – 1996 HTTP/1.1 RFC 2068 – 1997 RFC 2616 – 1999 RFC 7230 – 2014 This means there is a variety of servers and clients, which might have different views on request boundaries, creating opportunities for desynchronization attacks (a.k.a. HTTPRead More
pip-audit is a tool for scanning Python environments for packages with known vulnerabilities. It uses the Python Packaging Advisory Database (https://github.com/pypa/advisory-db) via the PyPI JSON API as a source of vulnerability reports. This project is developed by Trail of Bits with support from Google. This is not an official Google product. Features Support for auditingRead More
Super organized and flexible script for sending phishing campaigns. Features Sends to a single email Sends to lists of emails (text) Sends to lists emails with first, last name (csv) Supports attachments Splits emails in groups Delays sending emails between each group Support Tags to be placed and replaced in the message’s body Add {{name}}Read More
