Awesome Android Security – A Curated List Of Android Security Materials And Resources For Pentesters And Bug Hunters

A curated list of Android Security materials and resources For Pentesters and Bug Hunters. Blog AAPG – Android application penetration testing guide TikTok: three persistent arbitrary code executions and one theft of arbitrary files Persistent arbitrary code execution in Android’s Google Play Core Library: details, explanation and the PoC – CVE-2020-8913 Android: Access to appRead More

Grype – A Vulnerability Scanner For Container Images And Filesystems

A vulnerability scanner for container images and filesystems. Easily install the binary to try it out. Features Scan the contents of a container image or filesystem to find known vulnerabilities. Find vulnerabilities for major operating system packages Alpine BusyBox CentOS / Red Hat Debian Ubuntu Find vulnerabilities for language-specific packages Ruby (Bundler) Java (JARs, etc)Read More

TASER – Python3 Resource Library For Creating Security Related Tooling

TASER (Testing And SEecurity Resource) is a Python resource library used to simplify the process of creating offensive security tooling, especially those relating to web or external assessments. It’s modular design makes it easy for code to be customized and re-purposed in a variety of scenarios. Key features Easily invoke web spiders or search engineRead More

JWT-Hack – Tool To En/Decoding JWT, Generate Payload For JWT Attack And Very Fast Cracking(Dict/Brutefoce)

[*] jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce) Installation go-get(dev version) $ go get -u github.com/hahwul/jwt-hack homebrew $ brew tap hahwul/jwt-hack$ brew install jwt-hack snapcraft $ sudo snap install jwt-hack Usage d8p 8d8 d88 888888888 888 888 ,8b. dooooooRead More

Decoder++ – An Extensible Application For Penetration Testers And Software Developers To Decode/Encode Data Into Various Formats

An extensible application for penetration testers and software developers to decode/encode data into various formats. Setup Decoder++ can be either installed by using pip or by pulling the source from this repository: # Install using pippip3 install decoder-plus-plus Overview This section provides you with an overview about the individual ways of interacting with Decoder++. ForRead More

CobaltStrikeScan – Scan Files Or Process Memory For CobaltStrike Beacons And Parse Their Configuration

Scan files or process memory for Cobalt Strike beacons and parse their configuration. CobaltStrikeScan scans Windows process memory for evidence of DLL injection (classic or reflective injection) and performs a YARA scan on the target process’ memory for Cobalt Strike v3 and v4 beacon signatures. Alternatively, CobaltStrikeScan can perform the same YARA scan on aRead More

Manuka – A Modular OSINT Honeypot For Blue Teamers

Manuka is an Open-source intelligence (OSINT) honeypot that monitors reconnaissance attempts by threat actors and generates actionable intelligence for Blue Teamers. It creates a simulated environment consisting of staged OSINT sources, such as social media profiles and leaked credentials, and tracks signs of adversary interest, closely aligning to MITRE’s PRE-ATT&CK framework. Manuka gives Blue TeamsRead More

Pesidious – Malware Mutation Using Reinforcement Learning And Generative Adversarial Networks

Malware Mutation using Deep Reinforcement Learning and GANs The purpose of the tool is to use artificial intelligence to mutate a malware (PE32 only) sample to bypass AI powered classifiers while keeping its functionality intact. In the past, notable work has been done in this domain with researchers either looking at reinforcement learning or generativeRead More

AutoGadgetFS – USB Testing Made Easy

What’s AutoGadgetFS ? AutoGadgetFS is an open source framework that allows users to assess USB devices and their associated hosts/drivers/software without an in-depth knowledge of the USB protocol. The tool is written in Python3 and utilizes RabbitMQ and WiFi access to enable researchers to conduct remote USB security assessments from anywhere around the globe. ByRead More

X