WSuspicious – A Tool To Abuse Insecure WSUS Connections For Privilege Escalations

This is a proof of concept program to escalate privileges on a Windows host by abusing WSUS. Details in this blog post: https://www.gosecure.net/blog/2020/09/08/wsus-attacks-part-2-cve-2020-1013-a-windows-10-local-privilege-escalation-1-day/ It was inspired from the WSuspect proxy project: https://github.com/ctxis/wsuspect-proxy Acknowledgements Privilege escalation module written by Maxime Nadeau from GoSecure Huge thanks to: Julien Pineault from GoSecure and Mathieu Novis from ‎SecureOps forRead More

ATMMalScan – Tool for Windows which helps to search for malware traces on an ATM during the DFIR process

ATMMalScan is a commandline tool for Windows operating systems version 7 and higher, which helps to search for malware traces on an ATM during the DFIR process. This tool examines the running processes of a system, as well as the hard disk, depending on the specified file path. To scan a system, a user withRead More

Xnuspy – An iOS Kernel Function Hooking Framework For Checkra1N’Able Devices

Output from the kernel log after compiling and running example/open1_hook.c xnuspy is a pongoOS module which installs a new system call, xnuspy_ctl, allowing you to hook kernel functions from userspace. It supports iOS 13.x and 14.x on checkra1n 0.12.2 and up. 4K devices are not supported. Requires libusb: brew install libusb Building Run make inRead More

Zmap – A Fast Single Packet Network Scanner Designed For Internet-wide Network Surveys

ZMap is a fast single packet network scanner designed for Internet-wide network surveys. On a typical desktop computer with a gigabit Ethernet connection, ZMap is capable scanning the entire public IPv4 address space in under 45 minutes. With a 10gigE connection and PF_RING, ZMap can scan the IPv4 address space in under 5 minutes. ZMapRead More

Sigurlx – A Web Application Attack Surface Mapping Tool

sigurlx a web application attack surface mapping tool, it does …: Categorize URLs URLs’ categories: > endpoint > js {js} > style {css} > data {json|xml|csv} > archive {zip|tar|tar.gz} > doc {pdf|xlsx|doc|docx|txt} > media {jpg|jpeg|png|ico|svg|gif|webp|mp3|mp4|woff|woff2|ttf|eot|tif|tiff} Next, probe HTTP requests to the URLs for status_code, content_type, e.t.c Next, for every URL of category endpoint with aRead More

MetaFinder – Search For Documents In A Domain Through Google

Search For Documents In A Domain Through Google. The Objective Is To Extract Metadata. Installing dependencies: > git clone https://github.com/Josue87/MetaFinder.git> cd MetaFinder> pip3 install -r requirements.txt Usage python3 metafinder.py -t domain.com -l 20 [-v] Parameters: t: Specifies the target domain. l: Specify the maximum number of results to be searched. v: Optional. It is usedRead More

CDK – Zero Dependency Container Penetration Toolkit

CDK is an open-sourced container penetration toolkit, designed for offering stable exploitation in different slimmed containers without any OS dependency. It comes with useful net-tools and many powerful PoCs/EXPs helps you to escape container and takeover K8s cluster easily. Currently still under development, submit issues or mail [email protected] if you need any help. Installation DownloadRead More

Reconftw – Simple Script For Full Recon

This is a simple script intended to perform a full recon on an objective with multiple subdomains tl;dr Requires Go Run ./install.sh before first run (apt, rpm, pacman compatible) git clone https://github.com/six2dez/reconftwcd reconftwchmod +x *.sh./install.sh./reconftw.sh -d target.com -a Features Tools checker Google Dorks (based on deggogle_hunter) Subdomain enumeration (passive, resolution, bruteforce and permutations) Sub TKORead More

X