Ghauri – An Advanced Cross-Platform Tool That Automates The Process Of Detecting And Exploiting SQL Injection Security Flaws

An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws Requirements Python 3 Python pip3 Installation cd to ghauri directory. install requirements: python3 -m pip install –upgrade -r requirements.txt run: python3 install or python3 -m pip install -e . you will be able to access and run theRead More

TerraLdr – A Payload Loader Designed With Advanced Evasion Features

TerraLdr: A Payload Loader Designed With Advanced Evasion Features Details: no crt functions imported syscall unhooking using KnownDllUnhook api hashing using Rotr32 hashing algo payload encryption using rc4 – payload is saved in .rsrc process injection – targetting ‘SettingSyncHost.exe’ ppid spoofing & blockdlls policy using NtCreateUserProcess stealthy remote process injection – chunking using debugging &Read More

Squarephish – An advanced phishing tool that uses a technique combining the OAuth Device code authentication flow and QR codes

SquarePhish is an advanced phishing tool that uses a technique combining the OAuth Device code authentication flow and QR codes. See PhishInSuits for more details on using OAuth Device Code flow for phishing attacks. _____ _____ _ _ _ / ____| | __ | | (_) | | | (___ __ _ _ _ __Read More

Chisel-Strike – A .NET XOR Encrypted Cobalt Strike Aggressor Implementation For Chisel To Utilize Faster Proxy And Advanced Socks5 Capabilities

A .NET XOR encrypted cobalt strike aggressor implementation for chisel to utilize faster proxy and advanced socks5 capabilities. Why write this? In my experience I found socks4/socks4a proxies quite slow in comparison to its socks5 counterparts and a lack of implementation of socks5 in most C2 frameworks. There is a C# wrapper around the goRead More

Scylla – The Simplistic Information Gathering Engine | Find Advanced Information On A Username, Website, Phone Number, Etc

Notice For Deprecation This project is no longer being worked on by the developer. As of today, the program has many flaws and is not up to modern OSINT standards. A lot of APIs utilized within Scylla are no longer working as they did when the project was first released. The developer wrote Scylla outRead More

TokenUniverse – An Advanced Tool For Working With Access Tokens And Windows Security Policy

Token Universe is an advanced tool that provides a wide range of possibilities to research Windows security mechanisms. It has a convenient interface for creating, viewing, and modifying access tokens, managing Local Security Authority and Security Account Manager’s databases. It allows you to obtain and impersonate different security contexts, manage privileges, auditing settings, and soRead More

Raven – Advanced Cyber Threat Map (Simplified, Customizable, Responsive)

Raven – Advanced Cyber Threat Map (Simplified, customizable and responsive. It uses D3.js with TOPO JSON, has 247 countries, ~100,000 cities, and can be used in an isolated environment without external lookups!. Live – Demo Offline – Demo Features Uses D3.js (Not Anime.js) Active threat map (Live and replay) IP, country, city, and portRead More