Adfsbrute – A Script To Test Credentials Against Active Directory Federation Services (ADFS), Allowing Password Spraying Or Bruteforce Attacks

A script to test credentials against Active Directory Federation Services (ADFS), calculating the ADFS url of an organization and allowing password spraying or bruteforce attacks. The main idea is carrying out password spraying attacks with a random and high delay between each test and using a list of proxies or Tor to make the detectionRead More

Gotestwaf – Go Test WAF Is A Tool To Test Your WAF Detection Capabilities Against Different Types Of Attacks And By-Pass Techniques

An open-source Go project to test different web application firewalls (WAF) for detection logic and bypasses. How it works It is a 3-steps requests generation process that multiply amount of payloads to encoders and placeholders. Let’s say you defined 2 payloads, 3 encoders (Base64, JSON, and URLencode) and 1 placeholder (HTTP GET variable). In thisRead More

Ditto – A Tool For IDN Homograph Attacks And Detection

Ditto is a small tool that accepts a domain name as input and generates all its variants for an homograph attack as output, checking which ones are available and which are already registered. PoC domains https://tᴡ https://clᴏ Using with Docker The image on docker hub is updated on every push, you can just: docker runRead More

0D1N v3.4 – Tool For Automating Customized Attacks Against Web Applications (Full Made In C Language With Pthreads, Have A Fast Performance)

0d1n is a tool for automating customized attacks against web applications. This tool is very faster because uses thread pool and C language. 0d1n is a tool for automating customized attacks against web applications. Video demo: Tool functions: Brute force login and passwords in auth forms Directory disclosure ( use PATH list to brute, andRead More

Lockphish – The First Tool For Phishing Attacks On The Lock Screen, Designed To Grab Windows Credentials, Android PIN And iPhone Passcode

Lockphish it’s the first tool (07/04/2020) for phishing attacks on the lock screen, designed to grab Windows credentials, Android PIN and iPhone Passcode using a https link. LockPhish Tutorial: The Linux Choice (Who deleted his GitHub repository)Twitter: Features: Lockscreen phishing page for Windows, Android and iPhone Auto detect device Port Forwarding by NgrokRead More

uriDeep – Unicode Encoding Attacks With Machine Learning

Unicode encoding attacks with machine learning. Tool based on machine learning to create amazing fake domains using confusables. Some domains can deceive IDN policies (Chrome & Firefox). I created the best (big) dictionary of confusables using neural networks. It is used in the tool and it can be download from: [email protected]:~/tool/uriDeep# python3 _Read More

Killchain – A Unified Console To Perform The "Kill Chain" Stages Of Attacks

What is “Kill Chain”? From Wikipedia: The term kill chain was originally used as a military concept related to the structure of an attack; consisting of target identification, force dispatch to target, decision, order to attack the target, and finally the destruction of the target. Reconnaissance – Uses social engineering to find weaknesses in theRead More

Vulnerable-AD – Create A Vulnerable Active Directory That’S Allowing You To Test Most Of Active Directory Attacks In Local Lab

Create a vulnerable active directory that’s allowing you to test most of active directory attacks in local lab.Main Features Randomize Attacks Full Coverage of the mentioned attacks you need run the script in DC with Active Directory installed Some of attacks require client workstation Supported Attacks Abusing ACLs/ACEs Kerberoasting AS-REP Roasting Abuse DnsAdmins Password inRead More

Phirautee – A PoC Crypto Virus To Spread User Awareness About Attacks And Implications Of Ransomwares

A proof of concept crypto virus to spread user awareness about attacks and implications of ransomwares. Phirautee is written purely using PowerShell and does not require any third-party libraries. This tool steals the information, holds an organisation’s data to hostage for payments or permanently encrypts/deletes the organisation data.Phirautee is a Living off the Land (LotL)Read More

Padding-Oracle-Attacker – CLI Tool And Library To Execute Padding Oracle Attacks Easily

CLI tool and library to execute padding oracle attacks easily, with support for concurrent network requests and an elegant UI.InstallMake sure Node.js is installed, then run $ npm install –global padding-oracle-attacker or $ yarn global add padding-oracle-attacker CLI Usage Usage $ padding-oracle-attacker decrypt <url> hex:<ciphertext_hex> <block_size> <error> [options] $ padding-oracle-attacker decrypt <url> b64:<ciphertext_b64> <block_size> <error>Read More