Debugging module for Malware Analysis Automation For a step by step post on how to use Lupo, with images and instructions, please see this post: https://medium.com/@vishal_thakur/lupo-malware-ioc-extractor-cc86ae76b85d Introduction Working on security incidents that involve malware, we come across situations on a regular basis where we feel the need to automate parts of the analysis process asRead More
SyntheticSun is a defense-in-depth security automation and monitoring framework which utilizes threat intelligence, machine learning, managed AWS security services and, serverless technologies to continuously prevent, detect and respond to threats. You sleep in fragmented glassWith reflections of you,But are you feeling alive?Yeah let me ask you,Are you feeling alive?– Norma Jean, 2016 Synopsis Uses event-Read More
>_ Introduction 4-ZERO-3 Tool to bypass 403/401. This script contain all the possible techniques to do the same. NOTE : If you see multiple [200 Ok]/bypasses as output, you must check the Content-Length. If the content-length is same for multiple [200 Ok]/bypasses means false positive. Reason can be “301/302” or “../” [Payload] DON’T PANIC. ScriptRead More
efiXplorer – IDA plugin for UEFI firmware analysis and reverse engineering automation Supported versions of Hex-Rays products: everytime we focus on last versions of IDA and Decompiler because we try to use most recent features from new SDK releases. That means we tested only on recent versions of Hex-Rays products and do not guarantee stableRead More
Reconmap is a vulnerability assessment and penetration testing (VAPT) platform. It helps software engineers and infosec pros collaborate on security projects, from planning, to implementation and documentation. The tool’s aim is to go from recon to report in the least possible time. Demo Details on how to connect to the live demo server can beRead More
Full Automation Recon tool which works with Small and Medium scopes. ّIt’s recommended to use it on VPS, it’ll discover secrets and searching for vulnerabilities So, Welcome and let’s deep into it <3 Updates Version 1.1, what’s new? (Very Recommended) Fixing multiple issues with the used tools. Upgrading to python3 Editing the tool’s methedology, youRead More
Overlord provides a python-based console CLI which is used to build Red Teaming infrastructure in an automated way. The user has to provide inputs by using the tool’s modules (e.g. C2, Email Server, HTTP web delivery server, Phishing server etc.) and the full infra / modules and scripts will be generated automatically on a cloudRead More
Blog can be found at https://medium.com/@patelkathan22/beginners-guide-on-how-you-can-use-javascript-in-bugbounty-492f6eb1f9ea?sk=21500dc4288281c7e6ed2315943269e7 Script made for all your javascript recon automation in bugbounty. Just pass subdomain list to it and options according to your preference. Features 1 – Gather Jsfile Links from different sources.2 – Import File Containing JSUrls3 – Extract Endpoints from Jsfiles4 – Find Secrets from Jsfiles5 – Get JsfilesRead More
An automation tool that scans sub-domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters. Requirements: Go Language, Python 2.7 or Python 3. System requirements: Recommended to run on vps with 1VCPU and 2GB ram. Tools used – You must need to install these tools to use this script SubFinderRead More
Web Application Security Recon Automation Framework It takes user input as a domain name and maximize the attack surface area by listing the assets of the domain like – Subdomains from – Amass ,findomain, subfinder & resolvable subdomains using shuffledns Screenshots Port Scan JS files Httpx Status codes of subdomains Dirsearch file/dir paths by fuzzingRead More
