KubeStalk – Discovers Kubernetes And Related Infrastructure Based Attack Surface From A Black-Box Perspective

[*]   KubeStalk is a tool to discover Kubernetes and related infrastructure based attack surface from a black-box perspective. This tool is a community version of the tool used to probe for unsecured Kubernetes clusters around the internet during Project Resonance – Wave 9. Usage The GIF below demonstrates usage of the tool: Installation KubeStalkRead More

Certwatcher – Tool For Capture And Tracking Certificate Transparency Logs, Using YAML Templates Based DSL

CertWatcher is a tool for capturing and tracking certificate transparency logs, using YAML templates. The tool helps detect and analyze websites using regular expression patterns and is designed for ease of use by security professionals and researchers. Certwatcher continuously monitors the certificate data stream and checks for patterns or malicious activity. Certwatcher can also beRead More

Shoggoth – Asmjit Based Polymorphic Encryptor

[*] Shoggoth is an open-source project based on C++ and asmjit library used to encrypt given shellcode, PE, and COFF files polymorphically. Shoggoth will generate an output file that stores the payload and its corresponding loader in an obfuscated form. Since the content of the output is position-independent, it can be executed directly as aRead More

GPT_Vuln-analyzer – Uses ChatGPT API And Python-Nmap Module To Use The GPT3 Model To Create Vulnerability Reports Based On Nmap Scan Data

This is a Proof Of Concept application that demostrates how AI can be used to generate accurate results for vulnerability analysis and also allows further utilization of the already super useful ChatGPT. Requirements Python 3.10 All the packages mentioned in the requirements.txt file OpenAi api Usage First Change the “API__KEY” part of the code withRead More

CertWatcher – A Tool For Capture And Tracking Certificate Transparency Logs, Using YAML Templates Based DSL

CertWatcher is a tool for capture and tracking certificate transparency logs, using YAML templates. The tool helps to detect and analyze phishing websites and regular expression patterns, and is designed to make it easy to use for security professionals and researchers. Certwatcher continuously monitors the certificate data stream and checks for suspicious patterns or maliciousRead More

APKHunt – Comprehensive Static Code Analysis Tool For Android Apps That Is Based On The OWASP MASVS Framework

APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers, it can be used by anyone to identify and address potential security vulnerabilities in their code. With APKHunt, mobile software architects or developers canRead More

Pycrypt – Python Based Crypter That Can Bypass Any Kinds Of Antivirus Products

Python Based Crypter That Can Bypass Any Kinds Of Antivirus Products Important: Make Sure your payload file have all the libraries import and it will be a valid payload file How To Use: Find Any Python Based Backdoor/RAT on github. Crypt its payload with pycrypt Now Convert crypted payload to exe using pyinstaller Enjoy Note:Read More

NGWAF – First Iteration Of ML Based Feedback WAF

The Motivation | What is the N3XT ST3P? With the explosive growth of web applications since the early 2000s, web-based attacks have progressively become more rampant. One common solution is the Web Application Firewall (WAF). However, tweaking rules of current WAFs to improve the detection mechanisms can be complex and difficult. NGWAF seeks to addressRead More

Jscythe – Abuse The Node.Js Inspector Mechanism In Order To Force Any Node.Js/Electron/V8 Based Process To Execute Arbitrary Javascript Code

jscythe abuses the node.js inspector mechanism in order to force any node.js/electron/v8 based process to execute arbitrary javascript code, even if their debugging capabilities are disabled. Tested and working against Visual Studio Code, Discord, any Node.js application and more! How Locate the target process. Send SIGUSR1 signal to the process, this will enable the debuggerRead More

Reverse_SSH – SSH Based Reverse Shell

Want to use SSH for reverse shells? Now you can. Manage and connect to reverse shells with native SSH syntax Dynamic, local and remote forwarding Native SCP and SFTP implementations for retrieving files from your targets Full windows shell Mutual client & server authentication to create high trust control channels And more! +—————-+ +———+ |Read More

X