[*] KubeStalk is a tool to discover Kubernetes and related infrastructure based attack surface from a black-box perspective. This tool is a community version of the tool used to probe for unsecured Kubernetes clusters around the internet during Project Resonance – Wave 9. Usage The GIF below demonstrates usage of the tool: Installation KubeStalkRead More
CertWatcher is a tool for capturing and tracking certificate transparency logs, using YAML templates. The tool helps detect and analyze websites using regular expression patterns and is designed for ease of use by security professionals and researchers. Certwatcher continuously monitors the certificate data stream and checks for patterns or malicious activity. Certwatcher can also beRead More
[*] Shoggoth is an open-source project based on C++ and asmjit library used to encrypt given shellcode, PE, and COFF files polymorphically. Shoggoth will generate an output file that stores the payload and its corresponding loader in an obfuscated form. Since the content of the output is position-independent, it can be executed directly as aRead More
This is a Proof Of Concept application that demostrates how AI can be used to generate accurate results for vulnerability analysis and also allows further utilization of the already super useful ChatGPT. Requirements Python 3.10 All the packages mentioned in the requirements.txt file OpenAi api Usage First Change the “API__KEY” part of the code withRead More
CertWatcher is a tool for capture and tracking certificate transparency logs, using YAML templates. The tool helps to detect and analyze phishing websites and regular expression patterns, and is designed to make it easy to use for security professionals and researchers. Certwatcher continuously monitors the certificate data stream and checks for suspicious patterns or maliciousRead More
APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers, it can be used by anyone to identify and address potential security vulnerabilities in their code. With APKHunt, mobile software architects or developers canRead More
Python Based Crypter That Can Bypass Any Kinds Of Antivirus Products Important: Make Sure your payload file have all the libraries import and it will be a valid payload file How To Use: Find Any Python Based Backdoor/RAT on github. Crypt its payload with pycrypt Now Convert crypted payload to exe using pyinstaller Enjoy Note:Read More
The Motivation | What is the N3XT ST3P? With the explosive growth of web applications since the early 2000s, web-based attacks have progressively become more rampant. One common solution is the Web Application Firewall (WAF). However, tweaking rules of current WAFs to improve the detection mechanisms can be complex and difficult. NGWAF seeks to addressRead More
jscythe abuses the node.js inspector mechanism in order to force any node.js/electron/v8 based process to execute arbitrary javascript code, even if their debugging capabilities are disabled. Tested and working against Visual Studio Code, Discord, any Node.js application and more! How Locate the target process. Send SIGUSR1 signal to the process, this will enable the debuggerRead More
Want to use SSH for reverse shells? Now you can. Manage and connect to reverse shells with native SSH syntax Dynamic, local and remote forwarding Native SCP and SFTP implementations for retrieving files from your targets Full windows shell Mutual client & server authentication to create high trust control channels And more! +—————-+ +———+ |Read More
