MalwareSourceCode – Collection Of Malware Source Code For A Variety Of Platforms In An Array Of Different Programming Languages

Malware Source Code Collection !!! DISCLAIMER !!! We do not take any responsibility for any damage done by the code in this repository. Download, compile or run at your own risk Contents: This repository contains the source code for the following: .├── Acad├── Engines│   ├── BAT│   ├── Linux│   ├── VBS│   └── Win32├── Java├── Leaks│   ├──Read More

PurpleCloud – An Infrastructure As Code (IaC) Deployment Of A Small Active Directory Pentest Lab In The Cloud

Pentest Cyber Range for a small Active Directory Domain. Automated templates for building your own Pentest/Red Team/Cyber Range in the Azure cloud! Purple Cloud is a small Active Directory enterprise deployment automated with Terraform / Ansible Playbook templates to be deployed in Azure. Purple Cloud also includes an adversary node implemented as a docker containerRead More

Hardcodes – Find Hardcoded Strings From Source Code

hardcodes is a utility for searching strings hardcoded by developers in programs. It uses a modular tokenizer that can handle comments, any number of backslashes & nearly any syntax you throw at it.Yes, it is designed to process any syntax and following languages are officially supported: ada, applescript, c, c#, c++, coldfusion, golang, haskell, html,Read More

SourceWolf – Amazingly Fast Response Crawler To Find Juicy Stuff In The Source Code!

Tested environments: Windows, MAC, linux, and windows subsystem for linux (WSL) What can SourceWolf do? Crawl through responses to find hidden endpoints, either by sending requests, or from the local response files (if any). Create a list of javascript variables found in the source Extract all the social media links from the websites to identifyRead More

Spybrowse – Code Developed To Steal Certain Browser Config Files (History, Preferences, Etc)

Be sure to change the ftp variables throughout the code, these variables contain the username, password, & IP address of the FTP server which receives the files.This code will do the following: Copy itself into the %TMP% directory & name itself ursakta.exe Add a registry entry to execute itself each time the user logs inRead More

Eviloffice – Inject Macro And DDE Code Into Excel And Word Documents (Reverse Shell)

Win python script to inject Macro and DDE code into Excel and Word documents (reverse shell) Features: Inject malicious Macro on formats: docm, dotm, xlsm, xltm Inject malicious DDE code on formats: doc, docx, dot, xls, xlsx, xlt, xltx Python2/Python3 Compatible Tested: Win10 (MS Office 14.0) Requirements: Microsoft Office (Word/Excel) pywin32: python -m pip installRead More

OhMyQR – Hijack Services That Relies On QR Code Authentication

QRLJacking or Quick Response Code Login Jacking is a simple social engineering attack vector capable of session hijacking affecting all applications that rely on the “Login with QR code” feature as a secure way to login into accounts. In a nutshell, the victim scans the attacker’s QR code which results in session hijacking.Features: Port ForwardingRead More

Self-XSS – Self-XSS Attack Using Bit.Ly To Grab Cookies Tricking Users Into Running Malicious Code

Self-XSS attack using to grab cookies tricking users into running malicious code How it works?Self-XSS is a social engineering attack used to gain control of victims’ web accounts by tricking users into copying and pasting malicious content into their browsers. Since Web browser vendors and web sites have taken steps to mitigate this attackRead More

INTERCEPT – Policy As Code Static Analysis Auditing

Stupidly easy to use, small footprint Policy as Code subsecond command-line scanner that leverages the power of the fastest multi-line search tool to scan your codebase. It can be used as a linter, guard rail control or simple data collector and inspector. Consider it a weaponized ripgrep. Works on Mac, Linux and Windows.How it worksRead More