ForceAdmin – Create Infinite UAC Prompts Forcing A User To Run As Admin

ForceAdmin is a c# payload builder, creating infinate UAC pop-ups until the user allows the program to be ran. The inputted commands are ran via powershell calling cmd.exe and should be using the batch syntax. Why use? Well some users have UAC set to always show, so UAC bypass techniques are not possible. However –Read More

Jwtear – Modular Command-Line Tool To Parse, Create And Manipulate JWT Tokens For Hackers

A modular command-line tool to parse, create and manipulate JSON Web Token(JWT) tokens for security testing purposes. Features Complete modularity. All commands are plugins. Easy to add new plugins. Support JWS and JWE tokens. Easy interface for plugins. (follow the template example) Flexible token generation based on production-class libraries (e.g. json-jwt, jwe). Available plugins Parse:Read More

SMB-Session-Spoofing – Tool To Create A Fake SMB Session

Welcome! This is a utility that can be compiled with Visual Studio 2019 (or newer). The goal of this program is to create a fake SMB Session. The primary purpose of this is to serve as a method to lure attackers into accessing a honey-device. This program comes with no warranty or guarantees. Program ModificationsRead More

Heyserial – Programmatically Create Hunting Rules For Deserialization Exploitation With Multiple Keywords, Gadget Chains, Object Types, Encodings, And Rule Types

Programmatically create hunting rules for deserialization exploitation with multiple keywords (e.g. cmd.exe) gadget chains (e.g. CommonsCollection) object types (e.g. ViewState, Java, Python Pickle, PHP) encodings (e.g. Base64, raw) rule types (e.g. Snort, Yara) Disclaimer Rules generated by this tool are intended for hunting/research purposes and are not designed for high fidelity/blocking purposes. Please test thoroughlyRead More

Pwndora – Massive IPv4 Scanner, Find And Analyze Internet-Connected Devices In Minutes, Create Your Own IoT Search Engine At Home

Pwndora is a massive and fast IPv4 address range scanner, integrated with multi-threading. Using sockets, it analyzes which ports are open, and collects more information about targets, each result is stored in Elasticsearch. You can integrate with Kibana to be able to visualize and manipulate data, basically it’s like having your own IoT search engineRead More

IAM Vulnerable – Use Terraform To Create Your Own Vulnerable By Design AWS IAM Privilege Escalation Playground

Use Terraform to create your own vulnerable by design AWS IAM privilege escalation playground. IAM Vulnerable uses the Terraform binary and your AWS credentials to deploy over 250 IAM resources into your selected AWS account. Within minutes, you can start learning how to identify and exploit vulnerable IAM configurations that allow for privilege escalation. RecommendedRead More

Weakpass – Rule-Based Online Generator To Create A Wordlist Based On A Set Of Words

The tool generates a wordlist based on a set of words entered by the user. For example, during penetration testing, you need to gain access to some service, device, account, or Wi-Fi network that is password protected. For example, let it be the Wi-Fi network of EvilCorp. Sometimes, a password is a combination of device/network/organizationRead More

LazySign – Create Fake Certs For Binaries Using Windows Binaries And The Power Of Bat Files

Create fake certs for binaries using windows binaries and the power of bat files Over the years, several cool tools have been released that are capeable of stealing or forging fake signatures for binary files. All of these tools however, have additional dependencies which require Go,python,… This repo gives you the opportunity of fake signingRead More

Terraguard – Create And Destroy Your Own VPN Service Using WireGuard

This project’s goal is to be simple to create and destroy your own VPN service using WireGuard. Prerequisites Terraform >= 1.0.0 Ansible >= 2.10.5 How to Deploy Terraform Run with sudo is necessary because we need permission on localhost to install packages, configure a network interface and start a process. Select your cloud provider AWS,Read More

Halogen – Automatically Create YARA Rules From Malicious Documents

Halogen is a tool to automate the creation of yara rules against image files embedded within a malicious document. Halogen help python3 -husage: [-h] [-f FILE] [-d DIR] [-n NAME] [–png-idat] [–jpg-sos]Halogen: Automatically create yara rules based on images embedded in officedocuments.optional arguments: -h, –help show this help message and exit -f FILE,Read More