Arcane – A Simple Script Designed To Backdoor iOS Packages (Iphone-Arm) And Create The Necessary Resources For APT Repositories

Arcane is a simple script designed to backdoor iOS packages (iphone-arm) and create the necessar y resources for APT repositories. It was created for this publication to help illustrate why Cydia repositories can be dangerous and what post-exploitation attacks are possible from a compromised iOS device.How Arcane works…To understand what’s happening in the GIF, decompressRead More

CWFF – Create Your Custom Wordlist For Fuzzing

CWFF is a tool that creates a special High quality fuzzing/content discovery wordlist for you at the highest speed possible using concurrency and it’s heavily inspired by @tomnomnom‘s Who, What, Where, When, Wordlist #NahamCon2020.Usage CWFF [-h] [–threads] [–github] [–subdomains] [–recursive] [–js-libraries] [–connected-websites] [–juicy-files] [–use-filter-model] [-o] domainpositional arguments: domain Target website(ofc)optional arguments: -h, –help Show thisRead More

Docker for Pentest – Image With The More Used Tools To Create A Pentest Environment Easily And Quickly

Docker for pentest is an image with the more used tools to create an pentest environment easily and quickly. Features OS, networking, developing and pentesting tools installed. Connection to HTB (Hack the Box) vpn to access HTB machines. Popular wordlists installed: SecLists, dirb, dirbuster, fuzzdb, wfuzz and rockyou. Proxy service to send traffic from anyRead More

Angrgdb – Use Angr Inside GDB – Create An Angr State From The Current Debugger State

Use angr inside GDB. Create an angr state from the current debugger state. Install pip install angrgdbecho “python import angrgdb.commands” >> ~/.gdbinit Usageangrgdb implements the angrdbg API in GDB.You can use it in scripts like this: from angrgdb import *gdb.execute(“b *0x004005f9”)gdb.execute(“r aaaaaaaa”)sm = StateManager()sm.sim(sm[“rax”], 100)m = sm.simulation_manager()m.explore(find=0x00400607, avoid=0x00400613)sm.to_dbg(m.found[0]) #write input to GDBgdb.execute(“x/s $rax”)#0x7fffffffe768: “ais3{I_tak3_g00d_n0t3s}”gdb.execute(“c”)#Correct! thatRead More

Evil SSDP – Spoof SSDP Replies And Create Fake UPnP Devices To Phish For Credentials And NetNTLM Challenge/Response

This tool responds to SSDP multicast discover requests, posing as a generic UPNP device. Your spoofed device will magically appear in Windows Explorer on machines in your local network. Users who are tempted to open the device are shown a configurable phishing page. This page can load a hidden image over SMB, allowing you toRead More

Re2Pcap – Create PCAP file from raw HTTP request or response in seconds

Re2Pcap is abbreviation for Request2Pcap and Response2Pcap. Community users can quickly create PCAP file using Re2Pcap and test them against Snort rules.Re2Pcap allow you to quickly create PCAP file for raw HTTP request shown below POST /admin/tools/iplogging.cgi HTTP/1.1Host: 192.168.13.31:80User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0Accept: text/plain, */*; q=0.01Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateReferer: http://192.168.13.31:80/admin/tools/iplogging.htmlContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With:Read More

X