Heyserial – Programmatically Create Hunting Rules For Deserialization Exploitation With Multiple Keywords, Gadget Chains, Object Types, Encodings, And Rule Types

Programmatically create hunting rules for deserialization exploitation with multiple keywords (e.g. cmd.exe) gadget chains (e.g. CommonsCollection) object types (e.g. ViewState, Java, Python Pickle, PHP) encodings (e.g. Base64, raw) rule types (e.g. Snort, Yara) Disclaimer Rules generated by this tool are intended for hunting/research purposes and are not designed for high fidelity/blocking purposes. Please test thoroughlyRead More

Pwndora – Massive IPv4 Scanner, Find And Analyze Internet-Connected Devices In Minutes, Create Your Own IoT Search Engine At Home

Pwndora is a massive and fast IPv4 address range scanner, integrated with multi-threading. Using sockets, it analyzes which ports are open, and collects more information about targets, each result is stored in Elasticsearch. You can integrate with Kibana to be able to visualize and manipulate data, basically it’s like having your own IoT search engineRead More

IAM Vulnerable – Use Terraform To Create Your Own Vulnerable By Design AWS IAM Privilege Escalation Playground

Use Terraform to create your own vulnerable by design AWS IAM privilege escalation playground. IAM Vulnerable uses the Terraform binary and your AWS credentials to deploy over 250 IAM resources into your selected AWS account. Within minutes, you can start learning how to identify and exploit vulnerable IAM configurations that allow for privilege escalation. RecommendedRead More

Weakpass – Rule-Based Online Generator To Create A Wordlist Based On A Set Of Words

The tool generates a wordlist based on a set of words entered by the user. For example, during penetration testing, you need to gain access to some service, device, account, or Wi-Fi network that is password protected. For example, let it be the Wi-Fi network of EvilCorp. Sometimes, a password is a combination of device/network/organizationRead More

LazySign – Create Fake Certs For Binaries Using Windows Binaries And The Power Of Bat Files

Create fake certs for binaries using windows binaries and the power of bat files Over the years, several cool tools have been released that are capeable of stealing or forging fake signatures for binary files. All of these tools however, have additional dependencies which require Go,python,… This repo gives you the opportunity of fake signingRead More

Terraguard – Create And Destroy Your Own VPN Service Using WireGuard

This project’s goal is to be simple to create and destroy your own VPN service using WireGuard. Prerequisites Terraform >= 1.0.0 Ansible >= 2.10.5 How to Deploy Terraform Run with sudo is necessary because we need permission on localhost to install packages, configure a network interface and start a process. Select your cloud provider AWS,Read More

Halogen – Automatically Create YARA Rules From Malicious Documents

Halogen is a tool to automate the creation of yara rules against image files embedded within a malicious document. Halogen help python3 halogen.py -husage: halogen.py [-h] [-f FILE] [-d DIR] [-n NAME] [–png-idat] [–jpg-sos]Halogen: Automatically create yara rules based on images embedded in officedocuments.optional arguments: -h, –help show this help message and exit -f FILE,Read More

Mail-Swipe – Script To Create Temporary Email Addresses And Receive Emails

Mail Swipe is a python script that helps you to create temporary email addresses and receive emails at that address. It uses the API provided by 1secmail to create emails addresses and fetch emails. You can either generate your own email address or you can generate a random email address using this script. Once youRead More

Autovpn – Create On Demand Disposable OpenVPN Endpoints On AWS

Script that allows the easy creation of OpenVPN endpoints in any AWS region. To create a VPN endpoint is done with a single command takes ~3 minutes. It will create the proper security groups. It spins up a tagged ec2 instance and configures OpenVPN software. Once instance is configured an OpenVPN configuration file is downloadedRead More

VPS-Docker-For-Pentest – Create A VPS On Google Cloud Platform Or Digital Ocean Easily With The Docker For Pentest

Create a VPS on Google Cloud Platform or Digital Ocean easily with the docker for pentest included to launch the assessment to the target. Requirements Terraform installed Ansible installed SSH private and public keys Google Cloud Platform or Digital Ocean account. Usage 1.- Clone the repository git clone –depth 1 https://github.com/aaaguirrep/vps-docker-for-pentest.git vpscd vps 2.- CredentialsRead More