Token-Hunter – Collect OSINT For GitLab Groups And Members And Search The Group And Group Members’ Snippets, Issues, And Issue Discussions For Sensitive Data That May Be Included In These Assets

Collect OSINT for GitLab groups and members and search the group and group members’ snippets, issues, and issue discussions for sensitive data that may be included in these assets. The information gathered is intended to compliment and inform the use of additional tools such as TruffleHog or GitRob, which search git commit history using aRead More

Exif-Gps-Tracer – A Python Script Which Allows You To Parse GeoLocation Data From Your Image Files Stored In A dataset

A python script which allows you to parse GeoLocation data from your Image files stored in a dataset.It also produces output in CSV file and also in HTML Google Maps Prerequisite To run this script fluently , (1) You should have Google Maps API (2) You should enable Map JavaScript API in Console To getRead More

Sarenka – OSINT Tool – Data From Services Like Shodan, Censys Etc. In One Place

SARENKA is an Open Source Intelligence (OSINT) tool which helps you obtaining and understanding Attack Surface. The main goal is to gathering infromation from search engines for Internet-connected devices (https://censys.io/, https://www.shodan.io/). It scraps data about Common Vulnerabilities and Exposures (CVE), Common Weakness Enumeration (CWE) and also has database where CVEs are mapped to CWE. ItRead More

N1QLMap – The Tool Exfiltrates Data From Couchbase Database By Exploiting N1QL Injection Vulnerabilities

N1QLMap is an N1QL exploitation tool. Currently works with Couchbase database. The tool supports data extraction and performing SSRF attacks via CURL. More information can be found here: https://labs.f-secure.com/blog/n1ql-injection-kind-of-sql-injection-in-a-nosql-database. Usage Help usage: n1qlMap.py [-h] [-r REQUEST] [-k KEYWORD] [–proxy PROXY] [–validatecerts] [-v] (-d | -ks DATASTORE_URL | -e KEYSPACE_ID | -q QUERY | -c [ENDPOINTRead More

Amlsec – Automated Security Risk Identification Using AutomationML-based Engineering Data

This prototype identifies security risk sources (i.e., threats and vulnerabilities) and types of attack consequences based on AutomationML (AML) artifacts. The results of the risk identification process can be used to generate cyber-physical attack graphs, which model multistage cyber attacks that potentially lead to physical damage. Installation Build AML2OWL This prototype depends on a forkedRead More

PowerShell-Red-Team – Collection Of PowerShell Functions A Red Teamer May Use To Collect Data From A Machine

Collection of PowerShell functions a Red Teamer may use to collect data from a machine or gain access to a target. I added ps1 files for the commands that are included in the RedTeamEnum module. This will allow you to easily find and use only one command if that is all you want. If youRead More

Decoder++ – An Extensible Application For Penetration Testers And Software Developers To Decode/Encode Data Into Various Formats

An extensible application for penetration testers and software developers to decode/encode data into various formats. Setup Decoder++ can be either installed by using pip or by pulling the source from this repository: # Install using pippip3 install decoder-plus-plus Overview This section provides you with an overview about the individual ways of interacting with Decoder++. ForRead More

Simple-Live-Data-Collection – Simple Live Data Collection Tool

How it works? 1- Build server 2- Connect with admin and client to server 3- To collect information, send the request to the server through the admin, and then to the client Installation git clone https://github.com/LetsDefend/Simple-Live-Data-Collection Server cd serverpython main.py Admin cd adminpython main.py Client cd clientpython main.py Change the “HOST” variable in main.py fileRead More

Asnap – Tool To Render Recon Phase Easier By Providing Updated Data About Which Companies Owns Which Ipv4 Or Ipv6 Addresses

Asnap aims to render recon phase easier by providing regularly updated data about which companies owns which ipv4 or ipv6 addresses and allows the user to automate initial port and service scanning. █████╗ ███████╗███╗ ██╗ █████╗ ██████╗ ██╔══██╗██╔════╝████╗ ██║██╔══██╗██╔══██╗ ███████║███████╗██╔██╗ ██║███████║██████╔╝ ██╔══██║╚════██║██║╚═█╗██║██╔══██║██╔═══╝ ██║ ██║███████║██║ ╚████║██║ ██║██║ ╚═╝ ╚═╝╚══════╝╚═╝ ╚═══╝╚═╝ ╚═╝╚═╝ Author : Mehmet Berkay YukselRead More

X