Shennina – Automating Host Exploitation With AI

Shennina is an automated host exploitation framework. The mission of the project is to fully automate the scanning, vulnerability scanning/analysis, and exploitation using Artificial Intelligence. Shennina is integrated with Metasploit and Nmap for performing the attacks, as well as being integrated with an in-house Command-and-Control Server for exfiltrating data from compromised machines automatically. This wasRead More

Toxssin – An XSS Exploitation Command-Line Interface And Payload Generator

toxssin is an open-source penetration testing tool that automates the process of exploiting Cross-Site Scripting (XSS) vulnerabilities. It consists of an https server that works as an interpreter for the traffic generated by the malicious JavaScript payload that powers this tool (toxin.js). This project started as (and still is) a research-based creative endeavor to exploreRead More

Heyserial – Programmatically Create Hunting Rules For Deserialization Exploitation With Multiple Keywords, Gadget Chains, Object Types, Encodings, And Rule Types

Programmatically create hunting rules for deserialization exploitation with multiple keywords (e.g. cmd.exe) gadget chains (e.g. CommonsCollection) object types (e.g. ViewState, Java, Python Pickle, PHP) encodings (e.g. Base64, raw) rule types (e.g. Snort, Yara) Disclaimer Rules generated by this tool are intended for hunting/research purposes and are not designed for high fidelity/blocking purposes. Please test thoroughlyRead More

Moonwalk – Cover Your Tracks During Linux Exploitation By Leaving Zero Traces On System Logs And Filesystem Timestamps

Cover your tracks during Linux Exploitation / Penetration Testing by leaving zero traces on system logs and filesystem timestamps. Introduction moonwalk is a 400 KB single-binary executable that can clear your traces while penetration testing a Unix machine. It saves the state of system logs pre-exploitation and reverts that state including the filesystem timestamps post-exploitationRead More

Dora – Find Exposed API Keys Based On RegEx And Get Exploitation Methods For Some Of Keys That Are Found

Features Blazing fast as we are using ripgrep in backend Exploit/PoC steps for many of the API key, allowing to write a good report for bug bounty hunting Unlike many other API key finders, dora also shows the path to the file and the line with context for easier analysis Can easily be implemented intoRead More

Vortex – VPN Overall Reconnaissance, Testing, Enumeration And eXploitation Toolkit

[*] VPN Overall Reconnaissance, Testing, Enumeration and Exploitation Toolkit Overview A very simple Python framework, inspired by SprayingToolkit, that tries to automate most of the process required to detect, enumerate and attack common O365 and VPN endpoints (like Cisco, Citrix, Fortinet, Pulse, etc…). Why I developed it Make the VPN spraying phase much quicker andRead More

WMEye – A Post Exploitation Tool That Uses WMI Event Filter And MSBuild Execution For Lateral Movement

WMEye is an experimental tool that was developed when exploring about Windows WMI. The tool is developed for performing Lateral Movement using WMI and remote MSBuild Execution. It uploads the encoded/encrypted shellcode into remote targets WMI Class Property, create an event filter that when triggered writes an MSBuild based Payload using a special WMI ClassRead More

SpoolSploit – A Collection Of Windows Print Spooler Exploits Containerized With Other Utilities For Practical Exploitation

A collection of Windows print spooler exploits containerized with other utilities for practical exploitation. Summary SpoolSploit is a collection of Windows print spooler exploits containerized with other utilities for practical exploitation. A couple of highly effective methods would be relaying machine account credentials to escalate privileges and execute malicious DLLs on endpoints with full systemRead More

Vailyn – A Phased, Evasive Path Traversal + LFI Scanning & Exploitation Tool In Python

Vailyn Phased Path Traversal & LFI Attacks Vailyn 3.0 Since v3.0, Vailyn supports LFI PHP wrappers in Phase 1. Use –lfi to include them in the scan. About Vailyn is a multi-phased vulnerability analysis and exploitation tool for path traversal and file inclusion vulnerabilities. It is built to make it as performant as possible, andRead More