___________.__ .______ ___ .__ __ __ _____ ___/| |_________ ____ _____ __| _/ | |__| |__|____ ____ | | ___/ ___| | | | _ __ _/ __ \__ / __ / ~ | | __ _/ ___| |/ / ___| | | Y | / ___/ / __ _/ /_/ Y / | |Read More
Complete Arsenal of Memory injection and other techniques for red-teaming in Windows What does Injector do? Process injection support for shellcode located at remote server as well as local storage. Just specify the shellcode file and it will do the rest. It will by default inject into notepad.exe and if not found, it will createRead More
HoneyCreds network credential injection to detect responder and other network poisoners. Requirements Requires Python 3.6+ (tested on Python 3.9)smbprotocolcffisplunk-sdk Installation git clone https://github.com/Ben0xA/HoneyCreds.gitcd HoneyCredspip3 install -r requirements.txt Running python3 honeycreds.py Settings It is advised that you change these settings to best suit your environment. Note: You can use an existing account, just change the password.Read More
(pronounced: “kay fifty-five”) The K55 payload injection tool is used for injecting x86_64 shellcode payloads into running processes. The utility was developed using modern C++11 techniques as well as some traditional C linux functions like ptrace(). The shellcode spawned in the target process is 27 bytes and it executes /bin/sh (spawns a bash shell) withinRead More
Fawkes is a tool to search for targets vulnerable to SQL Injection. Performs the search using Google search engine. Options -q, –query – Dork that will be used in the search engine. -r, –results – Number of results brought by the search engine. -s, –start-page – Home page of search results. -t, –timeout – TimeoutRead More
N1QLMap is an N1QL exploitation tool. Currently works with Couchbase database. The tool supports data extraction and performing SSRF attacks via CURL. More information can be found here: https://labs.f-secure.com/blog/n1ql-injection-kind-of-sql-injection-in-a-nosql-database. Usage Help usage: n1qlMap.py [-h] [-r REQUEST] [-k KEYWORD] [–proxy PROXY] [–validatecerts] [-v] (-d | -ks DATASTORE_URL | -e KEYSPACE_ID | -q QUERY | -c [ENDPOINTRead More
An automation tool that scans sub-domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters. Requirements: Go Language, Python 2.7 or Python 3. System requirements: Recommended to run on vps with 1VCPU and 2GB ram. Tools used – You must need to install these tools to use this script SubFinderRead More
NoSQL scanner and injector. About Nosqli I wanted a better nosql injection tool that was simple to use, fully command line based, and configurable. To that end, I began work on nosqli – a simple nosql injection tool written in Go. It aims to be fast, accurate, and highly usable, with an easy to understandRead More
SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from theRead More
Server-side template injection is when an attacker is able to use native template syntax to inject a malicious payload into a template, which is then executed server-side.Template engines are designed to generate web pages by combining fixed templates with volatile data. Server-side template injection attacks can occur when user input is concatenated directly into aRead More
