[*] SSTImap is a penetration testing software that can check websites for Code Injection and Server-Side Template Injection vulnerabilities and exploit them, giving access to the operating system itself. This tool was developed to be used as an interactive penetration testing tool for SSTI detection and exploitation, which allows more advanced exploitation. Sandbox break-outRead More
Patching assembly code to change the behavior of an existing program is not uncommon in malware analysis, software reverse engineering, and broader domains of security research. This project extends the popular IDA Pro disassembler to create a more robust interactive binary patching workflow designed for rapid iteration. This project is currently powered by a minorRead More
ä¸æ–‡ç‰ˆæœ¬(Chinese version) About DongTai IAST DongTai IAST is an open-source passive interactive security testing (IAST) product. It uses dynamic hooks and taint tracking algorithms to achieve universal vulnerability detection and multiples request associated with vulnerability detection (including but not limited to unauthorized vulnerabilities, overpower vulnerabilities), Third-party component vulnerability detection, etc. Currently, applications in Java andRead More
Multi-platform toolkit for an interactive C2C DNS shell, by using DNS-Black-Cat, you will be able to execute system commands in shell mode over a fully encrypted covert channel. Server ported as a python script, which acts as DNS server with required functionalities to provide interactive shell command interface. Client ported as the following file formatsRead More
Who didn’t get bored of manually typing the few lines to upgrade a reverse shell to a full interactive reverse shell (tty spawn, stty size …, stty raw -echo) or typing the command to use ConPTY. Description With Girsh, just run it and it will detect the OS and execute the correct commands to upgradeRead More
PIDRILA: Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer is really fast async web path scanner prototype developed by BrightSearch team for all ethical netstalkers. Installation & Usage git clone https://github.com/enemy-submarine/pidrila.gitcd pidrilapython3 pidrila.py -u <URL> Options Usage: pidrila.py [OPTIONS]Options: -U, –user-agent TEXT User-Agent -t, –timeout INTEGER Request timeout [default: 30] -A, –auth TEXT Basic HTTP auth,Read More
[*] An interactive command prompt that executes commands through proxychains and automatically logs them on a Cobalt Strike team server. Installation RedShell runs on Python 3. It also requires a Cobalt Strike client installed on the system where it runs. Install dependencies: pip3 install -r requirements.txt Install proxychains-ng (https://github.com/rofl0r/proxychains-ng): apt install proxychains4 Make the agscriptRead More
Evine is a simple, fast, and interactive web crawler and web scraper written in Golang. Evine is useful for a wide range of purposes such as metadata and data extraction, data mining, reconnaissance and testing. Follow the project on Twitter. Install From BinaryPre-build binary releases are also available. From source go get github.com/saeeddhqan/evine”$GOPATH/bin/evine” -h FromRead More
An Interactive CTF Exploration ToolThis is ctftool, an interactive command line tool to experiment with CTF, a little-known protocol used on Windows to implement Text Services. This might be useful for studying Windows internals, debugging complex issues with Text Input Processors and analyzing Windows security.It is possible to write simple scripts with ctftool for automatingRead More
