Coercer – A Python Script To Automatically Coerce A Windows Server To Authenticate On An Arbitrary Machine Through 9 Methods

A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 9 methods. Features Automatically detects open SMB pipes on the remote machine. Calls one by one all the vulnerable RPC functions to coerce the server to authenticate on an arbitrary machine. Analyze mode with –analyze, which only lists theRead More

OffensiveVBA – Code Execution And AV Evasion Methods For Macros In Office Documents

In preparation for a VBS AV Evasion Stream/Video I was doing some research for Office Macro code execution methods and evasion techniques. The list got longer and longer and I found no central place for offensive VBA templates – so this repo can be used for such. It is very far away from being complete.Read More

Frida-Ios-Hook – A Tool That Helps You Easy Trace Classes, Functions, And Modify The Return Values Of Methods On iOS Platform

[*] A tool that helps you can easy using frida. It support script for trace classes, functions, and modify the return values of methods on iOS platform.  For Android platform: frida-android-hook  For Intercept Api was encrypted on iOS application: frida-ios-interceprt-api Env OS Support OS Supported Noted MacOS ✅ main Linux ✅ sub WindowsRead More

Dora – Find Exposed API Keys Based On RegEx And Get Exploitation Methods For Some Of Keys That Are Found

Features Blazing fast as we are using ripgrep in backend Exploit/PoC steps for many of the API key, allowing to write a good report for bug bounty hunting Unlike many other API key finders, dora also shows the path to the file and the line with context for easier analysis Can easily be implemented intoRead More

4-ZERO-3 – 403/401 Bypass Methods + Bash Automation

>_ Introduction 4-ZERO-3 Tool to bypass 403/401. This script contain all the possible techniques to do the same. NOTE : If you see multiple [200 Ok]/bypasses as output, you must check the Content-Length. If the content-length is same for multiple [200 Ok]/bypasses means false positive. Reason can be “301/302” or “../” [Payload] DON’T PANIC. ScriptRead More

pFuzz – Helps Us To Bypass Web Application Firewall By Using Different Methods At The Same Time

pFuzz is an advanced red teaming fuzzing tool which we developed for our research. It helps us to bypass web application firewall by using different methods at the same time. pFuzz web uygulama araştırmaları için geliştirdiğimiz, gelişmiş bir fuzzing aracıdır. Farklı güvenlik uygulamaları üzerinde çeşitli saldırı yöntemlerinin denenmesi konusunda süreci hızlandırmak için geliştirilmiştir. Description pFuzzRead More

Swift-Attack – Unit Tests For Blue Teams To Aid With Building Detections For Some Common macOS Post Exploitation Methods

Unit tests for blue teams to aid with building detections for some common macOS post exploitation methods. I have included some post exploitation examples using both command line history and on disk binaries (which should be easier for detection) as well as post exploitation examples using API calls only (which will be more difficult forRead More

Remote-Method-Guesser – Tool For Java RMI Enumeration And Bruteforce Of Remote Methods

remote-method-guesser (rmg) is a command line utility written in Java and can be used to identify security vulnerabilities on Java RMI endpoints. Currently, the following operations are supported: List available bound names and their corresponding interface class names List codebase locations (if exposed by the remote server) Check for known vulnerabilities (enabled class loader, missingRead More

Byp4Xx – Simple Bash Script To Bypass "403 Forbidden" Messages With Well-Known Methods Discussed In #Bugbountytips

byp4xx.sh __ __ __ / /_ __ ______ / // / _ ___ __ / __ / / / / __ / // /_| |/_/ |/_/ / /_/ / /_/ / /_/ /__ __/> <_> < /_.___/__, / .___/ /_/ /_/|_/_/|_| /____/_/ A bash script to bypass “403 Forbidden” responses with well-known methods discussed inRead More

RmiTaste – Allows Security Professionals To Detect, Enumerate, Interact And Exploit RMI Services By Calling Remote Methods With Gadgets From Ysoseria

RmiTaste allows security professionals to detect, enumerate, interact and attack RMI services by calling remote methods with gadgets from ysoserial. It also allows to call remote method with specific parameters. Disclaimer RmiTaste was written to aid security professionals in identifying insecure RMI services on systems which the user has prior permission to attack. Unauthorised accessRead More

X