With the popularity of web front-end packaging tools, have you encountered more and more websites represented by Webpack packager in daily penetration testing and security services? This type of packager will package the API and API parameters of the entire site together for centralized Web call, which is also convenient for us to quickly discoverRead More
Based on pywebfuzz, Py3webfuzz is a Python3 module to assist in the identification of vulnerabilities in web applications, Web Services through brute force, fuzzing and analysis. The module does this by providing common testing values, generators and other utilities that would be helpful when fuzzing web applications, API endpoints and developing web exploits. py3webfuzz hasRead More
DeepBlueCLI – a PowerShell Module for Threat Hunting via Windows Event Logs Eric Conrad, Backshore Communications, LLC deepblue at backshore dot net Twitter: @eric_conrad http://ericconrad.com Sample evtx files are in the .evtx directory Usage: .DeepBlue.ps1 <event log name> <evtx filename> See the Set-ExecutionPolicy Readme if you receive a ‘running scripts is disabled on this system’Read More
Welcome to the Microsoft Defender Advanced Threat Protection PowerShell module! This module is a collection of easy-to-use cmdlets and functions designed to make it easy to interface with the Microsoft Defender Advanced Threat Protection API. Motivation I created this PowerShell module for MDATP for the following reasons: Advance my PowerShell skills Provide an easy wayRead More
Python module for viewing Portable Executable (PE) files in a tree-view using pefile and PyQt5. Can also be used with IDA Pro to dump in-memory PE files and reconstruct imports.Features Standalone application and IDAPython plugin Supports Windows/Linux/Mac Rainbow PE ratio map: High-level overview of PE structures, size and file location Allows for fast visual comparisonRead More
IS Raid is a native IIS module that abuses the extendibility of IIS to backdoor the web server and carry out custom actions defined by an attacker. DocumentationWhen installed, IIS-Raid will process every request and method, check if the X-Password header exists and compare it against the hardcoded value. In case the value specified byRead More
A fast SSH mass-scanner, login cracker and banner grabber tool using the python-masscan module.Usage [ [email protected] ~ ]$ sshprank -H–==[ sshprank by nullsecurity.net ]==–usage sshprank <mode> [opts] | <misc>modes -h <host:[ports]> – single host to crack. multiple ports can be seperated by comma, e.g.: 22,2022,22222 (default port: 22) -l <file> – list of hosts toRead More
