TerraformGoat – "Vulnerable By Design" Multi Cloud Deployment Tool

TerraformGoat is selefra research lab’s “Vulnerable by Design” multi cloud deployment tool. Currently supported cloud vendors include Alibaba Cloud, Tencent Cloud, Huawei Cloud, Amazon Web Services, Google Cloud Platform, Microsoft Azure. Scenarios ID Cloud Service Company Types Of Cloud Services Vulnerable Environment 1 Alibaba Cloud Networking VPC Security Group Open All Ports 2 Alibaba CloudRead More

BirDuster – A Multi Threaded Python Script Designed To Brute Force Directories And Files Names On Webservers

BirDuster is a Python based knockoff of the original DirBuster. BirDuster is a multi threaded Python application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a web server in a state of default installation is actually not, and has pages and applications hiddenRead More

Cliam – Multi Cloud IAM Permissions Enumeration Tool

Multi cloud iam permissions enumeration tool. Currently covers: AWS GCP [TODO] Azure [TODO] Oracle Description Cliam is a simple cloud permissions identifier. There are two main components to the CLI. Most of the enumerated permissions are list, describe or get permissions. Only permissions that does not require a specific resource are tested. enumerate which canRead More

SourceLeakHacker – A Multi Threads Web Application Source Leak Scanner

SourceLeakHacker is a muilt-threads web directories scanner. Installation pip install -r requirements.txt Usage  dictionary scale –output OUTPUT output folder, default: result/YYYY-MM-DD hh:mm:ss –threads THREADS, -t THREADS threads numbers, default: 4 –timeout TIMEOUT HTTP request timeout –level {CRITICAL,ERROR,WARNING,INFO,DEBUG}, -v {CRITICAL,ERROR,WARNING,INFO,DEBUG} log level –version, -V show program’s version number and exit “> usage: SourceLeakHacker.py [options]optional arguments: -h,Read More

DNS-Black-Cat(DBC) – Multi Platform Toolkit For An Interactive DNS Shell Commands Exfiltration, By Using DNS-Cat You Will Be Able To Execute System Commands In Shell Mode Over DNS Protocol

Multi-platform toolkit for an interactive C2C DNS shell, by using DNS-Black-Cat, you will be able to execute system commands in shell mode over a fully encrypted covert channel. Server ported as a python script, which acts as DNS server with required functionalities to provide interactive shell command interface. Client ported as the following file formatsRead More

Domained – Multi Tool Subdomain Enumeration

A domain name enumeration toolThe tools contained in domained requires Kali Linux (preferred) or Debian 7+ and Recon-ngdomained uses several subdomain enumeration tools and wordlists to create a unique list of subdomains that are passed to EyeWitness for reporting with categorized screenshots, server response headers and signature based default credential checking. (resources are saved toRead More

X