Sandman – NTP Based Backdoor For Red Team Engagements In Hardened Networks

Sandman is a backdoor that is meant to work on hardened networks during red team engagements. Sandman works as a stager and leverages NTP (a protocol to sync time & date) to get and run an arbitrary shellcode from a pre-defined server. Since NTP is a protocol that is overlooked by many defenders resulting inRead More

HSTP – Simple Hyper Service Transfer Protocol On Networks

The protocol aims to develop a application layer abstraction for the Hyper Service Transfer Protocol. HSTP is a recursion as nature of HSTP. This protocol implements itself as a interface. On every internet connected device, there is a HSTP instance. That’s why the adoption is not needed. HSTP already running top of the internet. WeRead More

Autodeauth – A Tool Built To Automatically Deauth Local Networks

A tool built to automatically deauth local networks Tested on Raspberry Pi OS and Kali Linux Setup $ chmod +x$ sudo ./setup.shReading package lists… DoneBuilding dependency tree… DoneReading state information… Done0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.Please enter your WiFi interface name e.g: wlan0 -> wlan1autodeauth installeduse sudo autodeauthRead More

Blackbird – An OSINT Tool To Search For Accounts By Username In 101 Social Networks

Blackbird An OSINT tool to search fast for accounts by username across 101 sites. The Lockheed SR-71 “Blackbird” is a long-range, high-altitude, Mach 3+ strategic reconnaissance aircraft developed and manufactured by the American aerospace company Lockheed Corporation. Disclaimer This or previous program is for Educational purpose ONLY. Do not use it without permission. The usualRead More

Puwr – SSH Pivoting Script For Expanding Attack Surfaces On Local Networks

Easily expand your attack surface on a local network by discovering more hosts, via SSH. Using a machine running a SSH service, Puwr uses a given subnet range to scope out IP’s, sending back any successful ping requests it has. This can be used to expand out an attack surface on a local network, byRead More

Webstor – A Script To Quickly Enumerate All Websites Across All Of Your Organization’S Networks, Store Their Responses, And Query For Known Web Technologies, Such As Those With Zero-Day Vulnerabilities

  WebStor is a tool implemented in Python under the MIT license for quickly enumerating all websites across all of your organization’s networks, storing their responses, and querying for known web technologies and versions, such as those with zero-day vulnerabilities. It is intended, in particular, to solve the unique problem presented in mid to largeRead More

Pesidious – Malware Mutation Using Reinforcement Learning And Generative Adversarial Networks

Malware Mutation using Deep Reinforcement Learning and GANs The purpose of the tool is to use artificial intelligence to mutate a malware (PE32 only) sample to bypass AI powered classifiers while keeping its functionality intact. In the past, notable work has been done in this domain with researchers either looking at reinforcement learning or generativeRead More

DockerENT – The Only Open-Source Tool To Analyze Vulnerabilities And Configuration Issues With Running Docker Container(S) And Docker Networks

DockerENT is activE ruNtime application security scanning Tool (RAST tool) and framework which is pluggable and written in python. It comes with a CLI application and clean Web Interface written with StreamLit.DockerENT has been designed keeping in mind that during deployments there weak configurations which may get sticky in production deployments as well and canRead More