Zkar – A Java Serialization Protocol Analysis Tool Implement In Go

ZKar is a Java serialization protocol analysis tool implement in Go. This tool is still work in progress, so no complete API document and contribution guide. ZKar provides: A Java serialization payloads parser and viewer in pure Go, no CGO or JDK is required From the Java serialization protocol to a Go struct A GoRead More

ADenum – A Pentesting Tool That Allows To Find Misconfiguration Through The The Protocol LDAP And Exploit Some Of Those Weaknesses With Kerberos

AD Enum is a pentesting tool that allows to find misconfiguration through the protocol LDAP and exploit some of those weaknesses with Kerberos. cracking (john) -jp [path] John binary path -w [wordList] The path of the wordlist to be used john (Default: /usr/share/seclists/Passwords/Leaked-Databases/rockyou.txt -v, –version Show program’s version number and exit -s Use LDAP withRead More

Boofuzz – Network Protocol Fuzzing for Humans

Boofuzz is a fork of and the successor to the venerable Sulley fuzzing framework. Besides numerous bug fixes, boofuzz aims for extensibility. The goal: fuzz everything. Why? Sulley has been the preeminent open source fuzzer for some time, but has fallen out of maintenance. Features Like Sulley, boofuzz incorporates all the critical elements of aRead More

Private Set Membership (PSM) – Cryptographic Protocol That Allows Clients To Privately Query

Private Set Membership (PSM) is a cryptographic protocol that allows clients to privately query whether the client’s identifier is a member of a set of identifiers held by a server in a privacy-preserving manner. At a high level, PSM provides the following privacy guarantees: The server does not learn the client’s queried identifier in theRead More

Http-Protocol-Exfil – Exfiltrate Files Using The HTTP Protocol Version ("HTTP/1.0" Is A 0 And "HTTP/1.1" Is A 1)

Use the HTTP protocol version to send a file bit by bit (“HTTP/1.0” is a 0 and “HTTP/1.1” is a 1). It uses GET requests so the Blue Team would only see the requests to your IP address. However, it takes a long time to send bigger files, for example it needs 1 hour toRead More

Fapro – Free, Cross-platform, Single-file mass network protocol server simulator

FaPro is a Fake Protocol Server tool, Can easily start or stop multiple network services. The goal is to support as many protocols as possible, and support as many deep interactions as possible for each protocol. Features Supported Running Modes: Local Machine Virtual Network Supported Protocols: DNS DCE/RPC EIP Elasticsearch FTP HTTP IEC 104 MemcachedRead More

Rdesktop – Open Source Client for Microsoft’s RDP protocol

rdesktop is an open source client for Microsoft’s RDP protocol. It is known to work with Windows versions ranging from NT 4 Terminal Server to Windows 2012 R2 RDS. rdesktop currently has implemented the RDP version 4 and 5 protocols. Installation rdesktop uses a GNU-style build procedure. Typically all that is necessary to install rdesktopRead More

BruteLoops – Protocol Agnostic Online Password Guessing API

A dead simple library providing the foundational logic for efficient password brute force attacks against authentication interfaces. See various Wiki sections for more information. A “modular” example is included with the library that demonstrates how to use this package. It’s fully functional and provides multiple brute force modules. Below is a sample of its capabilities:Read More

QueenSono – Golang Binary For Data Exfiltration With ICMP Protocol

QueenSono tool only relies on the fact that ICMP protocol isn’t monitored. It is quite common. It could also been used within a system with basic ICMP inspection (ie. frequency and content length watcher). Try to imitate PyExfil (and others) with the idea that the target machine does not necessary have python installed (so provideRead More

Shreder – A Powerful Multi-Threaded SSH Protocol Password Bruteforce Tool

Shreder is a powerful multi-threaded SSH protocol password brute-force tool. Features Very fast password guessing, just one password in 0.1 second. Optimized for big password lists, Shreder tries 1000 passwords in 1 minute and 40 seconds. Simple CLI and API usage. Installation pip3 install git+https://github.com/EntySec/Shreder Basic usage To use Shreder just type shreder in yourRead More