Scripts

Obfuscation_Detection – Collection Of Scripts To Pinpoint Obfuscated Code

27 Mar 2021 By

Automatically detect control-flow flattening and other state machines Author: Tim Blazytko Description: Scripts and binaries to automatically detect control-flow flattening and other state machines in binaries. Implementation is based on Binary Ninja. Check out the following blog post for more information: Automated Detection of Control-flow Flattening Usage $ ./detect_flattening.py samples/finspy Function 0x401602 has a flattening scoreRead More

cve_manager_VS – A Collection Of Python Apps And Shell Scripts To Email An Xlsx Spreadsheet Of New Vulnerabilities In The NIST CVE Database And Their Associated Products On A Daily Schedule

26 Mar 2021 By

A collection of python apps and shell scripts to email an xlsx spreadsheet of new vulnerabilities in the NIST CVE database and their associated products on a daily schedule. The spreadsheet can then be manually interpreted for risk to your specific organization. Based off of an opensource product on github originally by Antonios Atlasis SyncsRead More

PyBeacon – A Collection Of Scripts For Dealing With Cobalt Strike Beacons In Python

04 Mar 2021 By

PyBeacon is a collection of scripts for dealing with Cobalt Strike’s encrypted traffic. It can encrypt/decrypt beacon metadata, as well as parse symmetric encrypted taskings Scripts included There is a small library which includes encryption/decoding methods, however some example scripts are included. stager-decode.py – this tool will simply decode a beacon DLL from a stagerRead More

COM-Code-Helper – Two IDAPython Scripts Help You To Reconstruct Microsoft COM (Component Object Model) Code

07 Feb 2021 By

Two IDAPython Scripts help you to reconstruct Microsoft COM (Component Object Model) Code Especially malware reversers will find this useful, as COM Code is still regularly found in malware. ClassAndInterfaceToNames.py This IDAPython script scans an idb file for class and interfaces UUIDs and creates the matching structure and its name. Make sure to copy interfaces.txtRead More

XSS-Scanner – XSS Scanner That Detects Cross-Site Scripting Vulnerabilities In Website By Injecting Malicious Scripts

04 Jan 2021 By

Cross-Site Scripting (XSS) is one of the most well known web application vulnerabilities. It even has a dedicated chapter in the OWASP Top 10 project and it is a highly chased vulnerability in bug bounty programs. The scanner gets a link from the user and scan the website for XSS vulnerability by injecting malicious scriptsRead More

WSMan-WinRM – A Collection Of Proof-Of-Concept Source Code And Scripts For Executing Remote Commands Over WinRM Using The WSMan.Automation COM Object

14 Dec 2020 By

A collection of proof-of-concept source code and scripts for executing remote commands over WinRM using the WSMan.Automation COM object. Background For background information, please refer to the following blog post: WS-Management COM: Another Approach for WinRM Lateral Movement Notes SharpWSManWinRM.cs and CppWsManWinRM.cpp compile in Visual Studio 2019. Refer to the code comments for required imports/references/etc.Read More

Oregami – IDA Plugins And Scripts For Analyzing Register Usage Frame

22 Oct 2020 By

“”” What is this register used for? Hmm.. I’ll just rename it to veryuniquename, do a textual search, and find all references! Ok.. Waiting for the search to end.. any minute now.. Done! Now I just need to understand which of the search result is relevant to the current usage frame of the register. Shouldn’tRead More

Powerglot – Encodes Offensive Powershell Scripts Using Polyglots

01 Oct 2020 By

Powerglot encodes several kind of scripts using polyglots, for example, offensive powershell scripts. It is not needed a loader to run the payload. In red-team exercises or offensive tasks, masking of payloads is usually done by using steganography, especially to avoid network level protections, being one of the most common payloads scripts developed in powershell.Read More

ActiveDirectoryEnumeration – Enumerate AD Through LDAP With A Collection Of Helpfull Scripts Being Bundled

15 Sep 2020 By

ADE – ActiveDirectoryEnum usage: activeDirectoryEnum [-h] [-o OUT_FILE] [-u USER] [-s] [-smb] [-kp] [-bh] [-spn] [–all] [–no-creds] dc ___ __ _ ____ _ __ ______ / | _____/ /_(_) _____ / __ (_)_______ _____/ /_____ _______ __/ ____/___ __ ______ ___ / /| |/ ___/ __/ / | / / _ / / / /Read More

Digital Signature Hijack – Binaries, PowerShell Scripts And Information About Digital Signature Hijacking

17 Jun 2020 By

Hijacking legitimate digital signatures is a technique that can be used during red team assessments in order to sign PowerShell code and binaries. This could assist to bypass Device Guard restrictions and maintain stealthy in an engagement. DigitalSignatureHijack is a PowerShell script based on Matt Graeber research that can perform the following operations: Digitally signRead More

X