RmiTaste – Allows Security Professionals To Detect, Enumerate, Interact And Exploit RMI Services By Calling Remote Methods With Gadgets From Ysoseria

RmiTaste allows security professionals to detect, enumerate, interact and attack RMI services by calling remote methods with gadgets from ysoserial. It also allows to call remote method with specific parameters. Disclaimer RmiTaste was written to aid security professionals in identifying insecure RMI services on systems which the user has prior permission to attack. Unauthorised accessRead More

OFFPORT_KILLER – This Tool Aims At Automating The Identification Of Potential Service Running Behind Ports Identified Manually Either Through Manual Scan Or Services Running Locally

#Manual Port Scanning #Enumerate Potential Service If you like the tool and for my personal motivation so as to develop other tools please a +1 star * INTRO This tool aims at automating the identification of potential service running behind ports identified manually or on services running locally only. The tool is useful: 1. whenRead More

IIS-Raid – A Native Backdoor Module For Microsoft IIS (Internet Information Services)

IS Raid is a native IIS module that abuses the extendibility of IIS to backdoor the web server and carry out custom actions defined by an attacker. DocumentationWhen installed, IIS-Raid will process every request and method, check if the X-Password header exists and compare it against the hardcoded value. In case the value specified byRead More

OhMyQR – Hijack Services That Relies On QR Code Authentication

QRLJacking or Quick Response Code Login Jacking is a simple social engineering attack vector capable of session hijacking affecting all applications that rely on the “Login with QR code” feature as a secure way to login into accounts. In a nutshell, the victim scans the attacker’s QR code which results in session hijacking.Features: Port ForwardingRead More

X