An advanced, yet simple, tunneling tool that uses a TUN interface. by TNP IT Security Introduction Ligolo-ng is a simple, lightweight and fast tool that allows pentesters to establish tunnels from a reverse TCP/TLS connection without the need of SOCKS. Features Tun interface (No more SOCKS!) Simple UI with agent selection and network information EasyRead More
Paragon is a Red Team engagement platform. It aims to unify offensive tools behind a simple UI, abstracting much of the backend work to enable operators to focus on writing implants and spend less time worrying about databases and css. The repository also provides some offensive tools already integrated with Paragon that can be usedRead More
Invoke-Stealth is a Simple & Powerful PowerShell Script Obfuscator. This tool helps you to automate the obfuscation process of any script written in PowerShell with different techniques. You can use any of them separately, together or all of them sequentially with ease, from Windows or Linux. Requirements Powershell 4.0 or higher Bash* Python 3* *RequiredRead More
Reproxy is a simple edge HTTP(s) server / reverse proxy supporting various providers (docker, static, file). One or more providers supply information about requested server, requested url, destination url and health check url. Distributed as a single binary or as a docker container. Automatic SSL termination with Let’s Encrypt Support of user-provided SSL certificates SimpleRead More
I’ve wrote this program as a proof of concept to test the idea of be able to send tcp stream packets over simple http request like PUT, PATCH, POST, GET, without use a proxy way like CONNECT method. Also as a practice exercise to train my novice skill on rust language. Description These tool isRead More
A simple command line tool using which you can skip phone number based SMS verification by using a temporary phone number that acts like a proxy. Note-1: This is just an experimental tool, do not use this in any banking transactions. Unethical use of this tool is strictly not encouraged.” Note-2: The tool uses upmasked,Read More
PE-Packer is a simple packer for Windows PE files. The new PE file after packing can obstruct the process of reverse engineering. It will do the following things when packing a PE file: Transforming the original import table. Encrypting sections. Clearing section names. Installing the shell-entry. When running a packed PE file, the shell-entry willRead More
It’s a simple tool for test vulnerability shellshock Autor: MrCl0wnBlog: http://blog.mrcl0wn.comGitHub: https://github.com/MrCl0wnLabTwitter: https://twitter.com/MrCl0wnLabEmail: [email protected] Shellshock (software bug) Shellshock, also known as Bashdoor, is a family of security bugs in the Unix Bash shell, the first of which was disclosed on 24 September 2014. Shellshock could enable an attacker to cause Bash to execute arbitrary commandsRead More
Simple python script to check against hypothetical JWT vulnerability. Let’s say there is an application that uses JWT tokens signed HS256 algorithm. An example token looks like the follow: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.zbgd5BNF1cqQ_prCEqIvBTjSxMS8bDLnJAE_wE-0Cxg Above token can be decoded to the following data: { “alg”: “HS256”, “typ”: “JWT”}{ “sub”: “1234567890”, “name”: “John Doe”, “iat”: 1516239022} To calculate signature theRead More
This is a simple script intended to perform a full recon on an objective with multiple subdomains tl;dr Requires Go Run ./install.sh before first run (apt, rpm, pacman compatible) git clone https://github.com/six2dez/reconftwcd reconftwchmod +x *.sh./install.sh./reconftw.sh -d target.com -a Features Tools checker Google Dorks (based on deggogle_hunter) Subdomain enumeration (passive, resolution, bruteforce and permutations) Sub TKORead More
