This is a simple script intended to perform a full recon on an objective with multiple subdomains tl;dr Requires Go Run ./install.sh before first run (apt, rpm, pacman compatible) git clone https://github.com/six2dez/reconftwcd reconftwchmod +x *.sh./install.sh./reconftw.sh -d target.com -a Features Tools checker Google Dorks (based on deggogle_hunter) Subdomain enumeration (passive, resolution, bruteforce and permutations) Sub TKORead More
byp4xx.sh __ __ __ / /_ __ ______ / // / _ ___ __ / __ / / / / __ / // /_| |/_/ |/_/ / /_/ / /_/ / /_/ /__ __/> <_> < /_.___/__, / .___/ /_/ /_/|_/_/|_| /____/_/ A bash script to bypass “403 Forbidden” responses with well-known methods discussed inRead More
Project Bheem is a simple collection of small bash-scripts which runs iteratively to carry out various tools and recon process & store output in an organized way. This project was created initially for automation of Recon for personal usage and was never meant to be public as there is nothing fancy about it but dueRead More
What the heck is a ferox anyway? Ferox is short for Ferric Oxide. Ferric Oxide, simply put, is rust. The name rustbuster was taken, so I decided on a variation. What’s it do tho? feroxbuster is a tool designed to perform Forced Browsing. Forced browsing is an attack where the aim is to enumerate andRead More
How it works? 1- Build server 2- Connect with admin and client to server 3- To collect information, send the request to the server through the admin, and then to the client Installation git clone https://github.com/LetsDefend/Simple-Live-Data-Collection Server cd serverpython main.py Admin cd adminpython main.py Client cd clientpython main.py Change the “HOST” variable in main.py fileRead More
…a simple, self-contained modular host-based IOC scannerSpyre is a simple host-based IOC scanner built around the YARA pattern matching engine and other scan modules. The main goal of this project is easy operationalization of YARA rules and other indicators of compromise.Users need to bring their own rule sets. The awesome-yara repository gives a good overviewRead More
ezEmu enables users to test adversary behaviors via various execution techniques. Sort of like an “offensive framework for blue teamers“, ezEmu does not have any networking/C2 capabilities and rather focuses on creating local test telemetry.WindowsSee /Linux for ELFezEmu is compiled as parent.exe to simplify process trees, and will track (and also kill) child processes toRead More
Arcane is a simple script designed to backdoor iOS packages (iphone-arm) and create the necessar y resources for APT repositories. It was created for this publication to help illustrate why Cydia repositories can be dangerous and what post-exploitation attacks are possible from a compromised iOS device.How Arcane works…To understand what’s happening in the GIF, decompressRead More
IRFuzz is a simple scanner with yara rules for document archives or any files.Install 1. PrerequisitesLinux or OS X Yara: just use the latest release source code, compile and install it (or install it via pip install yara-python) Yara Rules – You may download yara rules from here or import your own custom ruleset. PythonRead More
AuthMatrix is an extension to Burp Suite that provides a simple way to test authorization in web applications and web services. With AuthMatrix, testers focus on thoroughly defining tables of users, roles, and requests for their specific target application upfront. These tables are structured in a similar format to that of an access control matrixRead More
