Aura – Python Source Code Auditing And Static Analysis On A Large Scale

Aura is a static analysis framework developed as a response to the ever-increasing threat of malicious packages and vulnerable code published on PyPI. Project goals: provide an automated monitoring system over uploaded packages to PyPI, alert on anomalies that can either indicate an ongoing attack or vulnerabilities in the code enable an organization to conductRead More

Watcher – Open Source Cybersecurity Threat Hunting Platform

Watcher is a Django & React JS automated platform for discovering new potentially cybersecurity threats targeting your organisation. It should be used on webservers and available on Docker. Watcher capabilities Detect emerging vulnerability, malware using social network & other RSS sources (www.cert.ssi.gouv.fr, www.cert.europa.eu, www.us-cert.gov, www.cyber.gov.au…). Detect Keywords in pastebin & in other IT content exchangeRead More

WSMan-WinRM – A Collection Of Proof-Of-Concept Source Code And Scripts For Executing Remote Commands Over WinRM Using The WSMan.Automation COM Object

A collection of proof-of-concept source code and scripts for executing remote commands over WinRM using the WSMan.Automation COM object. Background For background information, please refer to the following blog post: WS-Management COM: Another Approach for WinRM Lateral Movement Notes SharpWSManWinRM.cs and CppWsManWinRM.cpp compile in Visual Studio 2019. Refer to the code comments for required imports/references/etc.Read More

MalwareSourceCode – Collection Of Malware Source Code For A Variety Of Platforms In An Array Of Different Programming Languages

Malware Source Code Collection !!! DISCLAIMER !!! We do not take any responsibility for any damage done by the code in this repository. Download, compile or run at your own risk Contents: This repository contains the source code for the following: .├── Acad├── Engines│   ├── BAT│   ├── Linux│   ├── VBS│   └── Win32├── Java├── Leaks│   ├──Read More

Avcleaner – C/C++ Source Obfuscator For Antivirus Bypass

C/C++ source obfuscator for antivirus bypass.Build docker build . -t avcleanerdocker run -v ~/dev/scrt/avcleaner:/home/toto -it avcleaner bash #adapt ~/dev/scrt/avcleaner to the path where you cloned avcleanersudo pacman -Syumkdir CMakeBuild && cd CMakeBuildcmake ..make -j 2./avcleaner.bin –help UsageFor simple programs, this is as easy as: avcleaner.bin test/strings_simplest.c –strings=true — However, you should know that you’re usingRead More

Hardcodes – Find Hardcoded Strings From Source Code

hardcodes is a utility for searching strings hardcoded by developers in programs. It uses a modular tokenizer that can handle comments, any number of backslashes & nearly any syntax you throw at it.Yes, it is designed to process any syntax and following languages are officially supported: ada, applescript, c, c#, c++, coldfusion, golang, haskell, html,Read More

SourceWolf – Amazingly Fast Response Crawler To Find Juicy Stuff In The Source Code!

Tested environments: Windows, MAC, linux, and windows subsystem for linux (WSL) What can SourceWolf do? Crawl through responses to find hidden endpoints, either by sending requests, or from the local response files (if any). Create a list of javascript variables found in the source Extract all the social media links from the websites to identifyRead More

ReconSpider – Most Advanced Open Source Intelligence (OSINT) Framework For Scanning IP Address, Emails, Websites, Organizations

ReconSpider is most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations and find out information from different sources.ReconSpider can be used by Infosec Researchers, Penetration Testers, Bug Hunters and Cyber Crime Investigators to find deep information about their target.ReconSpider aggregate all the raw data, visualize it on a dashboard andRead More

DAGOBAH – Open Source Tool To Generate Internal Threat Intelligence, Inventory & Compliance Data From AWS Resources

Dagobah is an open source tool written in python to automate the internal threat intelligence generation, inventory collection and compliance check from different AWS resources. Dagobah collects information and save the state into an elasticsearch index.Dagobah runs into the a LAMBDA and looks at all the AWS REGIONS, actually collect differents configurations from: EC2 VPCRead More

X