Gotestwaf – Go Test WAF Is A Tool To Test Your WAF Detection Capabilities Against Different Types Of Attacks And By-Pass Techniques

An open-source Go project to test different web application firewalls (WAF) for detection logic and bypasses. How it works It is a 3-steps requests generation process that multiply amount of payloads to encoders and placeholders. Let’s say you defined 2 payloads, 3 encoders (Base64, JSON, and URLencode) and 1 placeholder (HTTP GET variable). In thisRead More

BigBountyRecon – This Tool Utilises 58 Different Techniques To Expediate The Process Of Intial Reconnaissance On The Target Organisation

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation. Reconnaissance is the most important step in any penetration testing or a bug hunting process. It provides an attacker with some preliminary knowledge on the target organisation. Furthermore, it willRead More

PurpleSharp – C# Adversary Simulation Tool That Executes Adversary Techniques With The Purpose Of Generating Attack Telemetry In Monitored Windows Environments

Defending enterprise networks against attackers continues to present a difficult challenge for blue teams. Prevention has fallen short; improving detection & response capabilities has proven to be a step in the right direction. However, without the telemetry produced by adversary behavior, building new and testing existing detection capabilities will be constrained.PurpleSharp is an open sourceRead More

uDork – Tool That Uses Advanced Google Search Techniques To Obtain Sensitive Information In Files Or Directories, Find IoT Devices, Detect Versions Of Web Applications, And So On

uDork is a script written in Bash Scripting that uses advanced Google search techniques to obtain sensitive information in files or directories, find IoT devices, detect versions of web applications, and so on.uDork does NOT make attacks against any server, it only uses predefined dorks and/or official lists from (Google Hacking Database: functionalRead More

Attacker-Group-Predictor – Tool To Predict Attacker Groups From The Techniques And Software Used

The tool predicts attacker groups from techniques and softwares used. It searches based on the MITRE ATT&CK framework How it works? 1- Collect data from about attacker groups 2- Get data from user about attack 3- Compare data and create result Installation git clone Attacker-Group-Predictor/pip3 install -r requirements.txt Usage python3 main.pyFill the inputsRead More

GhostShell – Malware Indetectable, With AV Bypass Techniques, Anti-Disassembly, And More

In this malware, are used some techniques to try bypass the AVs, VMs, and Sandboxes, with only porpuse to learning more. I’m not responsible for your actions.Bypass Techniques Anti-DebuggerTo try bypass the Debuggers, I’m using the “IsDebuggerPresent()” of “Windows.h” librarie to checks if a debugger is running. Anti-VM / Anti-Sandbox / Anti-AV Enumerate Process FunctionRead More

Memhunter – Live Hunting Of Code Injection Techniques

Memhunter is an endpoint sensor tool that is specialized in detecing resident malware, improving the threat hunter analysis process and remediation times. The tool detects and reports memory-resident malware living on endpoint processes. Memhunter detects known malicious memory injection techniques. The detection process is performed through live analysis and without needing memory dumps. The toolRead More