Cracken – A Fast Password Wordlist Generator, Smartlist Creation And Password Hybrid-Mask Analysis Tool

Cracken is a fast password wordlist generator, Smartlist creation and password hybrid-mask analysis tool written in pure safe Rust (more on talk/). Inspired by great tools like maskprocessor, hashcat, Crunch and 珞 HuggingFace’s tokenizers. What? Why? Woot?? At DeepSec2021 we presented a new method for analysing passwords as Hybrid-Masks exploiting common substrings in passwords byRead More

ELFXtract – An Automated Analysis Tool Used For Enumerating ELF Binaries

[*] ELFXtract is an automated analysis tool used for enumerating ELF binaries Powered by Radare2 and r2ghidra This is specially developed for PWN challenges and it has many automated features It almost displays every details of the ELF and also decompiles its ASM to C code using r2ghidra Decompiling ELFs in Ghidra takes more time,Read More

UDP-Hunter – Network Assessment Tool For Various UDP Services Covering Both IPv4 And IPv6 Protocols

UDP Scanning has always been a slow and painful exercise, and if you add IPv6 on top of UDP, the tool choices get pretty limited. UDP Hunter is a python based open source network assessment tool focused on UDP Service Scanning. With UDP Hunter, we have focused on providing auditing of widely known UDP protocolsRead More

EXOCET – AV-evading, Undetectable, Payload Delivery Tool

EXOCET is superior to Metasploit’s “Evasive Payloads” modules as EXOCET uses AES-256 in GCM Mode (Galois/Counter Mode). Metasploit’s Evasion Payloads uses a easy to detect RC4 encryption. While RC4 can decrypt faster, AES-256 is much more difficult to ascertain the intent of the malware. However, it is possible to use Metasploit to build a EvasiveRead More

Canadian Furious Beaver – A Tool For Monitoring IRP Handler In Windows Drivers, And Facilitating The Process Of Analyzing, Replaying And Fuzzing Windows Drivers For Vulnerabilities

Furious Beaver is a distributed tool for capturing IRPs sent to any Windows driver. It operates in 2 parts: the “Broker” combines both a user-land agent and a self-extractable driver (IrpDumper.sys) that will install itself on the targeted system. Once running it will expose (depending on the compilation options) a remote named pipe (reachable fromRead More

Ddosify – High-performance Load Testing Tool

Features Protocol Agnostic – Currently supporting HTTP, HTTPS, HTTP/2. Other protocols are on the way. Scenario-Based – Create your flow in a JSON file. Without a line of code! Different Load Types – Test your system’s limits across different load types. Installation ddosify is available via Docker, Homebrew Tap, and downloadable pre-compiled binaries from theRead More

Smuggler – An HTTP Request Smuggling / Desync Testing Tool

An HTTP Request Smuggling / Desync testing tool written in Python 3 Acknowledgements A special thanks to James Kettle for his research and methods into HTTP desyncs And a special thanks to Ben Sadeghipour for beta testing Smuggler and for allowing me to discuss my work at Nahamcon 2020 IMPORTANT This tool does not guaranteeRead More

PeTeReport – An Open-Source Application Vulnerability Reporting Tool

PeTeReport (PenTest Report) is an open-source application vulnerability reporting tool designed to assist pentesting/redteaming efforts, by simplifying the task of writting and generation of reports. Focused in product security, the tool help security researchers and pentesters to provide detailed findings, appendix, attack paths and manage a finding template database to avoid wasting time spent inRead More

VECTR – A Tool That Facilitates Tracking Of Your Red And Blue Team Testing Activities To Measure Detection And Prevention Capabilities Across Different Attack Scenarios

VECTR documentation can be found here: VECTR Community Discord Channel: VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios. VECTR provides the ability to create assessment groups, which consist of a collection of Campaigns and supporting TestRead More

Terra – OSINT Tool On Twitter And Instagram

OSINT Tool On Twitter And Instagram. Installation Clone the github repo $ git clone Change Directory $ cd terra Requirements : For requirements run following commands: $ python3 -m pip install -r requirements.txt Note For Twitter Credentials : You need credentials which are listed in twitter.yml file in creds folder for using terra. YouRead More