[*] A tool that helps you can easy using frida. It support script for trace classes, functions, and modify the return values of methods on iOS platform. For Android platform: frida-android-hook For Intercept Api was encrypted on iOS application: frida-ios-interceprt-api Env OS Support OS Supported Noted MacOS ✅ main Linux ✅ sub WindowsRead More
Reposaur is the open source compliance tool for development platforms. Audit, verify and report on your data and configurations easily with pre-defined and/or custom policies. Supports GitHub. GitLab, BitBucket and Gitea support soon. Getting Started Have you ever felt like you don’t know what’s happening in your GitHub/GitLab/BitBucket repositories? Between 100s or 1000s of themRead More
OSINT tool to scrape names and usernames from large friend lists on Facebook, without being rate limited. Getting started: Install using pip: python -m pip install fb-friend-list-scraper Script is now installed as fbfriendlistscraper Run with -h or –help to show usage information. Usage: usage: fbfriendlistscraper [-h] -e EMAIL [-p PASSWORD] -u USERNAME [-o OUTFILE] [-w]Read More
C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike. Installation chmod u+x install.sh./install.sh Building Docker image docker build -t C2concealer . Running with Docker docker container run -it -v <cobalt_strike_location>:/usr/share/cobaltstrike/ C2concealer –hostname google.com –variant 3 Example Usage Usage: $ C2concealer –hostname google.com –variant 3Flags: (optional) –hostname TheRead More
Grafiki is a Django project about Sysmon and graphs, for the time being. In my opinion EventViewer, Elastic and even Kibana, are not graphic enough. The current threats are complicated and if attackers think in graphs, defenders also must do it. This is a proof of concept, the code was not debugged jet but maybeRead More
Chlonium is an application designed for cloning Chromium Cookies. From Chromium 80 and upwards, cookies are encrypted using AES-256 GCM, with a state key which is stored in the Local State file. This state key is encrypted using DPAPI. This is a change from older versions, which used DPAPI to encrypt each cookie item inRead More
This tool is designed to enumerate users, password spray and perform brute force attacks against any organisation that utilises Azure AD or O365. Generally, this endpoint provides extremely verbose errors which can be leveraged to enumerate users and validate their passwords via brute force/spraying attacks, while also failing to log any failed authentication attempts. ThisRead More
KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems. It scans both runtime K8s clusters and CI/CD pipelines for enhanced software supply chain security. SBOM & vulnerability detection challenges Effective vulnerability scanning requires an accurate Software Bill Of Materials (SBOM) detection: Various programmingRead More
What is it? AutoResponder is a tool aimed to help people to carry out their Incident Response tasks WITH the help of Carbon Black Response’s awesome capabilities and WITHOUT much bothering IT/System/Network Teams What can it do? Module ✔️ / ❌ Delete Files ✔️ Delete Registry Values ✔️ Delete Win32 Service Entries ✔️ Delete ScheduledRead More
Multi cloud iam permissions enumeration tool. Currently covers: AWS GCP [TODO] Azure [TODO] Oracle Description Cliam is a simple cloud permissions identifier. There are two main components to the CLI. Most of the enumerated permissions are list, describe or get permissions. Only permissions that does not require a specific resource are tested. enumerate which canRead More
