Short story about Clubhouse user scraping and social graphs

TL;DR During this RedTeam testing, Hexway team used Clubhouse as a social engineering tool to find out more about their client’s employees. UPDATE: While Hexway were preparing this article for publication, cybernews.com reported: 1.3 million scraped user records leaked online for free In this research, Hexway didn’t attack Clubhouse users and didn’t exploit any ClubhouseRead More

Gitls – Enumerate Git Repository URL From List Of URL / User / Org

Enumerate git repository URL from list of URL / User / Org. Friendly to pipeline This tool is available when the repository, such as github, is included in the bugbounty scope. Sometimes specified as an org name or user name rather than a specific repository, you can use this tool to extract url from allRead More

Linux-Chrome-Recon – An Information Gathering Tool Used To Enumerate All Possible Data About An User From Google-Chrome Browser From Any Linux Distribution

“linux-chrome-recon” is a Information gathering tool used to enumerate all possible data about an user from Google-Chrome browser from any Linux distribution Intro 1.Loots possible data from Google-Chrome 2.Launches HTTP Server on /tmp directory (Usefull) 3.Simple script to receive data from Victim(One time run) 4.Clears the /tmp data when server is closed… Files retrieved :Read More

Emp3R0R – Linux Post-Exploitation Framework Made By Linux User

linux post-exploitation framework made by linux user Still under active development 中文介绍 check my blog for updates how to use what to expect (in future releases) packer: cryptor + memfd_create packer: use shm_open in older Linux kernels dropper: shellcode injector – python injector: inject shellcode into another process, using GDB port mapping: forward from CCRead More

Go365 – An Office365 User Attack Tool

Go365 is a tool designed to perform user enumeration* and password guessing attacks on organizations that use Office365 (now/soon Microsoft365). Go365 uses a unique SOAP API endpoint on login.microsoftonline.com that most other tools do not use. When queried with an email address and password, the endpoint responds with an Azure AD Authentication and Authorization code.Read More

Phirautee – A PoC Crypto Virus To Spread User Awareness About Attacks And Implications Of Ransomwares

A proof of concept crypto virus to spread user awareness about attacks and implications of ransomwares. Phirautee is written purely using PowerShell and does not require any third-party libraries. This tool steals the information, holds an organisation’s data to hostage for payments or permanently encrypts/deletes the organisation data.Phirautee is a Living off the Land (LotL)Read More

DLInjector-GUI – DLL Injector Graphical User Interface

DLInjector for Graphical User Interface.Faster DLL Injector for processes. It targets the process name to identify the target. The process does not need to be open to define the target. DLInjector waits until the process executed. USAGEDLInjector usage a very simple. Firstly, enter the target process name with exe (chrome.exe, explorer.exe).And enter the to beRead More

Screenspy – Capture user screenshots using shortcut file (Bypass SmartScreen/Defender)

Capture user screenshots using shortcut file (Bypass SmartScreen/Defender). Suport Multi-monitor Legal disclaimer:Usage of ScreenSpy for attacking targets without prior mutual consent is illegal. It’s the end user’s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this programInstall gitRead More

DNSProbe – A Tool Built On Top Of Retryabledns That Allows You To Perform Multiple DNS Queries Of Your Choice With A List Of User Supplied Resolvers

DNSProbe is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers. Features Simple and Handy utility to query DNS records. Usage dnsprobe -h This will display help for the tool. Here are all the switches it supports. Flag DescriptionRead More

X