dazzleUP – A Tool That Detects The Privilege Escalation Vulnerabilities Caused By Misconfigurations And Missing Updates In The Windows OS

A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems. dazzleUP detects the following vulnerabilities.Exploit ChecksThe first feature of dazzleUP is that it uses Windows Update Agent API instead of WMI (like others) when finding missing patches. dazzleUP checks the following vulnerabilities. DCOM/NTLM Reflection (Rotten/Juicy Potato)Read More

hackerEnv – An Automation Tool That Quickly And Easily Sweep IPs And Scan Ports, Vulnerabilities And Exploit Them

hackerEnv is an automation tool that quickly and easily sweep IPs and scan ports, vulnerabilities and exploit them. Then, it hands you an interactive shell for further testing. Also, it generates HTML and docx reports. It uses other tools such as nmap, nikto, metasploit and hydra. Works in kali linux and Parrot OS. Do notRead More

Tsunami – A General Purpose Network Security Scanner With An Extensible Plugin System For Detecting High Severity Vulnerabilities With High Confidence

Tsunami is a general-purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.To learn more about Tsunami, visit our documentations.Tsunami relies heavily on its plugin system to provide basic scanning capabilities. All publicly available Tsunami plugins are hosted in a separate google/tsunami-security-scanner-plugins repository.Current Status Currently Tsunami is in ‘pre-alpha’ releaseRead More

Shodanfy.py – Get Ports, Vulnerabilities, Informations, Banners, ..Etc For Any IP With Shodan (No Apikey! No Rate-Limit!)

Get ports,vulnerabilities,informations,banners,..etc for any IP with Shodan (no apikey! no rate limit!)Usage # python3 shodanfy.py <ip> [OPTIONS] e.g: python3 shodanfy.py python3 shodanfy.py –getports python3 shodanfy.py –getvuln python3 shodanfy.py –getinfo python3 shodanfy.py –getmoreinfo python3 shodanfy.py –getbanner python3 shodanfy.py –getports –getvuln python3 shodanfy.py –proxy support pipeline, –stdin optionRead More

RMIScout – Wordlist And Bruteforce Strategies To Enumerate Java RMI Functions And Exploit RMI Parameter Unmarshalling Vulnerabilities

RMIScout performs wordlist and bruteforce attacks against exposed Java RMI interfaces to safely guess method signatures without invocation.On misconfigured servers, any known RMI signature using non-primitive types (e.g., java.lang.String), can be exploited by replacing the object with a serialized payload. This is a fairly common misconfiguration (e.g., VMWare vSphere Data Protection + vRealize Operations Manager,Read More

Vulnx v2.0 – An Intelligent Bot Auto Shell Injector That Detect Vulnerabilities In Multiple Types Of CMS (WordPress , Joomla , Drupal , Prestashop …)

Vulnx is An Intelligent Bot Auto Shell Injector that detects vulnerabilities in multiple types of Cms, fast cms detection,informations gathering and vulnerabilitie Scanning of the target like subdomains, ipaddresses, country, org, timezone, region, ans and more …Instead of injecting each and every shell manually like all the other tools do, VulnX analyses the target websiteRead More

XXExploiter – Tool To Help Exploit XXE Vulnerabilities

I wrote this tool to help me testing XXE vulnerabilities.It generates the XML payloads, and automatically starts a server to serve the needed DTD’s or to do data exfiltration.IMPORTANT: This tool is still under development and although most of its features are already working, some may have not been tested properly.Building & RunningThis is aRead More

SUDO_KILLER – A Tool To Identify And Exploit Sudo Rules’ Misconfigurations And Vulnerabilities Within Sudo

Linux Privilege Escalation through SUDO abuse.If you like the tool and for my personal motivation so as to develop other tools please a +1 star *The tool can be used by pentesters, system admins, CTF players, students, System Auditors and trolls :). INTRO**WARNING: SUDO_KILLER is part of the KILLER project. SUDO_KILLER is still under developmentRead More

InjuredAndroid – A Vulnerable Android Application That Shows Simple Examples Of Vulnerabilities In A CTF Style

A vulnerable Android application with ctf examples based on bug bounty findings, exploitation concepts, and pure creativity. Setup for a physical device Download injuredandroid.apk from Github Enable USB debugging on your Android test phone. Connect your phone and your pc with a usb cable. Install via adb. adb install injuredandroid.apk. Note: You need to useRead More