More results...
Today, we will present a new tool for gathering information to identify subdomains linked to a particular domain. The subdomains that should be “blog.kalilinuxtutorials.com” and “store.kalilinuxtutorials.com” are subdomains of the “kalilinuxtutorials.com” domain. What is Subdomain? Subdomains are created as subsets of the primary domain name to help organize and navigate different website sections. The primary […]
Gathering information is essential in ethical hacking, as it entails accumulating extensive data regarding the targeted system or organization. The significance of this phase lies in the greater the amount of information an ethical hacker possesses, the more equipped they are to recognize vulnerabilities and possible avenues of attack. Open Source Intelligence (OSINT) OSINT involves […]
FindUncommonShares.py is a Python equivalent of PowerView’s Invoke-ShareFinder.ps1 allowing to quickly find uncommon shares in vast Windows Domains. Features Usage Examples : Each JSON entry looks like this: { “computer”: { “fqdn”: “DC01.LAB.local”, “ip”: “192.168.1.1” }, “share”: { “name”: “ADMIN$”, “comment”: “Remote Admin”, “hidden”: true, “uncpath”: “\\\\192.168.1.46\\ADMIN$\\”, “type”: { “stype_value”: 2147483648, “stype_flags”: [ “STYPE_DISKTREE”, “STYPE_TEMPORARY” […]
GPT_Vuln-analyzer uses ChatGPT API and Python-Nmap module to use the GPT3 model to create vulnerability reports based on Nmap scan data. This is a Proof Of Concept application demonstrating how AI can generate accurate results for vulnerability analysis and allows further utilization of the already super helpful ChatGPT. The tool supports both Windows and Linux. […]
CertVerify is a scanner that files with compromised or untrusted code signing certificates written in python. The CertVerify is a tool designed to detect executable files (exe, dll, sys) that have been signed with untrusted or leaked code signing certificates. The purpose of this tool is to identify potentially malicious files that have been signed […]
CertWatcher is a tool for capture and tracking certificate transparency logs, using YAML templates based DSL. CertWatcher is a tool for capture and tracking certificate transparency logs, using YAML templates. The tool helps to detect and analyze phishing websites and regular expression patterns, and is designed to make it easy to use for security professionals […]
MacOSThreatTrack is a Bash tool used for proactive detection of malicious activity on macOS systems. The tool is being tested in the beta phase, and it only gathers MacOS system information at this time. The code is poorly organized and requires significant improvements. Description Bash tool used for proactive detection of malicious activity on macOS […]
Graphicator is a GraphQL “scraper” / extractor. The tool iterates over the introspection document returned by the targeted GraphQL endpoint, and then re-structures the schema in an internal form so it can re-create the supported queries. When such queries are created is using them to send requests to the endpoint and saves the returned response […]
DataSurgeon (ds) is a versatile tool designed for incident response, penetration testing, and CTF challenges. It allows for the extraction of various types of sensitive information including emails, phone numbers, hashes, credit cards, URLs, IP addresses, MAC addresses, SRV DNS records and a lot more! Extraction Features Want more? Please read the contributing guidelines here […]
Thunderstorm is a modular framework to exploit UPS devices. For now, only the CS-141 and NetMan 204 exploits will be available. The beta version of the framework will be released on the future. CVE Thunderstorm is currently capable of exploiting the following CVE: Requirements Download It is recommended to clone the complete repository or download […]