More results...
Tai-e (Chinese: 太阿; pronunciation: [ˈtaɪə:]) is a new static analysis framework for Java (please see our technical report for details), which features arguably the “best” designs from both the novel ones we proposed and those of classic frameworks such as Soot, WALA, Doop, and SpotBugs. Tai-e is easy-to-learn, easy-to-use, efficient, and highly extensible, allowing you […]
DragonCastle is a PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process. Description Upload a DLL to the target machine. Then it enables remote registry to modify AutodialDLL entry and start/restart BITS service. Svchosts would load our DLL, set again AutodiaDLL to default value and perform a RPC […]
Ghauri is an advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws. Requirements Installation Download Ghauri You can download the latest version of Ghauri by cloning the GitHub repository. Features Advanced Usage Legal disclaimer
APTRS (Automated Penetration Testing Reporting System) is an automated reporting tool in Python and Django. The tool allows Penetration testers to create a report directly without using the Traditional Docx file. It also provides an approach to keeping track of the projects and vulnerabilities. Read Documentation here. Prerequisites Installation The tool has been tested using […]
AV|Ator is a backdoor generator utility, which uses cryptographic and injection techniques in order to bypass AV detection. More specifically: [https://attack.mitre.org/techniques/T1055/]: Usage The application has a form which consists of three main inputs (See screenshot bellow): Important note: The shellcode should be provided as a C# byte array. The default values contain shellcode that executes […]
Fuzzable is a Framework for Automating Fuzzable Target Discovery with Static Analysis. Vulnerability researchers conducting security assessments on software will often harness the capabilities of coverage-guided fuzzing through powerful tools like AFL++ and libFuzzer. This is important as it automates the bughunting process and reveals exploitable conditions in targets quickly. However, when encountering large and […]
TerraLdr is a Payload Loader Designed With Advanced Evasion Features. Details Usage Thanks For Notes Profit Demo (by @ColeVanlanding1) : Tested with cobalt strike && Havoc on windows 10
The goal of YATAS is to help you create a secure AWS environment without too much hassle. It won’t check for all best practices but only for the ones that are important for you based on my experience. Please feel free to tell me if you find something that is not covered. Features YATAS is […]
REST-Attacker is an automated penetration testing framework for APIs following the REST architecture style. The tool’s focus is on streamlining the analysis of generic REST API implementations by completely automating the testing process – including test generation, access control handling, and report generation – with minimal configuration effort. Additionally, REST-Attacker is designed to be flexible […]
DotDumper is a automatic unpacker and logger for DotNet Framework targeting files! This tool has been unveiled at Black Hat USA 2022. The automatic detection and classification of any given file in a reliable manner is often considered the holy grail of malware analysis. The trials and tribulations to get there are plenty, which is […]