recentpopularlog in

whip_lash : tool   73

FiloSottile/age: A simple, modern and secure encryption tool with small explicit keys, no config options, and UNIX-style composability.
age is a simple, modern and secure file encryption tool.

It features small explicit keys, no config options, and UNIX-style composability.
encryption  security  cli  linux  tool 
6 weeks ago by whip_lash
Announcing General Availability of CloudSploit by Aqua for GCP
Aqua Security announced the general availability of CloudSploit by Aqua for Google Cloud Platform (GCP). This release comes after an extended beta program, during which we worked closely with our customers to develop and deliver a robust set of out-of-the-box policies for GCP. This release also includes a Center for Internet Security (CIS) benchmark certification for GCP.
gcp  security  tool  cloud 
10 weeks ago by whip_lash
WeirdAAL (AWS Attack Library) Basics from the Authors - The Ethical Hacker Network
WeirdAAL has two goals related to the AWS keys you find, procure, or need to test. First, answer the “what can I do with this AWS key pair” from a blackbox perspective. Secondly, be a repository of useful functions, both offensive and defensive, to interact with AWS Services. This article is meant to be a basic tutorial to get you started.
aws  pentest  weirdaal  tool  python 
september 2019 by whip_lash
Making an Image Easier to Debug · 0xd4d/dnSpy Wiki
The best way to make debugging easier is to edit the assembly attributes.
dotnet  debugging  debugger  debug  dotnetspy  tool 
september 2019 by whip_lash
aquasecurity/kube-hunter: Hunt for security weaknesses in Kubernetes clusters
Run kube-hunter on any machine (including your laptop), select Remote scanning and give the IP address or domain name of your Kubernetes cluster. This will give you an attackers-eye-view of your Kubernetes setup.
kubernetes  tool  pentest 
august 2019 by whip_lash
RedTeamOperations/PivotSuite: Network Pivoting Toolkit
PivotSuite as a Server :

If the compromised host is directly accessable (Forward Connection) from Our pentest machine, Then we can run pivotsuite as a server on compromised machine and access the different subnet hosts from our pentest machine, Which was only accessable from compromised machine.
PivotSuite as a Client :

If the compromised host is behind a Firewall / NAT and isn't directly accessable from our pentest machine, Then we can run pivotsuite as a server on pentest machine and pivotsuite as a client on compromised machine for creating a reverse tunnel (Reverse Connection). Using this we can reach different subnet hosts from our pentest machine, which was only accessable from compromised machine.
pivoting  postexploitation  pentest  tool 
august 2019 by whip_lash
amass — Automated Attack Surface Mapping | Daniel Miessler
amass is a powerful tool that helps both attackers and defenders improve their game. It’s possible to find one-off tools that might do some of these functions better, but such tools often decay quickly into obsolescence.

It’s quite nice to have a solid, well-organized tool that can do most of what we need from a single place.
amass  recon  pentest  tool 
july 2019 by whip_lash
Salsa Tools - ShellReverse TCP/UDP/ICMP/DNS/SSL/BINDTCP and AV bypass, AMSI patched
Salsa Tools is a collection of three different tools that combined, allows you to get a reverse shell on steroids in any Windows environment without even needing PowerShell for it's execution. In order to avoid the latest detection techniques (AMSI), most of the components were initially written on C#.
windows  pentest  reverseshell  amsi  tool 
june 2019 by whip_lash
GitHub - SpiderLabs/scavenger: scavenger : is a multi-threaded post-exploitation scanning tool for scavenging systems, finding most frequently used files and folders as well as "interesting" files containing sensitive information.
Favorite tweet:

Have creds to a network? Need help finding sensitive files and passwords?

1) git clone https://t.co/Y9MItRmVOp
2) python3 ./scavenger.py smb -t 10.0.0.10 -u administrator -p Password123 -d test.localhttps://t.co/0ZwMrFR4y7

— Paul Seekamp (@nullenc0de) June 18, 2019
postexploitation  pentest  tool 
june 2019 by whip_lash
AWS Policy Generator
The AWS Policy Generator is a tool that enables you to create policies that control access to Amazon Web Services (AWS) products and resources. For more information about creating policies, see key concepts in Using AWS Identity and Access Management. Here are sample policies.
aws  policy  tool  security 
june 2019 by whip_lash
GitHub - mthbernardes/rsg: ReverShellGenerator - A tool to generate various ways to do a reverse shell
ReverShellGenerator - A tool to generate various ways to do a reverse shell - mthbernardes/rsg
reverseshell  pentest  tool 
may 2019 by whip_lash
GitHub - bitsadmin/nopowershell: PowerShell rebuilt in C# for Red Teaming purposes
NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used; only native .NET libraries.
pentest  powershell  security  c#  tool 
april 2019 by whip_lash
Sh00T - A Testing Environment for Manual Security Testers - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
Sh00t
is a task manager to let you focus on performing security testing
provides To Do checklists of test cases
helps to create bug reports with customizable bug templates
pentest  security  tool  notes 
january 2019 by whip_lash
GitHub - Wox-launcher/Wox: Launcher for Windows, an alternative to Alfred and Launchy.
WoX is a launcher for Windows that simply works. It's an alternative to Alfred and Launchy. You can call it Windows omni-eXecutor if you want a long name.
app  windows  tool  productivity 
january 2019 by whip_lash
GitHub - TheSecondSun/Shellab: Linux and Windows shellcode enrichment utility
Shellab is a tool that can be used to improve existing shellcodes and adapt them for personal needs. Developed to provide an alternative to msfvenom with new functionalities. Suitable for both Windows and Linux shellcode (32 and 64 bit).
hacking  tool  shellcode  exploit  development 
december 2018 by whip_lash
Being a Good Domain Shepherd – Posts By SpecterOps Team Members
DomainCheck pulls a list of domains registered under the provided Namecheap account, collects the DNS records set for each domain, and then reviews each one to ensure it is ready to be used. This involves checking to see if WhoisGuard is enabled, the domain is not expired, the domain is properly categorized, the domain has not been flagged in VirusTotal or tagged with a bad category, and the domain is not blacklisted for spam.

The DomainReview class uses the following sources to check the health of a domain name:

Cisco Talos
Bluecoat
IBM X-Force
Fortiguard
TrendMicro
OpenDNS
MXToolbox
VirusTotal
Cymon
c2  domain  tool  pentest 
december 2018 by whip_lash
From Kekeo to Rubeus – Posts By SpecterOps Team Members
Today I’m releasing Rubeus, the start of a C# reimplementation of some (not all) of Kekeo’s functionality. I’ve wanted to dive deeper into Kerberos structures and exchanges for a while in order to better understand the entire system, and this project provided the perfect excuse to jump right in.
kerberos  activedirectory  security  pentest  tool 
september 2018 by whip_lash
Singularity - A DNS Rebinding Attack Framework - KitPloit - PenTest Tools for your Security Arsenal ☣
DNS rebinding changes the IP address of an attacker controlled machine name to the IP address of a target application, bypassing the same-origin policy and thus allowing the browser to make arbitrary requests to the target application and read their responses. The Singularity DNS server is responding with short time to live (TTL) records, minimizing the time the response is cached. When the victim browses to the Singularity manager interface, the Singularity's DNS server first responds with the IP address of Singularity itself where the client-side code (payload) is hosted. When the DNS record times out, the Singularity DNS server responds with the IP address of the target host (e.g. 127.0.0.1) and the victim's browser can access the target application, circumventing the browser's same-origin policy.
dns  pentest  tool 
september 2018 by whip_lash
Wildpwn - Unix Wildcard Attack Tool - KitPloit - PenTest Tools for your Security Arsenal ☣
Wildpwn is a Python UNIX wildcard attack tool that helps you generate attacks, based on a paper by Leon Juranic. It’s considered a fairly old-skool attack vector, but it still works quite often.
unix  exploit  linux  pentest  tool 
september 2018 by whip_lash
Samy Kamkar - pwnat: NAT to NAT client-server communication
Simply put, this is a proxy server that works behind a NAT,
even when the client is behind a different NAT, without any
3rd party or network changes.

There is no middle man, no proxy, no 3rd party,
no UPnP/STUN/ICE required, no spoofing, and no DNS tricks.
linux  networking  tool  proxy 
september 2018 by whip_lash
GitHub - lanjelot/patator: Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.
Patator was written out of frustration from using Hydra, Medusa, Ncrack, Metasploit modules and Nmap NSE scripts for password guessing attacks. I opted for a different approach in order to not create yet another brute-forcing tool and avoid repeating the same shortcomings.
bruteforce  pentest  patator  tool  passwords 
august 2018 by whip_lash
GitHub - quentinhardy/odat: ODAT: Oracle Database Attacking Tool
ODAT (Oracle Database Attacking Tool) is an open source penetration testing tool that tests the security of Oracle Databases remotely.
oracle  database  pentest  security  tool 
august 2018 by whip_lash
GitHub - pentestmonkey/pysecdump: Python-based tool to dump security information from Windows systems
pysecdump is a python tool to extract various credentials and secrets from running Windows systems. It currently extracts:

LM and NT hashes (SYSKEY protected)
Cached domain passwords
LSA secrets
Secrets from Credential Manager (only some)
pentest  security  tool 
august 2018 by whip_lash
Cyberduck | Libre server and cloud storage browser for Mac and Windows with support for FTP, SFTP, WebDAV, Amazon S3, OpenStack Swift, Backblaze B2, Microsoft Azure & OneDrive, Google Drive and Dropbox
Cyberduck is a libre server and cloud storage browser for Mac and Windows with support for FTP, SFTP, WebDAV, Amazon S3, OpenStack Swift, Backblaze B2, Microsoft Azure & OneDrive, Google Drive and Dropbox.
aws  cloud  storage  s3  tool 
july 2018 by whip_lash
One-Lin3r v1.1 - Gives You One-Liners That Aids In Penetration Testing Operations - KitPloit - PenTest Tools for your Security Arsenal ☣
Favorite tweet:

#OneLin3r v1.1 - Gives You One-Liners That Aids In Penetration #Testing Operations https://t.co/AWvpLnt1ND pic.twitter.com/74zGjoV9Ve

— ☣ The Hacker Tools (@KitPloit) June 14, 2018
pentest  security  tool 
june 2018 by whip_lash
fireeye/flare-floss: FireEye Labs Obfuscated String Solver - Automatically extract obfuscated strings from malware.
The FireEye Labs Obfuscated String Solver (FLOSS) uses advanced static analysis techniques to automatically deobfuscate strings from malware binaries. You can use it just like strings.exe to enhance basic static analysis of unknown binaries.
forensics  malware  analysis  tool  strings 
may 2018 by whip_lash
GitHub - bettercap/bettercap: The Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and attacks.
bettercap is the Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and attacks.
github  network  pentest  tool 
may 2018 by whip_lash
rsc/tcat: Table cat
Tcat reads the named input files, splits each line into space-separate fields, and then reprints the input aligning columns of fields.
linux  text  tool 
february 2018 by whip_lash
StreisandEffect/streisand: Streisand sets up a new server running L2TP/IPsec, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, a Tor bridge, and WireGuard. It also generates custom instructions for all of these services. At the end of the run yo
Streisand sets up a new server running L2TP/IPsec, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, a Tor bridge, and WireGuard. It also generates custom instructions for all of these services. At the end of the run you are given an HTML file with instructions that can be shared with friends, family members, and fellow activists.
github  privacy  security  tool  vpn 
february 2018 by whip_lash
codeexpress/respounder: Respounder detects presence of responder in the the network.
Respounder sends LLMNR name resolution requests for made-up hostnames that do not exist. In a normal non-adversarial network we do not expect such names to resolve. However, a responder, if present in the network, will resolve such queries and therefore will be forced to reveal itself.
responder  security  tool 
february 2018 by whip_lash
R-Smith/tcpTrigger: A windows service that notifies you of incoming network connections
As far as I know, tcpTrigger is currently the only solution capable of detecting NetBIOS and LLMNR name poisoning.  The way it works is very simple:  every few minutes it broadcasts NetBIOS and LLMNR name queries for fictitious names, and if a response is returned, an alert is triggered.
responder  windows  security  tool  github 
february 2018 by whip_lash
disassembler.io
A lightweight, online service for when you don’t have the time, resources, or requirements to use a heavier-weight alternative. Explore executables by dissecting its sections, strings, symbols, raw hex and machine level instructions.
assembly  web  disassemble  disassembler  reverse-engineering  tool 
december 2016 by whip_lash
Online investigation tool - IP, DNS, MX, WHOIS and SEO tools
Tcpiputils.com provides the ultimate online investigation tool. See detailed information about every IP address, domain name and provider. Perform network tests like DNS lookup, email testing and WHOIS lookup.
domain  networking  tool  IP  Whois  dns 
december 2016 by whip_lash

Copy this bookmark:





to read