Tag: Spyware

Enumrate AWS services! with no nosies awsEnum is a python script enumrate AWS services through the provided credential. ▄▄▄▄▄▄ ▄…
The post awsEnum – Enumerate AWS Cloud Resources Based On Provided Credential appeared first on Haxf4rall.
…

Read more →

SharpWSUS is a CSharp tool for lateral movement through WSUS. There is a corresponding blog (https://labs.nettitude.com/blog/introducing-sharpwsus/) which has more detailed…
The post SharpWSUS – CSharp tool for lateral movement through WSUS app…

Read more →

Gallia is an extendable pentesting framework with the focus on the automotive domain. The scope of gallia is conducting penetration…
The post Gallia – Extendable Pentesting Framework appeared first on Haxf4rall.

Read more →

A modular command-line tool to parse, create and manipulate JSON Web Token(JWT) tokens for security testing purposes. Features Complete modularity….
The post Jwtear – Modular Command-Line Tool To Parse, Create And Manipulate JWT Tokens For Hack…

Read more →

nimc2 is a very lightweight C2 written fully in nim (implant & server). If you want to give it a…
The post Nimc2 – A C2 Fully Written In Nim appeared first on Haxf4rall.

Read more →

secureCodeBox is a kubernetes based, modularized toolchain for continuous security scans of your software project. Its goal is to orchestrate…
The post secureCodeBox (SCB) – Continuous Secure Delivery Out Of The Box appeared first on Haxf4rall.

Read more →

Emotet detection tool for Windows OS. How to use Download EmoCheck from the Releases page. Run EmoCheck on the host….
The post EmoCheck – Emotet Detection Tool For Windows OS appeared first on Haxf4rall.

Read more →

I created this project to help non-developers dive into researching Event Tracing for Windows (ETW) and Windows PreProcessor Tracing (WPP)….
The post Sealighter – Easy ETW Tracing for Security Research appeared first on Haxf4rall.

Read more →

Scout is a URL fuzzer and spider for discovering undisclosed VHOSTS, files and directories on a web server. A full…
The post Scout – Lightweight URL Fuzzer And Spider: Discover A Web Server’S Undisclosed Files, Directories And VHOSTs appe…

Read more →

PoC for MS-DFSNM coerce authentication using NetrDfsRemoveStdRoot method (and probably more but am lazy and its just PoC 😛 )….
The post DFSCoerce – PoC For MS-DFSNM Coerce Authentication Using NetrDfsRemoveStdRoot Method appeared first on Haxf4…

Read more →

a very rough work-in-progress adventure into learning nim by cobbling resources together to create a shellcode loader that implements common…
The post Nim-Loader – WIP Shellcode Loader In Nim With EDR Evasion Techniques appeared first on Haxf4r…

Read more →

Web app authorisation coverage scanning. Introduction AuthCov crawls your web application using a Chrome headless browser while logged in as…
The post Authcov – Web App Authorisation Coverage Scanning appeared first on Haxf4rall.

Read more →

[*] “Norimaci” is a simple and lightweight malware analysis sandbox for macOS. This tool was inspired by “Noriben“. Norimaci uses…
The post Norimaci – Simple And Lightweight Malware Analysis Sandbox For macOS appeared fi…

Read more →

Simple C2 over Trello’s API (Proof-of-Concept) By: Fabrizio Siciliano (@0rbz_) Update 12/30/2019 Removed hardcoded API key and Token, use input()…
The post TrelloC2 – Simple C2 Over The Trello API appeared first on Haxf4rall.

Read more →

A fully offensive framework to the 802.11 networks and protocols with different types of attacks for WPA and WEP, automated…
The post WEF – Wi-Fi Exploitation Framework appeared first on Haxf4rall.

Read more →

This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage. To…
The post MalSCCM – Tool To Abuse Local Or Remote SCCM Servers To Deploy Malicious Applications appeared first on Haxf4rall.

Read more →

Credits Author: M3n0sD0n4ld Twitter: @David_Uton Description: GooFuzz is a script written in Bash Scripting that uses advanced Google search techniques…
The post GooFuzz – Tool To Perform Fuzzing With An OSINT Approach, Managing To Enumerate Di…

Read more →

Naabu is a port scanning tool written in Go that allows you to enumerate valid ports for hosts in a…
The post Naabu – A Fast Port Scanner Written In Go With A Focus On Reliability And Simplicity appeared first on Haxf4rall.

Read more →

Finding all things on-prem Microsoft for password spraying and enumeration. The tool will used a list of common subdomains associated…
The post Msprobe – Finding All Things On-Prem Microsoft For Password Spraying And Enumeration appeared first …

Read more →

Often a Red Team engagement is more than just achieving Domain Admin. Some clients will want to see if specific…
The post SharpSniper – Find Specific Users In Active Directory Via Their Username And Logon IP Address appeared first on Haxf4rall.

Read more →

This repository is a Dockerized php application containing some XSS vulnerability challenges. The ideas behind challenges are: Javascript validation bypass…
The post Xss_Vulnerability_Challenges – This Repository Is A Docker Containing Some &qu…

Read more →

The Vulnerable API (Based on OpenAPI 3)  VAmPI is a vulnerable API made with Flask and it includes vulnerabilities from…
The post VAmPI – Vulnerable REST API With OWASP Top 10 Vulnerabilities For Security Testing appeared first on Haxf4rall.

Read more →

Cervantes is an opensource collaborative platform for pentesters or red teams who want to save time to manage their projects,…
The post Cervantes – Collaborative Platform For Pentesters Or Red Teams Who Want To Save Time To Manage Their Project…

Read more →

[*] The idea of this project is to identify beacons which are unpacked at runtime or running in the context…
The post Hunt-Sleeping-Beacons – Aims To Identify Sleeping Beacons appeared first on Haxf4rall.

Read more →

In today’s technological era, docker is the most powerful technology in each and every domain, whether it is Development, cyber…
The post Nightingale – Docker Environment For Pentesting Which Having All The Required Tool For VAPT appeared…

Read more →

This script scans every file from a given folder recursively, extracts every IPv4 and IPv6 address, filters out the public…
The post OSIPs – Gathers All Valid IP Addresses From All Text Files From A Directory, And Checks Them Against Whois Data…

Read more →

  AWS Lambda is an event-driven, serverless computing platform provided by Amazon Web Services. It is a computing service that…
The post LambdaGuard – AWS Serverless Security appeared first on Haxf4rall.

Read more →

FrostByte Progolue: In the past few days I’ve been experimenting with the AppDomain manager injection technique had a decent success…
The post Frostbyte – FrostByte Is A POC Project That Combines Different Defense Evasion Techniques To Bu…

Read more →

A burp suite extension that enumerates infrastructure and application Admin Interfaces. OWASP References: Classification: Web Application Security Testing > 02-Configuration…
The post Admin-Panel_Finder – A Burp Suite Extension That Enumera…

Read more →

A simple yet flexible cross-platform shell generator tool. Name: G(Great) Shell Description: A cross-platform shell generator tool that lets you…
The post Gshell – A Flexible And Scalable Cross-Plaform Shell Generator Tool appeared first on Hax…

Read more →

GoReplay is an open-source network monitoring tool which can record your live traffic and use it for shadowing, load testing,…
The post Goreplay – Open-Source Tool For Capturing And Replaying Live HTTP Traffic Into A Test Environment In Order T…

Read more →

Persistence by writing/reading shellcode from Event Log. Usage The SharpEventPersist tool takes 4 case-sensitive parameters: -file “C:pathtoshellcode.bin” -instanceid 1337 -source…
The post SharpEventPersist – Persistence By Writing…

Read more →

ConfluencePot is a simple honeypot for the Atlassian Confluence unauthenticated and remote OGNL injection vulnerability (CVE-2022-26134). About the vulnerability You…
The post confluencePot – Simple Honeypot For Atlassian Confluence (CVE-2022-2…

Read more →

DOMDig is a DOM XSS scanner that runs inside the Chromium web browser and it can scan single page applications…
The post DOMDig – DOM XSS Scanner For Single Page Applications appeared first on Haxf4rall.

Read more →

Data exfiltration utility for testing detection capabilities Description Data exfiltration utility used for testing detection capabilities of security products. Obviously…
The post Exfilkit – Data Exfiltration Utility For Testing Detection Capa…

Read more →

Pulsar is a tool for data exfiltration and covert communication that enable you to create a secure data transfer, a…
The post Pulsar – Data Exfiltration And Covert Communication Tool appeared first on Haxf4rall.

Read more →

Transparent endpoint security Features Block and detect advanced attacks Modern audited cryptography: RustCrypto for hashing and encryption Highly compatible: Development…
The post WhiteBeam – Transparent Endpoint Security appeared first on Hax…

Read more →

Jeeves is made for looking to Time-Based Blind SQLInjection through recon. – Installation & Requirements: Installing Jeeves  $ go…
The post Jeeves – Time-Based Blind SQLInjection Finder appeared first on Haxf4rall.

Read more →