Python-based CLI Password Analyser

The ‘pwdlyser’ tool is a Python-based CLI script that automates the arduous process of manually reviewing cracked passwords during password audits following security assessments or penetration tests. There are likely some false positives/negatives, so please use at your own discretion.

ssh_scan

Key Benefits Minimal Dependancies – Uses native Ruby and BinData to do its work, no heavy dependancies. Not Just a Script – Implementation is portable for use in another project or for automation of tasks. Simple – Just point ssh_scan at an SSH service and get a JSON report of what it supports and its…

reversemap

Analyse SQL injection attempts in web server logs The program can either be run in batch mode or interactive mode. In batch mode the program will accept Apache web server logs and will deobfuscate requested URLs from the logs. In interactive mode the program will prompt for user input and will print the deobfuscated results.

PSPunch: Offensive Powershell Console

PS>Attack combines some of the best projects in the infosec powershell community into a self contained custom PowerShell console. It’s designed to make it easy to use PowerShell offensively and to evade antivirus and Incident Response teams. It does this with in a couple of ways. It features powerful tab-completion covering commands, parameters and file…

Dradis: InfoSec Collaboration Framework

Four main goals have driven and will drive the development of Dradis, the system should: effectively share the information. Information should be available to all the clients without extra effort. be easy to use, easy to be adopted. Otherwise it would present little benefit over other systems. be flexible. It needs a powerful and simple extensions interface. In order for…

Fake image.jpg (hide known file extensions) to exploit targets

Legal Disclamer: The author does not hold any responsibility for the bad use of this tool, remember that attacking targets without prior consent is illegal and punished by law. Description: This module takes one existing image.jpg and one payload.exe (input by user) and builds a new payload (agent.jpg.exe) that if executed it will trigger the…

Moloch: database system

Moloch is an open source, large scale, full packet capturing, indexing, and database system. Moloch augments your current security infrastructure to store and index network traffic in standard PCAP format, providing fast, indexed access. An intuitive and simple web interface is provided for PCAP browsing, searching, and exporting. Moloch exposes APIs which allow for PCAP…

Grep rough audit – source code auditing tool

Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility grep. It’s comparable to other static analysis applications like RATS, SWAAT and flaw-finder while keeping the technical requirements to a minimum and being very flexible.

Python OSINT Platform: OSCAR-F

OSCAR-F is designed to aid in the process of information gathering. It was formed with the idea of not having to open so many tabs in a browser. There are a few bugs in OSCAR-F, however, we are slowly working on crushing them and working on features.

WPForce – WordPress Attack Suite

WPForce is a suite of WordPress Attack tools. Currently this contains 2 scripts – WPForce, which brute forces logins via the API, and Yertle, which uploads shells once admin credentials have been found. Yertle also contains a number of post exploitation modules.

Security Operations Center (SOC) Vs Network Operations Center (NOC)

Work in cybersecurity field is full of surprises every day. In information security, just as on a football field, if you do not understand formations, play calling, and tendencies of your opponents, then you will not be able to understand the risks your organization is facing.