Python-based CLI Password Analyser

The ‘pwdlyser’ tool is a Python-based CLI script that automates the arduous process of manually reviewing cracked passwords during password audits following security assessments or penetration tests. There are likely some false positives/negatives, so please use at your own discretion. Advertisements

PSPunch: Offensive Powershell Console

PS>Attack combines some of the best projects in the infosec powershell community into a self contained custom PowerShell console. It’s designed to make it easy to use PowerShell offensively and to evade antivirus and Incident Response teams. It does this with in a couple of ways. It features powerful tab-completion covering commands, parameters and file…

Fake image.jpg (hide known file extensions) to exploit targets

Legal Disclamer: The author does not hold any responsibility for the bad use of this tool, remember that attacking targets without prior consent is illegal and punished by law. Description: This module takes one existing image.jpg and one payload.exe (input by user) and builds a new payload (agent.jpg.exe) that if executed it will trigger the…

Grep rough audit – source code auditing tool

Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility grep. It’s comparable to other static analysis applications like RATS, SWAAT and flaw-finder while keeping the technical requirements to a minimum and being very flexible.

WPForce – WordPress Attack Suite

WPForce is a suite of WordPress Attack tools. Currently this contains 2 scripts – WPForce, which brute forces logins via the API, and Yertle, which uploads shells once admin credentials have been found. Yertle also contains a number of post exploitation modules.