HackGit

2022-06-21 10:50:55 ​Extension Fingerprints

Chrome extensions can be detected by fetching their web accessible resources. These are files inside an extension that can be accessed by web pages. The detected extensions can be used to track you through browser fingerprinting. This scan only detects extensions from the Chrome Web Store. Read more

https://github.com/z0ccc/extension-fingerprints#extension-fingerprints

Check it out here:
https://z0ccc.github.io/extension-fingerprints

#privacy Открыть/Комментировать

2022-06-20 17:17:00 ​BypassUserAdd

https://github.com/crisprss/BypassUserAdd Открыть/Комментировать

2022-06-20 17:17:00 ​MemProcFS

The Memory Process File System (MemProcFS) is an easy and convenient way of viewing physical memory as files in a virtual file system.

Easy trivial point and click memory analysis without the need for complicated commandline arguments! Access memory content and artifacts via files in a mounted virtual file system or via a feature rich application library to include in your own projects!

Analyze memory dump files, live memory via DumpIt or WinPMEM, live memory in read-write mode via linked PCILeech and PCILeech-FPGA devices!

It's even possible to connect to a remote LeechAgent memory acquisition agent over a secured connection - allowing for remote live memory incident response - even over higher latency low band-width connections! Peek into Hyper-V Virtual Machines with LiveCloudKd!

Use your favorite tools to analyze memory - use your favorite hex editors, your python and powershell scripts, WinDbg or your favorite disassemblers and debuggers - all will work trivally with MemProcFS by just reading and writing files!

https://github.com/ufrisk/MemProcFS Открыть/Комментировать

2022-06-20 17:17:00 ​Vulnerable-AD

Create a vulnerable active directory that's allowing you to test most of active directory attacks in local lab

Main Features:
Randomize Attacks
Full Coverage of the mentioned attacks
you need run the script in DC with Active Directory installed
Some of attacks require client workstation

Supported Attacks:
Abusing ACLs/ACEs
Kerberoasting
AS-REP Roasting
Abuse DnsAdmins
Password in Object Description
User Objects With Default password (Changeme123!)
Password Spraying
DCSync
Silver Ticket
Golden Ticket
Pass-the-Hash
Pass-the-Ticket
SMB Signing Disabled

https://github.com/WazeHell/vulnerable-AD

#ad Открыть/Комментировать

2022-06-20 12:51:46 HTTPLoot

An automated tool which can simultaneously crawl, fill forms, trigger error/debug pages and "loot" secrets out of the client-facing code of sites.

https://github.com/redhuntlabs/httploot

#web Открыть/Комментировать

2022-06-20 11:11:05 ​Hunt-Sleeping-Beacons

Aims To Identify Sleeping Beacons.The idea of this project is to identify beacons which are unpacked at runtime or running in the context of another process.

To do so, I make use of the observation that beacons tend to call Sleep between their callbacks. A call to sleep sets the state of the thread to DelayExecution which is taken as a first indiciator that a thread might be executing a beacon.

After enumerating all threads whose state is DelayExecution, multiple metrics are applied to identify potential beacons

https://github.com/thefLink/Hunt-Sleeping-Beacons Открыть/Комментировать

2022-06-20 11:11:00 ​Sifter

Fully stocked Op Centre for Pentesters. Made up of over 80 different tools.

It combines a plethara of OSINT, recon and vulnerability analysis tools within catagorized modsets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the 'blue' vulnerabilities within microsoft and if unpatched, exploit them.

It uses tools like blackwidow and konan for webdir enumeration and attack surface mapping rapidly using ASM.

Gathered info is saved to the results folder, these output files can be easily parsed over to TigerShark in order to be utilised within your campaign. Or compiled for a final report to wrap up a penetration test.

https://github.com/whiterabb17/sifter

Demo:


Открыть/Комментировать

2022-06-20 11:11:00 ​DFIR Cheat Sheet

Collection of tools, tips, and resources for #DFIR (as a tree directory)

Disk
Memory
Apps
Network
Threat Intelligence
and much more

https://github.com/dfircheatsheet/dfircheatsheet.github.io Открыть/Комментировать

2022-06-20 11:11:00 Bug-Bounty

https://github.com/Anlominus/Bug-Bounty Открыть/Комментировать

2022-06-20 11:11:00 ​Vulnman

Open source pentest management application written in Python using the powerful Django framework.

It aims to have a central place to manage vulnerabilities and other penetration assets. The report generation should be as simple as possible to allow the analyst to focus on finding bugs.

https://github.com/vulnman/vulnman

Website:
https://vulnman.github.io/

Documentation:
https://vulnman.github.io/doc Открыть/Комментировать