HackGit

2022-06-10 17:17:00 ​HopLa

All the power of PayloadsAllTheThings, without the overhead. This extension adds autocompletion support and useful payloads in #Burp Suite to make your intrusion easier.

Feel free to improve with your payloads !

https://github.com/synacktiv/HopLa Открыть/Комментировать

2022-06-10 17:17:00 Codewarrior

Just another tool for static code analysis.

Features:
Code search by regex pattern
Resources to custom rules
HTTPd view with web socket resources
Recursive scan
Syntax highlight by programming language

https://github.com/CoolerVoid/codewarrior Открыть/Комментировать

2022-06-10 12:51:09 ​Active Directory Exploitation Cheat Sheet This cheat sheet contains common enumeration and attack methods for Windows Active Directory. https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet Details: https://reconshell.com/active-directory… Открыть/Комментировать

2022-06-10 11:11:00 ​PSBettercap

Control multiple Bettercap nodes through REST API.

Features:
Control multiple Bettercap nodes through REST API
Runs in Windows and Linux (pwsh)
Change wifi adapter, channel(s), ttl per node
Saves individual node settings
Save GPS location with accesspoint
Generate KML file
Generate csv File
Save and resume sessions

https://github.com/MelroyB/PSBettercap Открыть/Комментировать

2022-06-10 11:11:00 #Follina Exploiter_CLI

Exploit Microsoft Zero-Day Vulnerability Follina (CVE-2022-30190)

https://github.com/Hrishikesh7665/Follina_Exploiter_CLI Открыть/Комментировать

2022-06-10 11:11:00 ​raptor_waf

Raptor is a Web application firewall made in C that uses DFA to block SQL injection, Cross-site scripting, and path traversal.

https://github.com/CoolerVoid/raptor_waf

Research:
http://funguscodes.blogspot.com.br/ Открыть/Комментировать

2022-06-10 11:11:00 ​CloudGraph

Free open-source universal GraphQL API and Cloud Security Posture Management (CSPM) tool for AWS, Azure, GCP, and K8s. With CloudGraph you get:

Free and effortless compliance checks (i.e. Azure CIS 1.3.1, GCP CIS 1.2, AWS CIS 1.2, AWS CIS 1.3, AWS CIS 1.4, AWS PCI 3.2.1, AWS NIST 800-53 Rev. 4)
Type-Safe asset inventories for all of your resources in all of your cloud environments
Automatically generated documentation and query validation - know if your query is valid before you send it!
Full resource data including relationships between resources so you can understand context
Historical snapshots of your data over time
A single endpoint to query all of your cloud data at once (i.e. get AWS + GCP data in the same query, or compare AWS stage with AWS prod)
Enhanced billing data (AWS only)
Enhanced CloudWatch data (AWS EC2 only)

https://github.com/cloudgraphdev/cli Открыть/Комментировать

2022-06-10 11:11:00 ​Cansina

Web Content Discovery Application.

It is well known Web applications don't publish all their resources or public links, so the only way to discover these resources is requesting for them and check the response.

Cansina duty is to help you making requests and filtering and inspecting the responses to tell apart if it is an existing

Features:
Data persistence with sqlite database
Optional output in CSV format
Multithreading
Multiextension
Custom headers
Multiple wordlists from directories
Content detection
Filter results by size
Filter results by content
URL pattern (***) to interpolate strings
SSL support
Proxy support
Basic Authentication
Cookie jar
Resuming
Path recursion
Persistent connections
Complementary tools

https://github.com/deibit/cansina Открыть/Комментировать

2022-06-10 10:23:20 ​Converting C# Tools to PowerShell

In this post, we will be looking at how we can make our own PowerSharpPack by learning how to convert ANY C# tool into a PowerShell script ourselves.

This is useful in cases where we want to modify a specific tool’s default behavior, use a tool that hasn’t already been converted for us, or use a custom tool that we develop ourselves.

https://github.com/S3cur3Th1sSh1t/PowerSharpPack

Research:
https://icyguider.github.io/2022/01/03/Convert-CSharp-Tools-To-PowerShell.html Открыть/Комментировать

2022-06-10 10:18:07 ​Stratus Red Team

Stratus Red Team is "Atomic Red Team " for the cloud, allowing to emulate offensive attack techniques in a granular and self-contained manner.

https://github.com/DataDog/stratus-red-team Открыть/Комментировать