HackGit

2022-08-30 18:18:00 ​​Shreder

A powerful multi-threaded SSH protocol password brute-force tool.

Features:
Very fast password guessing, just one password in 0.1 second.
Optimized for big password lists, Shreder tries 1000 passwords in 1 minute and 40 seconds.
Simple CLI and API usage.

https://github.com/EntySec/Shreder Открыть/Комментировать

2022-08-30 17:17:01 ​​WhiskeySAML and Friends

TicketsPlease: Python library to assist with the generation of Kerberos tickets, remote retrieval of ADFS configuration settings, generation of Golden SAML tokens, and retrieval of Azure Access Tokens.

WhiskeySAML: Proof of concept tool for a Golden SAML attack with Remote ADFS Configuration Extraction. This tool leverages the TicketsPlease library.

ShockNAwe: Proof of concept tool to generate a Golden SAML token that will be used to request an Access Token from Azure Core Management which will then be used to enumerate and attack the virtual machines within the Azure subscription.

https://github.com/secureworks/whiskeysamlandfriends

t.me/hackgit Открыть/Комментировать

2022-08-30 17:17:00 ​​RomBuster

A router exploitation tool that allows to disclosure network router admin password.

Features:
Exploits vulnerabilities in most popular routers such as D-Link, Zyxel, TP-Link, Cisco and Huawei.
Optimized to exploit multiple routers at one time from list.
Simple CLI and API usage.

https://github.com/EntySec/RomBuster

t.me/hackgit Открыть/Комментировать

2022-08-30 16:16:00 ​​Knockles

eBPF Port Knocking Tool

Knockles, is a port knocking tool based on eBPF. It allows you to remotely open a TCP connection while being completely invisible to port scanners.

A single SYN request is sent on an opened || closed port.
It carries an OTP for authentication so you can be the only one to open a port.
Once authentified, a random (HMAC based) port is opened for a TCP connection.
Then, the port is closed as soon as a connection has been established.

https://github.com/eeriedusk/knockles

t.me/hackgit Открыть/Комментировать

2022-08-30 15:15:01 ​​mscan

A domain penetration scanning tool that facilitates one-click automated, all-inclusive information gathering and scanning for domain lifting vulnerabilities.

Supports common domain information collection, Zerologon, Nopac, Spooler, MS17010 scanning and other features.

https://github.com/lele8/mscan Открыть/Комментировать

2022-08-30 15:15:00 ​​Pentdocks

Web application pentesting tools for docker.

Usually, people who have one laptop face problems when multitasking. While pentesting, I used to install and run VMware in ubuntu to run other tools to finish my work faster.

So i found a way to solve this using docker and I fell in love with it. The most amazing thing that i'm fascinated about is that the docker is just like an OS, internally running. You can keep backups using sudo docker save os:latest > os.tar and many more. just try it, you will love it.

https://github.com/diwsec/pentdocks

@HackGit Открыть/Комментировать

2022-08-30 14:14:01 ​​NETPHY

Web network analyzer.

Available for:
Android terminal emulators
windows powershell and mac ios terminals
Linux environments

Find:
Web page header
Web page encode
Web page cookies
Web page history
Request recent page logs
Determine web page legitimate
Request web status code
Detect an hacker phish link

https://github.com/shade234sherif/NETPHY

@HackGit Открыть/Комментировать

2022-08-30 14:14:00 ​​CVE-2022-36200

FiberHome VDSL2 Modem HG150-Ub_V3.0 (PTCL) - Admin Credentials are submitted in the URL

https://github.com/afaq1337/CVE-2022-36200

#cve Открыть/Комментировать

2022-08-30 12:12:00 ​​Vulnerable-Soap-Service

It is a vulnerable SOAP web service. It is a lab environment created for people who want to improve themselves in the field of web penetration testing.

Features:

It contains the following vulnerabilities.

LFI
SQL Injection
Informaion Disclosure
Command Inejction
Brute Force
Deserialization

https://github.com/anil-yelken/Vulnerable-Soap-Service

t.me/hackgit Открыть/Комментировать

2022-08-30 10:10:02 ​​jscythe

jscythe abuses the node.js inspector mechanism in order to force any node.js/electron/v8 based process to execute arbitrary javascript code, even if their debugging capabilities are disabled.

https://github.com/evilsocket/jscythe

t.me/hackgit Открыть/Комментировать