HackGit

2022-08-30 15:15:00 ​​Pentdocks

Web application pentesting tools for docker.

Usually, people who have one laptop face problems when multitasking. While pentesting, I used to install and run VMware in ubuntu to run other tools to finish my work faster.

So i found a way to solve this using docker and I fell in love with it. The most amazing thing that i'm fascinated about is that the docker is just like an OS, internally running. You can keep backups using sudo docker save os:latest > os.tar and many more. just try it, you will love it.

https://github.com/diwsec/pentdocks

@HackGit Открыть/Комментировать

2022-08-30 14:14:01 ​​NETPHY

Web network analyzer.

Available for:
Android terminal emulators
windows powershell and mac ios terminals
Linux environments

Find:
Web page header
Web page encode
Web page cookies
Web page history
Request recent page logs
Determine web page legitimate
Request web status code
Detect an hacker phish link

https://github.com/shade234sherif/NETPHY

@HackGit Открыть/Комментировать

2022-08-30 14:14:00 ​​CVE-2022-36200

FiberHome VDSL2 Modem HG150-Ub_V3.0 (PTCL) - Admin Credentials are submitted in the URL

https://github.com/afaq1337/CVE-2022-36200

#cve Открыть/Комментировать

2022-08-30 12:12:00 ​​Vulnerable-Soap-Service

It is a vulnerable SOAP web service. It is a lab environment created for people who want to improve themselves in the field of web penetration testing.

Features:

It contains the following vulnerabilities.

LFI
SQL Injection
Informaion Disclosure
Command Inejction
Brute Force
Deserialization

https://github.com/anil-yelken/Vulnerable-Soap-Service

t.me/hackgit Открыть/Комментировать

2022-08-30 10:10:02 ​​jscythe

jscythe abuses the node.js inspector mechanism in order to force any node.js/electron/v8 based process to execute arbitrary javascript code, even if their debugging capabilities are disabled.

https://github.com/evilsocket/jscythe

t.me/hackgit Открыть/Комментировать

2022-08-30 10:10:01 ​​Commit Stream

commit-stream drinks commit logs from the Github event firehose exposing the author details (name and email address) associated with Github repositories in real time.

#OSINT / Recon uses for Redteamers / Bug bounty hunters:

Uncover repositories which employees of a target company is commiting code (filter by email domain)
Identify repositories belonging to an individual (filter by author name)
Chain with other tools such as trufflehog to extract secrets in uncovered repositories.

Defenders may find the tool useful to discover repositories that employees are committing intellectual property to.

https://github.com/robhax/commit-stream

t.me/hackgit Открыть/Комментировать

2022-08-30 10:10:00 ​​0xdork

Google dorking tool.

Google hacking, also named Google dorking, is a hacker technique that uses Google Search and other Google applications to find security holes in the configuration and computer code that websites are using. Google dorking could also be used for OSINT(Open Source Intelligence).

https://github.com/rly0nheart/oxdork

@HackGit Открыть/Комментировать

2022-08-29 18:18:01 ​​Microsoft-eventlog-mindmap

Microsoft eventlog mindmap provides an overview on well-known Microsoft products and solutions, as well as their auditing capacities. It enables defenders to enhance visibility on monitored environments for purposes like:

Log collection (eg: into a SIEM)
Threat hunting
Incident response
Forensic
Troubleshooting

https://github.com/mdecrevoisier/Microsoft-eventlog-mindmap

@HackGit Открыть/Комментировать

2022-08-29 18:18:00 ​​Shellcrypt

A single-file cross-platform quality of life tool to obfuscate a given shellcode file and output in a useful format for pasting directly into your source code.

https://github.com/iilegacyyii/Shellcrypt

@HackGit Открыть/Комментировать

2022-08-29 17:17:00 ​​DARKARMY

A Collection Of Penetration Testing Tools, you will have every script that a hacker needs.

https://github.com/D4RK-4RMY/DARKARMY

@HackGit Открыть/Комментировать