HackGit

2022-07-17 16:16:01 Salus - SBOM Tool

The SBOM tool is a highly scalable and enterprise ready tool to create SPDX 2.2 compatible SBOMs for any variety of artifacts.

https://github.com/microsoft/sbom-tool Открыть/Комментировать

2022-07-17 16:16:00 ​​Oralyzer

Open Redirection Analyzer.

Simple #python script, capable of identifying the open redirection vulnerability on a website. It does that by fuzzing the URL i.e. provided as the input.

Features:
Improved DOM XSS detection mechanism
Test multiple parameters in one run
CRLF Injection Detection

https://github.com/r0075h3ll/Oralyzer Открыть/Комментировать

2022-07-17 14:14:01 ​​Awesome Privacy

Large data-hungry corporations dominate the digital world but with little, or no respect for your privacy. Migrating to open-source applications with a strong emphasis on security will help stop corporations, governments, and hackers from logging, storing or selling your personal data.

https://github.com/Lissy93/awesome-privacy

Website:
https://awesome-privacy.xyz/ Открыть/Комментировать

2022-07-17 10:10:03 ​​ProcessGhosting

Small POC for process ghosting

This is a C# implementation of the original Process Ghosting written in C Original #POC.

For easier understanding, the target file name and path have been hardcoded.

https://github.com/dosxuz/ProcessGhosting

Understanding Process Ghosting in detail
https://dosxuz.gitlab.io/post/processghosting/ Открыть/Комментировать

2022-07-17 10:10:02 ​​Pretender

Cross-platform tool to obtain a machine-in-the-middle position inside Windows networks.

https://github.com/RedTeamPentesting/pretender

Introducing pretender - your new sidekick for relaying attacks
https://blog.redteam-pentesting.de/2022/introducing-pretender Открыть/Комментировать

2022-07-17 10:10:01 ​​RustyTokenManipulation

just manipulatin these here tokens yes sir nothing weird.

https://github.com/HuskyHacks/RustyTokenManipulation

Failing All The Way To Token Manipulation:
https://notes.huskyhacks.dev/notes/failing-all-the-way-to-token-manipulation-part-1 Открыть/Комментировать

2022-07-17 10:10:00 ​​rbcd-attack

Abusing Kerberos Resource-Based Constrained Delegation

This repo is about a practical attack against Kerberos Resource-Based Constrained Delegation in a Windows Active Directory Domain.

The difference from other common implementations is that we are launching the attack from outside of the Windows Domain, not from a domain joined (usually Windows) computer.

The attack is implemented using only Python3 Impacket (and its dependencies). Tested on Arch with up-to-date Impacket (0.9.21 as of writing).

https://github.com/tothi/rbcd-attack Открыть/Комментировать

2022-07-16 17:17:02 ​​FAME

Recursive acronym meaning “FAME Automates Malware Evaluation”.

It is meant to facilitate the analysis of malicious files, leveraging as much knowledge as possible in order to speed up and automate end-to-end analysis.

Best case scenario: the analyst drops a sample, waits for a few minutes, and FAME is able to determine the malware family and extract its configuration and IOCs.

FAME is a Python application that relies on the following technologies:
flask for the web framework
celery for background tasks
MongoDB (and pymongo) for the database

https://github.com/certsocietegenerale/fame Открыть/Комментировать

2022-07-16 17:17:01 ​​Antares

Cross-platform #SQL client.

Antares is an SQL client based on Electron.js and Vue.js that aims to become a useful tool, especially for developers.

Features:
Multiple database connections at same time.
Database management (add/edit/delete).
Full tables management, including indexes and foreign keys.
Views, triggers, stored routines, functions and schedulers management (add/edit/delete).
A modern and friendly tab system; keep open every kind of tab you need in your workspace.
Fake table data filler to generate tons of data for test purpose.
Query suggestions and auto complete.
Query history: search through the last 1000 queries.
SSH tunnel support.
Manual commit mode.
Import and export database dumps.

https://github.com/antares-sql/antares Открыть/Комментировать

2022-07-16 17:17:00 ​​KubeEye

Find various problems on Kubernetes (misconfigs, unhealthy components and more).

KubeEye is an audit tool for Kubernetes to discover Kubernetes resources (by OPA ), cluster components, cluster nodes (by Node-Problem-Detector) and other configurations are meeting with best practices, and giving suggestions for modification.

KubeEye supports custom audit rules and plugins installation. Through KubeEye Operator, you can view audit results and modify suggestions by the website.

https://github.com/kubesphere/kubeeye Открыть/Комментировать