HackGit

2022-06-24 10:12:26 ​​Remote Exploitation Technique For CVE 2022-31626 https://github.com/CFandR-github/PHP-binary-bugs/tree/main/cve_2022_31626_remote_exploit #php #cve Открыть/Комментировать

2022-06-23 20:02:18 ​​BokuLoader Cobalt Strike User-Defined Reflective Loader written in Assembly & C for advanced evasion capabilities. Features: Direct NT Syscalls via HellsGate & HalosGate NOHEADERCOPY - Loader will not copy headers over to beacon. Decommits the first… Открыть/Комментировать

2022-06-23 20:01:19 ​​BokuLoader

Cobalt Strike User-Defined Reflective Loader written in Assembly & C for advanced evasion capabilities.

Features:
Direct NT Syscalls via HellsGate & HalosGate
NOHEADERCOPY - Loader will not copy headers over to beacon. Decommits the first memory page which would normally hold the headers
NoRWX - The Reflective loader writes beacon with Read & Write permissions and after resolving Beacons Import Table & Relocations, changes the .TEXT code section of Beacon to Read & Execute permissions
XGetProcAddress for resolving symbols
100k UDRL Size
Caesar Cipher for string obfuscation

https://github.com/boku7/BokuLoader

@HackGit Открыть/Комментировать

2022-06-23 16:16:05 ​​CATS

REST API fuzzer and negative testing tool. Run thousands of self-healing API tests within minutes with no coding effort!

Comprehensive: tests are generated automatically based on a large number scenarios and cover every field and header

Intelligent: tests are generated based on data types and constraints; each Fuzzer have specific expectations depending on the scenario under test

Highly Configurable: high amount of customization: you can exclude specific Fuzzers, HTTP response codes, provide business context and a lot more

Self-Healing: as tests are generated, any OpenAPI spec change is picked up automatically

Simple to Learn: flat learning curve, with intuitive configuration and syntax

Fast: automatic process for write, run and report tests which covers thousands of scenarios within minutes

https://github.com/Endava/cats

@HackGit Открыть/Комментировать

2022-06-23 16:16:04 ​​Darkdump

Search The Deep Web Straight From Your Terminal

Darkdump is a simple script written in Python3.9 in which it allows users to enter a search term (query) in the command line and darkdump will pull all the deep web sites relating to that query. Darkdump wraps up the darksearch.io API - Note that darksearch.io now forbids public queries so I will be changing the new API as soon as possible.

https://github.com/josh0xA/darkdump

@HackGit Открыть/Комментировать

2022-06-23 16:16:03 ​​Fzshell

Fuzzy shell completions you didn't know you needed.

Fuzzy command line completer that fetches completions from sources predefined by a user. What does it mean? It means that now you can create custom completions for anything you want. All fzshell needs is a pattern to match and command to generate completion list. It can even insert a completion at any point in a line, not just at the end. See for yourself:

https://github.com/mnowotnik/fzshell

@HackGit Открыть/Комментировать

2022-06-23 16:16:02 ​​APIClarity

Reconstruct Open #API Specifications from real-time workload traffic seamlessly.

Microservices API challenges:
Not all applications have an OpenAPI specification available
How can we get this for legacy or external applications?
Detect whether microservices still use deprecated APIs (a.k.a. Zombie APIs)
Detect whether microservices use undocumented APIs (a.k.a. Shadow APIs)
Generate OpenAPI specifications without code instrumentation or modifying existing workloads (seamless documentation)

Solution:
Capture all API traffic in an existing environment using multiple traffic sources
Construct an OpenAPI specification by observing API traffic or upload a reference OpenAPI spec
Review, modify and approve automatically generated OpenAPI specs
Alert on any differences between the approved API specification and the API calls observed at runtime; detects shadow & zombie APIs
UI dashboard to audit and monitor the findings

https://github.com/openclarity/apiclarity

@HackGit Открыть/Комментировать

2022-06-23 16:16:01 ​​OpenAPI fuzzer

Black-box fuzzer that fuzzes APIs based on OpenAPI specification. All you need to do is to supply URL of the API and its specification. Find bugs for free!

https://github.com/matusf/openapi-fuzzer

@HackGit Открыть/Комментировать

2022-06-23 16:16:00 ​​brutas

Wordlists and passwords handcrafted with

A pretty comprehensive set of password dictionaries and wordlists designed for quick wins in red teaming scenarios or general blackbox pentesting.

https://github.com/tasooshi/brutas

@HackGit Открыть/Комментировать

2022-06-23 11:11:04 ​​Recon Hunter

A tool to map the attack surface discovery of any target.

Features:
Sub-Domains Passive Scraping
Sub-Domains Brute Force
Sub-Domains Wildcard Removal
Sub-Domains Spidering
Sub-Domains Takeover
IPs Enumeration using Censys
Port Scanning
Websites' Screenshots
Directories & Files Brute Force
Internet Archive
AWS S3 Buckets
Github Leaked Secrets

https://github.com/hassan0x/ReconHunter

@HackGit Открыть/Комментировать