Displaying 1 to 20 from 23 results

EggShell - iOS/macOS/Linux Remote Administration Tool

  •    Objective-C

EggShell is a post exploitation surveillance tool written in Python. It gives you a command line session with extra functionality between you and a target machine. EggShell gives you the power and convenience of uploading/downloading files, tab completion, taking pictures, location tracking, shell command execution, persistence, escalating privileges, password retrieval, and much more. This is project is a proof of concept, intended for use on machines you own. Eggshell payloads are executed on the target machine. The payload first sends over instructions for getting and sending back device details to our server and then chooses the appropriate executable to establish a secure remote control session.

MISP - MISP (core software) - Open Source Threat Intelligence Platform (formely known as Malware Information Sharing Platform)

  •    PHP

MISP, is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threat about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reverser to support their day-to-day operations to share structured informations efficiently. The objective of MISP is to foster the sharing of structured information within the security community and abroad. MISP provides functionalities to support the exchange of information but also the consumption of the information by Network Intrusion Detection System (NIDS), LIDS but also log analysis tools, SIEMs.

DetectionLab - Vagrant & Packer scripts to build a lab environment complete with security tooling and logging best practices

  •    HTML

This lab has been designed with defenders in mind. Its primary purpose is to allow the user to quickly build a Windows domain that comes pre-loaded with security tooling and some best practices when it comes to system logging configurations. It can easily be modified to fit most needs or expanded to include additional hosts.NOTE: This lab has not been hardened in any way and runs with default vagrant credentials. Please do not connect or bridge it to any networks you care about. This lab is deliberately designed to be insecure; the primary purpose of it is to provide visibility and introspection into each host.




AIL-framework - AIL framework - Analysis Information Leak framework

  •    Python

AIL is a modular framework to analyse potential information leaks from unstructured data sources like pastes from Pastebin or similar services or unstructured data streams. AIL framework is flexible and can be extended to support other functionalities to mine or process sensitive information. The default installing_deps.sh is for Debian and Ubuntu based distributions. For Arch linux based distributions, you can replace it with installing_deps_archlinux.sh.

WebDeveloperSecurityChecklist - A checklist of important security issues you should consider when creating a web application

  •    

A checklist of important security issues you should consider when creating a web application. This checklist has been reproduced verbatim from Michael O' Brien's blog post by the same name.

vagrant-ids - An Ubuntu 16.04 build containing Suricata, PulledPork, Bro, and Splunk

  •    Shell

Suricata is configured to startup using the sole "ens32" interface. Rules are stored in /etc/suricata/rules.After installation, Suricata will perform two curl commands to ensure that the detection engine and logging are functioning properly. However, please note that the vagrant build will continue even if the tests fail.


drek - A static-code-analysis tool for performing security-focused code reviews

  •    HTML

drek is a static-code-analysis tool that can be used to perform security-focused code reviews. It enables an auditor to swiftly map the attack-surface of a large application, with an emphasis on identifying development anti-patterns and footguns. Much like grep, drek scans a codebase for user-defined regular-expressions. Unlike grep, drek outputs its results into an ergonomic html report that allows for sorting, filtering, and annotating of points-of-interest.

novahot - A webshell framework for penetration testers.

  •    Javascript

novahot is a webshell framework for penetration testers. It implements a JSON-based API that can communicate with trojans written in any language. By default, it ships with trojans written in PHP, ruby, and python. Beyond executing system commands, novahot is able to emulate interactive terminals, including mysql, sqlite3, and psql. It additionally implements "virtual commands" that make it possible to upload, download, edit, and view remote files locallly using your preferred applications.

lookyloo - Lookyloo is a web interface allowing to scrape a website and then displays a tree of domains calling each other

  •    Javascript

Lookyloo is a web interface allowing to scrape a website and then displays a tree of domains calling each other. This code is very heavily inspired by webplugin and adapted to use flask as backend.

potiron - Potiron - Normalize, Index and Visualize Network Capture

  •    Python

potiron is a tool to analyze a series of network capture (pcap) files, parse these with standard tools and normalize it in JSON format. Then the JSON format is imported into a Redis database to visualize the normalized information. The current version potiron supports ipsumdump and tshark.

Information_Security_Handbook

  •    TeX

Download the latest release at https://github.com/davidbailey/Information_Security_Handbook/releases/latest/.

osquery-configuration - A repository for using osquery for incident detection and response

  •    

This repository is the companion to the osquery Across the Enterprise blog post. The goal of this project is to provide a baseline template for any organization considering a deployment of osquery in a production environment. It is our belief that queries which are likely to have a high level of utility for a large percentage of users should be committed directly to the osquery project, which is exactly what we have done with our unwanted-chrome-extensions query pack and additions to the windows-attacks pack.

netpwn - Tool made to automate tasks of pentesting.

  •    Python

Modules reverse_shell - Creates a reverse shell with python to connect to a specific machine of your choice. send_file - Allows you to send a file to target server. php_backdoor - Generates a simple backdoor in php upload to web server ?cmd= to execute commands. hash_check - Paste a hash to see what type of hash it is. base64_converter - Paste base64 to decode or ascii to encode it knows which you want. address_info - Gives you your ipv4, ipv6, and public Ip address based upon a interface. hex_converter - Paste some ascii to encode or hex to decode it knows which you want. page_contents - Get the raw HTML of a given web page. password_checker - Check the strength of a given password. fake_identity - Creates a fake name with SSN, address, credit card number, etc. web_spider - Crawls a given URL for links. ssl_cert - Gets the cert information of a given web site and its public key. bash - Execute bash commands without exiting out of netpwn. whois - Performs whois on a given URL. crypto - Encrypts or decrypts a file with AES. no_endian - Removes endianness on DWORDS. rot13_converter - Encodes/decodes rot13. url_converter - Url encoded and decodes string. html_converter - Html enconded and decodes string. Resources cheat_sheet - Pentest monkey reverse shell cheat sheet opcodes - Prints out all x86 OpCodes. useful_links - Links to blogs, youtube channels, and other resources that offer good information about various topics that gives you the opportunity to learn more about the infosec field.

shodanz - 🔭 A modern Ruby gem for Shodan, the world's first search engine for Internet-connected devices

  •    Ruby

A modern Ruby gem for Shodan, the world's first search engine for Internet-connected devices. You can also set the SHODAN_API_KEY environment variable instead of passing the API key as an argument when creating a client.

docker-misp - Automated Docker MISP container - Malware Information Sharing Platform and Threat Sharing

  •    Dockerfile

Following the Official MISP Ubuntu 18.04 LTS build instructions. We follow the official MISP installation steps everywhere possible, while adding automation around tedious manual steps and configurations.