Winpayloads - Undetectable Windows Payload Generation

•    Python

Undetectable Windows Payload Generation

sysmon-config - Sysmon configuration file template with default high-quality event tracing

This is a Microsoft Sysinternals Sysmon configuration file template with default high-quality event tracing. The file provided should function as a great starting point for system change monitoring in a self-contained package. This configuration and results should give you a good idea of what's possible for Sysmon. Note that this does not track things like authentication and other Windows events that are also vital for incident investigation.

FiercePhish - FiercePhish is a full-fledged phishing framework to manage all phishing engagements

•    PHP

FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more. The features will continue to be expanded and will include website spoofing, click tracking, and extensive notification options. This project is my own and is not a representation of my employer's views. It is my own side project and released by me alone.

Gorsair - Gorsair hacks its way into remote docker containers that expose their APIs.

•    Go

Gorsair is a penetration testing tool for discovering and remotely accessing Docker APIs from vulnerable Docker containers. Once it has access to the docker daemon, you can use Gorsair to directly execute commands on remote containers. Exposing the docker API on the internet is a tremendous risk, as it can let malicious agents get information on all of the other containers, images and system, as well as potentially getting privileged access to the whole system if the image uses the root user.

evebox - Web Based Event Viewer (GUI) for Suricata EVE Events in Elastic Search

•    Go

EveBox is a web based Suricata "eve" event viewer for Elastic Search. And one of...

nmap - Idiomatic nmap bindings for go developers

•    Go

This library aims at providing idiomatic nmap bindings for go developers, in order to make it easier to write security audit tools using golang. Nmap (Network Mapper) is a free and open-source network scanner created by Gordon Lyon. Nmap is used to discover hosts and services on a computer network by sending packets and analyzing the responses.

ReflectiveLdr - Position-idependent Windows DLL loader based on ReflectiveDLL project.

•    C++

This is a position-independent windows DLL/EXE loader based on original ReflectiveDLLInjection project.

tincan-tls - A cleanroom implementation of TLS 1.3

•    Go

This is a soup-to-nuts implementation of TLS 1.3 created by staring at documents for hours until code came out. The single goal was to establish a valid TLS session by any means possible and trick servers into talking to me. This code is crude and lumpy and ugly. This is intentional and should serve as a warning to others: this code is not usable for real work. In particular the crypto code is slow and full of timing side-channels. Any attempts to clean things up will be viewed as an attempt to trick someone else into using this code and will be rejected.

fever - fast, extensible, versatile event router for Suricata's EVE-JSON format

•    Go

The Fast, Extensible, Versatile Event Router (FEVER) is a tool for fast processing of events from Suricata's JSON EVE output. What is meant by 'processing' is defined by a number of modular components, for example facilitating fast ingestion into a database. Other processors implement collection, aggregation and forwarding of various metadata (e.g. aggregated and raw flows, passive DNS data, etc.) as well as performance metrics. It is meant to be used in front of (or as a replacement for) general-purpose log processors like Logstash to increase event throughput as observed on sensors that see a lot of traffic.

hawkeye - Hawkeye filesystem analysis tool

•    Go

HawkEye is a simple tool to crawl the filesystem or a directory looking for interesting stuff like SSH Keys, Log Files, Sqlite Database, password files, etc. Hawkeye uses a fast filesystem crawler to look through files recursively and then sends them for analysis in real time and presents the data in both json format and simple console output. The tool is built with a modular approach making it easy to use and easily extensible. It can be used during pentests as a privilege escalation tool to look through the filesystem finding configuration files or ssh keys sometimes left by the sys-admins.

h1-search - Tool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver

•    Go

We created this tool to fill out the need of gathering information on most common issues on particular HackerOne bounty programs. h1-search will connect to H1 and retrieve all the public disclosed reports on that specific program and display them in a local webserver. Beware that H1 has rate limit on GET requests so don't abuse it too much. The tool provides you the possibility of searching for specific attacks and direct link to the report. h1-search was developed by David Sopas @dsopas and Paulo Silva @pauloasilva_com.

goaltdns - A permutation generation tool written in golang

•    Go

GoAltdns is a permutation generation tool that can take a list of subdomains, permute them using a wordlist, insert indexes, numbers, dashes and increase your chance of finding that estoeric subdomain that no-one found during bug-bounty or pentest. It uses a number of techniques to accomplish this. It can allow for discovery of subdomains that conform to patterns. GoAltdns takes in words that could be present in subdomains under a domain (such as test, dev, staging) as well as takes in a list of subdomains that you know of. The tool itself is very simple and is built with golang concurrency providing it very quick execution times.