NEW TOOLSPython3BugbountyTASER

TASER – Python3 Resource Library For Creating Security Related Tooling

TASER (Testing And SEecurity Resource) is a Python resource library used to simplify the process of creating offensive security tooling, especially those relating to web or external assessments. It's modular design makes it easy for code to be customized and re-purposed in a variety of scenarios.Key features Easily invoke web spiders or search engine scrapers to aid in data collection. Supports rotating User-Agents and/or proxies, and custom headers per request to evade captchas. Implement concurrent web requests with threading or asyncio. Uses Python logging…

NEW TOOLSDecodeBugbountyTesting ToolsJWTJWT-Hack

JWT-Hack – Tool To En/Decoding JWT, Generate Payload For JWT Attack And Very Fast Cracking(Dict/Brutefoce)

jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)Installation go-get(dev version) $ go get -u homebrew $ brew tap hahwul/jwt-hack$ brew install jwt-hack snapcraft $ sudo snap install jwt-hack Usage d8p 8d8 d88 888888888 888 888 ,8b. doooooo 888 ,dP 88p 888,o.d88 '88d ______ 88888888 88'8o d88 888o8P' 88P 888P`Y8b8 '888 XXXXXX 88P 888 88PPY8. d88 888 Y8L88888' 88P YP8 '88p 88P 888 8b `Y' d888888 888 `8p-------------------------Hack the…

TUTORIALSCyber Forensics

Forensic Investigation: Shellbags

In this article, we will be focusing on shellbags and its forensic analysis using shellbag explorer. Shellbags are created to enhance the users’ experience by remembering user preferences while exploring folders, the information stored in shellbags is useful for forensic investigation. Table of Contents Introduction Location of shellbags Forensic analysis using Shellbags Explorer Active Registry... Continue reading → The post Forensic Investigation: Shellbags appeared first on Hacking Articles.

NEW TOOLSMacSHA1Python3BurpCommand LineCommandlineCygwinPyQt5Decoder-Plus-Plus

Decoder++ – An Extensible Application For Penetration Testers And Software Developers To Decode/Encode Data Into Various Formats

An extensible application for penetration testers and software developers to decode/encode data into various formats.Setup Decoder++ can be either installed by using pip or by pulling the source from this repository: # Install using pippip3 install decoder-plus-plus Overview This section provides you with an overview about the individual ways of interacting with Decoder++. For additional usage information check out the Advanced Usage section. Graphical User Interface If you prefer a graphical user interface to transform your data Decoder++ gives you two choices: a main-window-mode…

NEW TOOLSScanYaraVolatilityCobalt StrikeDLL InjectionScansCobaltStrikeCobaltStrikeScan

CobaltStrikeScan – Scan Files Or Process Memory For CobaltStrike Beacons And Parse Their Configuration

Scan files or process memory for Cobalt Strike beacons and parse their configuration. CobaltStrikeScan scans Windows process memory for evidence of DLL injection (classic or reflective injection) and performs a YARA scan on the target process' memory for Cobalt Strike v3 and v4 beacon signatures. Alternatively, CobaltStrikeScan can perform the same YARA scan on a file supplied by absolute or relative path as a command-line argument. If a Cobalt Strike beacon is detected in the file or process, the beacon's configuration will be parsed…

NEW TOOLSgolangThreat IntelligenceZoomVisibilityThreat DetectionNginxReactVisualizationManuka

Manuka – A Modular OSINT Honeypot For Blue Teamers

Manuka is an Open-source intelligence (OSINT) honeypot that monitors reconnaissance attempts by threat actors and generates actionable intelligence for Blue Teamers. It creates a simulated environment consisting of staged OSINT sources, such as social media profiles and leaked credentials, and tracks signs of adversary interest, closely aligning to MITRE’s PRE-ATT&CK framework. Manuka gives Blue Teams additional visibility of the pre-attack reconnaissance phase and generates early-warning signals for defenders. Although they vary in scale and sophistication, most traditional honeypots focus on networks. These honeypots uncover…

NEW TOOLSMachine LearningManipulationArtificial intelligenceCross PlatformPesidious

Pesidious – Malware Mutation Using Reinforcement Learning And Generative Adversarial Networks

Malware Mutation using Deep Reinforcement Learning and GANs The purpose of the tool is to use artificial intelligence to mutate a malware (PE32 only) sample to bypass AI powered classifiers while keeping its functionality intact. In the past, notable work has been done in this domain with researchers either looking at reinforcement learning or generative adversarial networks as their weapons of choice to modify the states of a malware executable in order to deceive anti-virus agents. Our solution makes use of a combination of…

HARDWARENEW TOOLSReverse EngineeringPython3FuzzSniffingFuzzerMan-in-the-MiddleHardware HackingUSB DevicesAutoGadgetFSSniffersUSB Hid

AutoGadgetFS – USB Testing Made Easy

What’s AutoGadgetFS ? AutoGadgetFS is an open source framework that allows users to assess USB devices and their associated hosts/drivers/software without an in-depth knowledge of the USB protocol. The tool is written in Python3 and utilizes RabbitMQ and WiFi access to enable researchers to conduct remote USB security assessments from anywhere around the globe. By leveraging ConfigFS, AutoGadgetFS allows users to clone and emulate devices quickly, eliminating the need to dig deep into the details of each implementation. The framework also allows users to…

NEW TOOLSScanPHPNodeJSGitCommand LineNodeMongoVulnerable AppsNoSQLi

NoSQLi – NoSql Injection CLI Tool

NoSQL scanner and injector. About Nosqli I wanted a better nosql injection tool that was simple to use, fully command line based, and configurable. To that end, I began work on nosqli - a simple nosql injection tool written in Go. It aims to be fast, accurate, and highly usable, with an easy to understand command line interface.Features Nosqli currently supports nosql injection detection for Mongodb. It runs the following tests: Error based - inject a variety of characters and payloads, searching responses for…