image
CodeCat is a open source tool to help you in codereview, to find/track sinks and this points follow regex rules… How too install, step by step: Go to CodeCat directory, install backend and frontend libs: $ cd Front $ sudo python3 -m pip install -r requirements.txt $ cd .. $ cd Backend $ sudo python3 -m pip install -r requirements.txt Run backend and frontend… $ cd Codecat $ cd Frontend; python3 wsgi.py & $ cd .. $ cd Backend; python3 wsgi.py & Next step you need save your user to login: $ curl -i -X POST -H "Content-Type: application/json" -d ‘{"email":"[email protected]","username":"admin","password":"rubrik123"}' https://127.0.0.1:5001/api/users -k This end point /api/users, run only one time in first deploy, if you try to send request again to insert user, the endpoint return 404… is for security. Go to this following " https://127.0.0.1:9093/front/auth/ ". Now you can enter in this system auth, use login "admin", pass "rubrik123". _ Note About TLS: _ You can configure and load your TLS cert in "wsgi.py". How you can use it ? Please study the doc. https://github.com/CoolerVoid/codecat/blob/master/doc/raptor.pdf Developed by: github.com/CoolerVoid Antonio Costa – [email protected] Download…

image
A small linux information collection script is mainly used for emergency response. It can be used under Debian or Centos. Features CPU TOP10, memory TOP10 CPU usage boot time Hard disk space information User information, passwd information Environmental variable detection Service list System program changes (debsums -e and rpm -va) Network traffic statistics Network connection, listening port Open port Routing table information Route forwarding ARP DNS Server SSH login information SSH login IP iptables information SSH key detection SSH burst IP Crontab detection Crontab backdoor detection Find common configuration files Find common software Audit history files Querying HOSTS files lsmod exception kernel module Anomaly file detection (nc, tunnel, proxy common hacker tools) Large file detection (some large files packaged) Free space, hard disk mount Open port LD_PRELOAD detection LD_LIBRARY_PATH ld.so.preload NIC promiscuous mode Most used software Change the file mtime in the last 7 days Change the file ctime in the last 7 days View SUID file Find: hidden files Find sensitive files (nc, nmap, tunnel) alias LSOF -L1 SSHD Find bash bounce shell php webshell scan jsp webshell scan asp / aspx webshell scan Detection of mining process rkhunter scan Usage Networking status: apt-get install silversearcher-ag yum -y install the_silver_searcher Offline status: Debian:dpkg -i…

image
aSYNcrone is a SYN Flood DDoS Attack Tool! Usage: git clone https://github.com/fatih4842/aSYNcrone.git cd aSYNcrone gcc aSYNcrone.c -o aSYNcrone ./aSYNcrone <source IP> <source port> <destination IP> <destination port> Download…

image
Burp Suite extension to discover a apikey/tokens from HTTP response. Install download SecretFinder wget https://raw.githubusercontent.com/m4ll0k/BurpSuite-Secret_Finder/master/SecretFinder.py or git clone https://github.com/m4ll0k/BurpSuite-Secret_Finder.git now open Burp > Extender > Extensions > Add > set python and select file (SecretFinder.py) Requirements jython burpsuite Download…

image
Nessus XML Praser Requirements Python3 Django Tested on Ubuntu 18.04 What it does Vulnerability based parsing Service based parsing Host bases parsing Unsupported OS parsing Generate Executive Summary of scan Export parsed .nessus(s) to JSON file(s) Import JSON file in Nessus_Map How it works Create XML directory in Nessus_Map home directory and place all .nessus files under XML directory and start server. How to Setup Clone this repo git clone https://github.com/d3vilbug/Nessus_Map.git Change directory cd Nessus_Map Copy all .nessus files in XML directory Start server with python3 manage.py runserver Vulnerability Parsing Host Parsing Services Parsing Executive Reoprt Export parsed .nessus(s) to JSON file(s) Import JSON file in Nessus_Map Download…

image
Sooty is a tool developed with the task of aiding SOC analysts with automating part of their workflow. One of the goals of Sooty is to perform as much of the routines checks as possible, allowing the analyst more time to spend on deeper analysis within the same time-frame. Sooty is now proudly supported by Tines.io ! The SOAR Platform for Enterprise Security Teams. Sooty can Currently: Sanitise URL's to be safe to send in emails Perform reverse DNS and DNS lookups Perform reputation checks from: VirusTotal BadIP's Abuse IPDB Check if an IP address is a TOR exit node Decode Proofpoint URL's, UTF-8 encoded URLS, Office SafeLink URL's and Base64 Strings Get file hashes and compare them against VirusTotal (see requirements) Perform WhoIs Lookups Check Usernames and Emails against HaveIBeenPwned to see if a breach has occurred. (see requirements) Simple analysis of emails to retrieve URL's, emails and header information. Extract IP addresses from emails. Unshorten URL's that have been shortened by external services. (Limited to 10 requests per hour) Query URLScan.io for reputation reports. Analyze email addresses for known malicious activity and report on domain reputation utilising EmailRep.io Create dynamic email templates that can be used as a base for phishing triage response.(.msg only, .eml coming in future update) Requirements Python 3.x Install all dependencies from the requirements.txt file. pip install -r…

image
CAPE is a malware sandbox. It is derived from Cuckoo and is designed to automate the process of malware analysis with the goal of extracting payloads and configuration from malware. This allows CAPE to detect malware based on payload signatures, as well as automating many of the goals of malware reverse engineering and threat intelligence. There is a community version online which is free for anyone to try: https://cape.contextis.com/submit CAPE can detect a number of malware techniques or behaviours, as well as specific malware families, from its initial run on a sample. This detection may then trigger a further run with a specific package, in order to extract the malware payload and possibly its configuration, for further analysis. CAPE works by controlling malware via a bespoke debugger and API hooks. Detection to trigger a CAPE package can be based on API or Yara signatures. The debugger uses Yara signatures or API hooks to allow breakpoints to be set on individual instructions, memory regions or function calls. Once a region of interest is reached, it can be manipulated and dumped for processing and analysis, and possibly configuration parsing. The techniques or behaviours that CAPE detects and has packages for include: Process injection Shellcode injection DLL injection Process Hollowing Process Doppelganging Decompression of executable modules in memory Extraction of executable modules or shellcode in memory Packages for these…

image
ANDRAX is a Penetration Testing platform developed specifically for Android smartphones, ANDRAX has the ability to run natively on Android so it behaves like a common Linux distribution, But more powerful than a common distribution! The development of ANDRAX began on 08/09/2016 (DD/MM/YYYY) only for people in Brazil ANDRAX has been fully redefined and reloaded on 05/10/2018 (DD/MM/YYYY) open to the international public. ANDRAX enable to all Android device with root access enabled and a good unlocked rom become a weapon for advanced Penetration Testing. Why is Android so powerful? Simple, everyone has a smartphone and spends all the time with it! We have the possibility to camouflage easily in the middle of everyone, the processor architecture of most Android smartphones is ARM a modern and robust architecture extremely superior to the rest, With touch screens we can run the tools with great agility and take advantage of the graphical interface of Android, we can get in almost anywhere with our smartphones… In technical terms, ANDRAX and NetHunter should never be compared, ANDRAX is a penetration testing platform for Android smartphones and NetHunter is just a Debian emulator running with chroot. Termux is not our enemy, Termux is an application that allows installation of many Linux packages using a Debian environment running natively on Android. ANDRAX and Termux have a similar development, ANDRAX and Termux share many libs and GNU/Linux resources. …

image
Documentation https://docs.rs/goblin/ changelog Usage Goblin requires rustc 1.31.1. Add to your Cargo.toml [dependencies] goblin = "0.1" Features awesome crate name zero-copy, cross-platform, endian-aware, ELF64/32 implementation – wow! zero-copy, cross-platform, endian-aware, 32/64 bit Mach-o parser – zoiks! PE 32/64-bit parser – bing! a Unix _ and _ BSD style archive parser (latter courtesy of @willglynn ) – huzzah! many cfg options – it will make your head spin, and make you angry when reading the source! fuzzed – "I am happy to report that goblin withstood 100 million fuzzing runs, 1 million runs each for seed 1~100." – @sanxiyn tests libgoblin aims to be your one-stop shop for binary parsing, loading, and analysis. Use-cases Goblin primarily supports the following important use cases: Core, std-free #[repr(C)] structs, tiny compile time, 32/64 (or both) at your leisure. Type punning. Define a function once on a type, but have it work on 32 or 64-bit variants – without really changing anything, and no macros! See examples/automagic.rs for a basic example. std mode. This throws in read and write impls via Pread and Pwrite , reading from file, convenience allocations, extra methods, etc. This is for clients who can allocate and want to read binaries off disk. Endian_fd . A truly terrible name  this is for binary analysis like in panopticon or falcon which needs to read binaries of foreign…

image
_ Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments. _ Quick reference Where to get help : the Pacu/CloudGoat/CCAT Community Slack , or Stack Overflow Where to file issues : https://github.com/RhinoSecurityLabs/ccat/issues Maintained by : the Rhino Assessment Team Requirements Python 3.5+ is required. Docker is required. Note: CCAT is tested with Docker Engine 19.03.1 version. Named profile is required for using AWS functionality. A service account or access token is required for using GCP functionality. Installation We recommend using the provided Docker image to run CCAT, so that you will not face any difficulty with the required dependencies on your own system. Install CCAT from source $ git clone https://github.com/RhinoSecurityLabs/ccat.git $ cd ccat $ python3 setup.py install $ python3 ccat.py Use CCAT's Docker Image Warning: Running this command will mount your local AWS configuration files into the Docker container when it is launched. This means that any user with access to the container will have access to your host computer's AWS credentials. Warning: Running this command will mount your local Unix socket that Docker daemon listens on by default into the Docker container when it is launched. This means that users with access to the container will have access to your Docker daemon, meaning they could escape to your host computer with ease. $…