image
IDAPython plugin that synchronizes decompiled and disassembled code views. Please refer to comments in the source code for more details. Requires 7.2 Download…

image
An SAP enumeration and exploitation toolkit using SAP RFC calls This is a toolkit for demonstrating the impact of compromised service accounts. This PoC is not for use in production environments, no guarantee of stability or support. RFCpwn relies on the pyrfc and the libraries provided by SAP in: https://github.com/SAP/PyRFC#installation usage: RFCpwn.py [-h] [-debug] [-ip IP] [-u Username] [-p Password] [-c Client] [-s Sysid] [-ping] [-enum] [-usercopy] [-user USER] [-copy COPY] [-pw PW] [-dump] [-exp] An [Impacket](<https://www.kitploit.com/search/label/Impacket> "Impacket" ) style enumeration and exploitation tool using SAP RFC calls optional arguments: -h, –help show this help message and exit -debug Turn DEBUG output ON Authentication: -ip IP <targetName or address> -u Username RFC Users Username -p Password RFC Users Password -c Client Client- eg.000 -s Sysid System Number- eg 00 -ping RFC Ping Command User Abuse: -enum Use to enumerate a specific user -usercopy add a Dialog User -user USER Required for -usercopy and -userenum to specify the user -copy COPY User to be copied required for -usercopy -pw PW password of new user for -usercopy Hash Collection: -dump Dump hashes use with below -exp EXPERIMENTAL – Dump BCODE / PASSCODE hashes Examples Ping – confirm connectivity ./RFCpwn.py -ip 192.168.200.253…

image
Lesser Known Web Attack Lab is for intermediate pentester that can test and practice lesser known web attacks such as Object Injection, XSSI, PHAR Deserialization, variables variable ..etc. Write-ups are welcome. Installation Just clone the git with git clone https://github.com/weev3/LKWA and move it to your web server and you are good to go. Current Vulns Blind RCE XSSI PHAR Deserialization PHP Object Injection PHP Object Injection via Cookies PHP Object Injection (Object Reference) SSRF Variables variable Download…

image
MultiScanner is a file analysis framework that assists the user in evaluating a set of files by automatically running a suite of tools for the user and aggregating the output. Tools can be custom built Python scripts, web APIs, software running on another machine, etc. Tools are incorporated by creating modules that run in the MultiScanner framework. Modules are designed to be quickly written and easily incorporated into the framework. Currently written and maintained modules are related to malware analytics, but the framework is not limited to that scope. For a list of modules you can look in modules/ . Descriptions and config options can be found on the Analysis Modules page. MultiScanner also supports a distributed workflow for sample storage, analysis, and report viewing. This functionality includes a web interface, a REST API, a distributed file system (GlusterFS), distributed report storage / searching (Elasticsearch), and distributed task management (Celery / RabbitMQ). Please see Architecture for more details. Usage MultiScanner can be used as a command-line interface, a Python API, or a distributed system with a web interface. See the documentation for more detailed information on installation and usage . Command-Line Install Python (2.7 or 3.4+) if you haven't already. Then run the following (substituting the actual file you want to scan for <file> ): $ git clone https://github.com/mitre/multiscanner.git $ cd multiscanner $ sudo…

image
Complete Automated pentest framework for Servers, Application Layer to Web Security Interface Software have 62 Options with full automation and can be use for web security swiss knife Tishna Tishna is Web Server Security Penetration Software for Ultimate Security Analaysis Kali, Parrot OS, Black Arch, Termux, Android Led TV Appeared Cyber Space (Computer Security) Terror Security (Computer Security) National Cyber Security Services Brief Introduction Tishna is useful in Banks, Private Organisations and Ethical hacker personnel for legal auditing. It serves as a defense method to find as much as information possible for gaining unauthorised access and intrusion. With the emergence of more advanced technology, cybercriminals have also found more ways to get into the system of many organizations. Tishna software can audit, servers and web behaviour. Tishna can perform Scanning & Enumeration as much as possible of target. It’s first step to stop cyber criminals by securing your Servers and Web Application Security. Tishna is false positive free, when there is something it will show no matter what, if it is not, it will give blank results rather error. Kali Installation git clone https://github.com/haroonawanofficial/Tishna.git cd Tishna sudo chmod u+x *.sh ./Kali_Installer.sh Tishna will integrate as system software Dependencies will be handled automatically Third party software(s)/dependencies/modules…

image
AWS Report is a tool for analyzing amazon resources. Features Search iam users based on creation date Search buckets public Search security group with inbound rule for 0.0.0.0/0 Search elastic ip dissociated Search volumes available Search AMIs with permission public Search internet gateways detached Install requirements pip3 install –user -r requirements.txt Enviroment variables IAM_MAX_ACCESS_KEY_AGE default is 60 days. Usage Usage: aws_report.py [OPTIONS] Options: –s3 Search buckets public in s3 –iam Search iam users based on creation date –sg Search security groups with inbound rule 0.0.0.0 –elasticip Search elastic IP not associated –volumes Search volumes available –ami Search AMIs with permission public –owner TEXT Defines the owner of the resources to be found –igw Search internet gateways detached –region TEXT Defines the region of resources –help Show this message and exit. Examples python3 aws_report.py –s3 python3 aws_report.py –iam python3 aws_report.py –owner 296193067842 –ami Running in Docker docker run -it -e AWS_ACCESS_KEY_ID=you-access-key -e AWS_SECRET_ACCESS_KEY=you-secret-key gmdutra/aws-report –s3 Contact [+]Email [email protected] [+]Linkedin linkedin.com/in/gmdutra [+]Twitter twitter.com/gmdutrax Download…

image
About WindowsFirewallRuleset Windows firewall rulles organized into individual powershell scripts according to: Rule group Traffic direction IP version (IPv4 / IPv6) Further sorted according to programs and services such as for example: ICMP traffic Browser rules rules for Windows system Store apps Windows services Microsoft programs 3rd party programs broadcast traffic multicast traffic and the list goes on… You can choose which rulles you want, and apply only those or apply them all with single command to your firewall. All the rules are loaded into Local group policy giving you full power over default windows firewall. This project "WindowsFirewallRuleset" is licensed under MIT license. Subproject Indented.Net.IP (3rd party code) located in "Indented.Net.IP" subfolder is licensed under ISC license. Subproject VSSetup (3rd party code) located in "VSSetup" subfolder is licensed under MIT license. License, Copyright notices and all material of subprojects is in their own folder. License and Copyright notices for this project is in project root folder For more info see respective licences: WindowsFirewallRulesetLICENSE Indented.Net.IPLICENSE VSSetupLICENSE.txt Minimum system requirements Windows 10 Pro/Enterprise Windows Powershell 5.1 Download Powershell Git (Optional) Download Git Note that Powershell is built into Windows by default, you will probably need to install it or update on some old…

image
A security toolkit for Amazon S3 Another day, another leaky Amazon S3 bucket — The Register, 12 Jul 2017 Don’t be the … next … big … data … leak Battle-tested at Instacart Installation Run: pip install s3tk You can use the AWS CLI to set up your AWS credentials: pip install awscli aws configure See IAM policies needed for each command. Commands Scan Scan your buckets for: ACL open to public policy open to public logging enabled versioning enabled default encryption enabled s3tk scan Only run on specific buckets s3tk [scan](<https://www.kitploit.com/search/label/Scan> "scan" ) my-bucket my-bucket-2 Also works with wildcards s3tk scan "my-bucket*" Confirm correct log bucket(s) and prefix s3tk scan –log-bucket my-s3-logs –log-bucket other-region-logs –log-prefix "{bucket}/" Skip logging, versioning, or default encryption s3tk scan –skip-logging –skip-versioning –skip-default-encryption Get email notifications of failures (via SNS) s3tk scan –sns-topic arn:aws:sns:… List Policy List bucket policies s3tk list-policy Only run on specific buckets s3tk list-policy my-bucket my-bucket-2 Show named statements s3tk list-policy –named Set Policy Note: This replaces the previous policy Only private uploads s3tk set-policy my-bucket –no-object-acl Delete Policy Delete policy s3tk delete-policy my-bucket Enable Logging Enable logging on all…

image
SysWhispers helps with evasion by generating header/ASM files implants can use to make direct system calls. All core syscalls are supported from Windows XP to 10. Example generated files available in example-output/ . Introduction Various security products place hooks in user-mode APIs which allow them to redirect execution flow to their engines and detect for suspicious behaviour. The functions in ntdll.dll that make the syscalls consist of just a few assembly instructions, so re-implementing them in your own implant can bypass the triggering of those security product hooks. This technique was popularized by @Cn33liz and his blog post has more technical details worth reading. SysWhispers provides red teamers the ability to generate header/ASM pairs for any system call in the core kernel image ( ntoskrnl.exe ) across any Windows version starting from XP. The headers will also include the necessary type definitions. The main implementation difference between this and the Dumpert POC is that this doesn't call RtlGetVersion to query the OS version, but instead does this in the assembly by querying the PEB directly. The benefit is being able to call one function that supports multiple Windows versions instead of calling multiple functions each supporting one version. Installation > git clone https://github.com/jthuraisamy/SysWhispers.git > cd SysWhispers > pip3 install -r .requirements.txt > py .syswhispers.py –help Usage and Examples …

image
Ultimate Internet of Things/Industrial Control Systems reconnaissance tool. Powered by Shodan – Supported by Binary Edge & WhoisXMLAPI writeup – https://medium.com/@woj_ciech/hack-the-planet-with-%EA%93%98amerka-gui-ultimate-internet-of-things-industrial-control-systems-5ff7d9686b29 Demo – https://woj-ciech.github.io/kamerka-demo/kamerka.html Requirements beautiful soup python3 django pynmea2 celery redis Shodan BinaryEdge WHOISXMLAPI Flickr Google Maps API pip3 install -r requirements.txt Make sure your API keys are correct and put them in keys.json in main directory. Run python3 manage.py makemigrations python3 manage.py migrate python3 manage.py runserver In a new window (in main directory) run celery worker celery worker -A [ kamerka ](<https://www.kitploit.com/search/label/Kamerka> "kamerka" ) –loglevel=info In a new window fire up redis redis-server And server should be available on https://localhost:8000/ Search Search for Industrial Control Devices in specific country "All results" checkbox means get all results from Shodan, if it's turned off – only first page (100) results will be downloaded. "Own database" checkbox does not work but shows that is possible to integrate your own geolocation database. Let me know if you have access to better than Shodan's default one. Search for Internet of things in specific coordinates Type your coordinates in format "lat,lon", hardcoded radius is…