AWS Security tools Bunch of scripts for AWS Pentest lambda/lambda_dumper.py – Script to Dump AWS Lambda functions lambda/lambda_backdoor.py – Backdoor AWS users iam/iam_user_enum – Bruteforce IAM usernames iam/assume_role_enum – Enumerate and Assume IAM Roles for privilege escalation eks/k8s_secrets_dumper.py – Kubernetes Secrets Dumper eks/pod_to_node_escape – Escape form k8s pod to the underlying container Read more…
XSStrike is a python which can fuzz and bruteforce parameters for XSS. It can also detect and bypass WAFs. Installing XSStrike Use the following command to download it git clone https://github.com/UltimateHackers/XSStrike/ After downloading, navigate to XSStrike directory with the following command cd XSStrike Now install the required modules with the Read more…
Brutesploit BruteSploit is a collection of method for automated Generate, Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and can be used in CTF for manipulation,combine,transform and permutation some words or file text :p i wrote this just for fun and Read more…
Find hidden IP’s behind the CloudFlare network CloudFail is a tactical reconnaissance tool which aims to gather enough information about a target protected by CloudFlare in the hopes of discovering the location of the server. Using Tor to mask all requests, the tool as of right now has Read more…
Hydra v8.5 & v8.6 THC-Hydra is a very fast (multi-threaded) network logon cracker which supports many different services: afp, cisco, cisco-enable, cvs, firebird, ftp, http-get, http-head, http-proxy, https-get, https-head, https-form-get, https-form-post, icq, imap, imap-ntlm, ldap2, ldap3, mssql, mysql, ncp, nntp, oracle-listener, pcanywhere, pcnfs, pop3, pop3-ntlm, postgres, rexec, rlogin, rsh, sapr3, Read more…
Fluxion Hack WPA/WPA2 Security Without Brute Force Fluxion script has been available for a while and is most apt for security researchers and pentesters to test their network security by hacking WPA/WPA2 security without brute forcing it. Fluxion is based on another script called linset. Fluxion is not much different from Read more…
Finding open shares is useful to a penetration tester because there may be private files shared, or, if it’s writable, it could be a good place to drop a Trojan or to infect a file that’s already there. Knowing where the share is could make those kinds of tests more Read more…