RepoReaper - An Automated Tool Crafted To Meticulously Scan And Identify Exposed .Git Repositories Within Specified Domains And Their Subdomains
Offensive Sec 3.0
by
4d ago
RepoReaper is a precision tool designed to automate the identification of exposed .git repositories across a list of domains and subdomains. By processing a user-provided text file with domain names, RepoReaper systematically checks each for publicly accessible .git files. This enables rapid assessment and protection against information leaks, making RepoReaper an essential resource for security teams and web developers. Features Automated scanning of domains and subdomains for exposed .git repositories. Streamlines the detection of sensitive data exposures. User-friendly command-line inte ..read more
Visit website
SploitScan - A Sophisticated Cybersecurity Utility Designed To Provide Detailed Information On Vulnerabilities And Associated Proof-Of-Concept (PoC) Exploits
Offensive Sec 3.0
by
4d ago
SploitScan is a powerful and user-friendly tool designed to streamline the process of identifying exploits for known vulnerabilities and their respective exploitation probability. Empowering cybersecurity professionals with the capability to swiftly identify and apply known and test exploits. It's particularly valuable for professionals seeking to enhance their security measures or develop robust detection strategies against emerging threats. Features CVE Information Retrieval: Fetches CVE details from the National Vulnerability Database. EPSS Integration: Includes Exploit Prediction Sco ..read more
Visit website
SwaggerSpy - Automated OSINT On SwaggerHub
Offensive Sec 3.0
by
1w ago
SwaggerSpy is a tool designed for automated Open Source Intelligence (OSINT) on SwaggerHub. This project aims to streamline the process of gathering intelligence from APIs documented on SwaggerHub, providing valuable insights for security researchers, developers, and IT professionals. What is Swagger? Swagger is an open-source framework that allows developers to design, build, document, and consume RESTful web services. It simplifies API development by providing a standard way to describe REST APIs using a JSON or YAML format. Swagger enables developers to create interactive documentation ..read more
Visit website
Navigating Telegram’s Underworld: A Cipher for the Elite Hackers
Offensive Sec 3.0
by
1w ago
In the encrypted depths of Telegram, far beyond the scrutiny of average netizens, lies a network pulsating with the lifeblood of the hacking elite. This isn’t your run-of-the-mill tutorial or a hacker’s 101 guide. This post is a deep dive into the abyss, mapping the veins of active and dormant channels that are the backbone of cyber threat intelligence and underground hacking operations. The channels we’re dissecting today are not just communication lines; they are the hidden layers of the onion, each peel revealing more about the dark arts of digital dominance. From active dens where rea ..read more
Visit website
AzSubEnum - Azure Service Subdomain Enumeration
Offensive Sec 3.0
by
1w ago
AzSubEnum is a specialized subdomain enumeration tool tailored for Azure services. This tool is designed to meticulously search and identify subdomains associated with various Azure services. Through a combination of techniques and queries, AzSubEnum delves into the Azure domain structure, systematically probing and collecting subdomains related to a diverse range of Azure services. How it works? AzSubEnum operates by leveraging DNS resolution techniques and systematic permutation methods to unveil subdomains associated with Azure services such as Azure App Services, Storage Accounts, Azu ..read more
Visit website
NullSection - An Anti-Reversing Tool That Applies A Technique That Overwrites The Section Header With Nullbytes
Offensive Sec 3.0
by
1w ago
NullSection is an Anti-Reversing tool that applies a technique that overwrites the section header with nullbytes. Install git clone https://github.com/MatheuZSecurity/NullSectioncd NullSectiongcc nullsection.c -o nullsection./nullsection Advantage When running nullsection on any ELF, it could be .ko rootkit, after that if you use Ghidra/IDA to parse ELF functions, nothing will appear no function to parse in the decompiler for example, even if you run readelf -S / path /to/ elf the following message will appear "There are no sections in this file." Make good use of the tool! Note We a ..read more
Visit website
WEB-Wordlist-Generator - Creates Related Wordlists After Scanning Your Web Applications
Offensive Sec 3.0
by
1w ago
WEB-Wordlist-Generator scans your web applications and creates related wordlists to take preliminary countermeasures against cyber attacks. Done [x] Scan Static Files. [ ] Scan Metadata Of Public Documents (pdf,doc,xls,ppt,docx,pptx,xlsx etc.) [ ] Create a New Associated Wordlist with the Wordlist Given as a Parameter. Installation From Git git clone https://github.com/OsmanKandemir/web-wordlist-generator.gitcd web-wordlist-generator && pip3 install -r requirements.txtpython3 generator.py -d target-web.com From Dockerfile You can run this application on a container after bu ..read more
Visit website
CloudMiner - Execute Code Using Azure Automation Service Without Getting Charged
Offensive Sec 3.0
by
1w ago
Execute code within Azure Automation service without getting charged Description CloudMiner is a tool designed to get free computing power within Azure Automation service. The tool utilizes the upload module/package flow to execute code which is totally free to use. This tool is intended for educational and research purposes only and should be used responsibly and with proper authorization. This flow was reported to Microsoft on 3/23 which decided to not change the service behavior as it's considered as "by design". As for 3/9/23, this tool can still be used without getting charged. Eac ..read more
Visit website
BounceBack - Stealth Redirector For Your Red Team Operation Security
Offensive Sec 3.0
by
1w ago
BounceBack is a powerful, highly customizable and configurable reverse proxy with WAF functionality for hiding your C2/phishing/etc infrastructure from blue teams, sandboxes, scanners, etc. It uses real-time traffic analysis through various filters and their combinations to hide your tools from illegitimate visitors. The tool is distributed with preconfigured lists of blocked words, blocked and allowed IP addresses. For more information on tool usage, you may visit project's wiki. Features Highly configurable and customizable filters pipeline with boolean-based concatenation of rules will ..read more
Visit website
PurpleKeep - Providing Azure Pipelines To Create An Infrastructure And Run Atomic Tests
Offensive Sec 3.0
by
1w ago
With the rapidly increasing variety of attack techniques and a simultaneous rise in the number of detection rules offered by EDRs (Endpoint Detection and Response) and custom-created ones, the need for constant functional testing of detection rules has become evident. However, manually re-running these attacks and cross-referencing them with detection rules is a labor-intensive task which is worth automating. To address this challenge, I developed "PurpleKeep," an open-source initiative designed to facilitate the automated testing of detection rules. Leveraging the capabilities of the Atomi ..read more
Visit website

Follow Offensive Sec 3.0 on FeedSpot

Continue with Google
Continue with Apple
OR