GTFOcli it's a Command Line Interface for easy binaries search commands that can be used to bypass local security restrictions in misconfigured systems. Installation Using go: go install github.com/cmd-tools/gtfocli@latest Using homebrew: brew tap cmd-tools/homebrew-tapbrew install gtfocli Using docker: docker pull cmdtoolsowner/gtfocli Usage Search for unix binaries Search for binary tar: gtfocli search tar Search for binary tar from stdin: echo "tar" | gtfocli search Search for binaries located into file; cat myBinaryList.txt/bin/bash/bin/shtararp/bin/tailgtfocli search -f myB ..read more

Remote adminitration tool for android Features Notifications listener SMS listener Phone call recording Image capturing and screenshots Persistence Read & write contacts List installed applications Download & upload files Get device location Installation Clone repository console git clone https://github.com/Tomiwa-Ot/moukthar.git Move server files to /var/www/html/ and install dependencies console mv moukthar/Server/* /var/www/html/ cd /var/www/html/c2-server composer install cd /var/www/html/web\ socket/ composer install The default credentials are username: android and passwo ..read more

LeakSearch is a simple tool to search and parse plain text passwords using ProxyNova COMB (Combination Of Many Breaches) over the Internet. You can define a custom proxy and you can also use your own password file, to search using different keywords: such as user, domain or password. In addition, you can define how many results you want to display on the terminal and export them as JSON or TXT files. Due to the simplicity of the code, it is very easy to add new sources, so more providers will be added in the future. Requirements Python 3 Install requirements Download It is recommended t ..read more

BackdoorSim is a remote administration and monitoring tool designed for educational and testing purposes. It consists of two main components: ControlServer and BackdoorClient. The server controls the client, allowing for various operations like file transfer, system monitoring, and more. Disclaimer This tool is intended for educational purposes only. Misuse of this software can violate privacy and security policies. The developers are not responsible for any misuse or damage caused by this software. Always ensure you have permission to use this tool in your intended environment. Features ..read more

Exploitation and scanning tool specifically designed for Jenkins versions <= 2.441 & <= LTS 2.426.2. It leverages CVE-2024-23897 to assess and exploit vulnerabilities in Jenkins instances. Usage Ensure you have the necessary permissions to scan and exploit the target systems. Use this tool responsibly and ethically. python CVE-2024-23897.py -t <target> -p <port> -f <file> or python CVE-2024-23897.py -i <input_file> -f <file> Parameters: - -t or --target: Specify the target IP(s). Supports single IP, IP range, comma-separated list, or CIDR block ..read more

Introduction  This tool is made to automate the process of retrieving secrets in the public APIs on [swaggerHub](https://app.swaggerhub.com/search). This tool is multithreaded and pipe mode is available :)  Requirements   - python3 (sudo apt install python3) - pip3 (sudo apt install python3-pip) ## Installation pip3 install swaggerhole or cloning this repository and running git clone https://github.com/Liodeus/swaggerHole.gitpip3 install . Usage _____ _ __ ____ _ ____ _ ____ _ ___ _____ / ___/| | /| / // __ `// __ `// __ `// _ \ / ___/ (__ ..read more

RepoReaper is a precision tool designed to automate the identification of exposed .git repositories across a list of domains and subdomains. By processing a user-provided text file with domain names, RepoReaper systematically checks each for publicly accessible .git files. This enables rapid assessment and protection against information leaks, making RepoReaper an essential resource for security teams and web developers. Features Automated scanning of domains and subdomains for exposed .git repositories. Streamlines the detection of sensitive data exposures. User-friendly command-line inte ..read more

SploitScan is a powerful and user-friendly tool designed to streamline the process of identifying exploits for known vulnerabilities and their respective exploitation probability. Empowering cybersecurity professionals with the capability to swiftly identify and apply known and test exploits. It's particularly valuable for professionals seeking to enhance their security measures or develop robust detection strategies against emerging threats. Features CVE Information Retrieval: Fetches CVE details from the National Vulnerability Database. EPSS Integration: Includes Exploit Prediction Sco ..read more

SwaggerSpy is a tool designed for automated Open Source Intelligence (OSINT) on SwaggerHub. This project aims to streamline the process of gathering intelligence from APIs documented on SwaggerHub, providing valuable insights for security researchers, developers, and IT professionals. What is Swagger? Swagger is an open-source framework that allows developers to design, build, document, and consume RESTful web services. It simplifies API development by providing a standard way to describe REST APIs using a JSON or YAML format. Swagger enables developers to create interactive documentation ..read more

In the encrypted depths of Telegram, far beyond the scrutiny of average netizens, lies a network pulsating with the lifeblood of the hacking elite. This isn’t your run-of-the-mill tutorial or a hacker’s 101 guide. This post is a deep dive into the abyss, mapping the veins of active and dormant channels that are the backbone of cyber threat intelligence and underground hacking operations. The channels we’re dissecting today are not just communication lines; they are the hidden layers of the onion, each peel revealing more about the dark arts of digital dominance. From active dens where rea ..read more