BackdoorSim is a remote administration and monitoring tool designed for educational and testing purposes. It consists of two main components: ControlServer and BackdoorClient. The server controls the client, allowing for various operations like file transfer, system monitoring, and more. Disclaimer This tool is intended for educational purposes only. Misuse of this software can violate privacy and security policies. The developers are not responsible for any misuse or damage caused by this software. Always ensure you have permission to use this tool in your intended environment. Features ..read more

Exploitation and scanning tool specifically designed for Jenkins versions <= 2.441 & <= LTS 2.426.2. It leverages CVE-2024-23897 to assess and exploit vulnerabilities in Jenkins instances. Usage Ensure you have the necessary permissions to scan and exploit the target systems. Use this tool responsibly and ethically. python CVE-2024-23897.py -t <target> -p <port> -f <file> or python CVE-2024-23897.py -i <input_file> -f <file> Parameters: - -t or --target: Specify the target IP(s). Supports single IP, IP range, comma-separated list, or CIDR block ..read more

Introduction  This tool is made to automate the process of retrieving secrets in the public APIs on [swaggerHub](https://app.swaggerhub.com/search). This tool is multithreaded and pipe mode is available :)  Requirements   - python3 (sudo apt install python3) - pip3 (sudo apt install python3-pip) ## Installation pip3 install swaggerhole or cloning this repository and running git clone https://github.com/Liodeus/swaggerHole.gitpip3 install . Usage _____ _ __ ____ _ ____ _ ____ _ ___ _____ / ___/| | /| / // __ `// __ `// __ `// _ \ / ___/ (__ ..read more

RepoReaper is a precision tool designed to automate the identification of exposed .git repositories across a list of domains and subdomains. By processing a user-provided text file with domain names, RepoReaper systematically checks each for publicly accessible .git files. This enables rapid assessment and protection against information leaks, making RepoReaper an essential resource for security teams and web developers. Features Automated scanning of domains and subdomains for exposed .git repositories. Streamlines the detection of sensitive data exposures. User-friendly command-line inte ..read more

SploitScan is a powerful and user-friendly tool designed to streamline the process of identifying exploits for known vulnerabilities and their respective exploitation probability. Empowering cybersecurity professionals with the capability to swiftly identify and apply known and test exploits. It's particularly valuable for professionals seeking to enhance their security measures or develop robust detection strategies against emerging threats. Features CVE Information Retrieval: Fetches CVE details from the National Vulnerability Database. EPSS Integration: Includes Exploit Prediction Sco ..read more

SwaggerSpy is a tool designed for automated Open Source Intelligence (OSINT) on SwaggerHub. This project aims to streamline the process of gathering intelligence from APIs documented on SwaggerHub, providing valuable insights for security researchers, developers, and IT professionals. What is Swagger? Swagger is an open-source framework that allows developers to design, build, document, and consume RESTful web services. It simplifies API development by providing a standard way to describe REST APIs using a JSON or YAML format. Swagger enables developers to create interactive documentation ..read more

In the encrypted depths of Telegram, far beyond the scrutiny of average netizens, lies a network pulsating with the lifeblood of the hacking elite. This isn’t your run-of-the-mill tutorial or a hacker’s 101 guide. This post is a deep dive into the abyss, mapping the veins of active and dormant channels that are the backbone of cyber threat intelligence and underground hacking operations. The channels we’re dissecting today are not just communication lines; they are the hidden layers of the onion, each peel revealing more about the dark arts of digital dominance. From active dens where rea ..read more

AzSubEnum is a specialized subdomain enumeration tool tailored for Azure services. This tool is designed to meticulously search and identify subdomains associated with various Azure services. Through a combination of techniques and queries, AzSubEnum delves into the Azure domain structure, systematically probing and collecting subdomains related to a diverse range of Azure services. How it works? AzSubEnum operates by leveraging DNS resolution techniques and systematic permutation methods to unveil subdomains associated with Azure services such as Azure App Services, Storage Accounts, Azu ..read more

NullSection is an Anti-Reversing tool that applies a technique that overwrites the section header with nullbytes. Install git clone https://github.com/MatheuZSecurity/NullSectioncd NullSectiongcc nullsection.c -o nullsection./nullsection Advantage When running nullsection on any ELF, it could be .ko rootkit, after that if you use Ghidra/IDA to parse ELF functions, nothing will appear no function to parse in the decompiler for example, even if you run readelf -S / path /to/ elf the following message will appear "There are no sections in this file." Make good use of the tool! Note We a ..read more

WEB-Wordlist-Generator scans your web applications and creates related wordlists to take preliminary countermeasures against cyber attacks. Done [x] Scan Static Files. [ ] Scan Metadata Of Public Documents (pdf,doc,xls,ppt,docx,pptx,xlsx etc.) [ ] Create a New Associated Wordlist with the Wordlist Given as a Parameter. Installation From Git git clone https://github.com/OsmanKandemir/web-wordlist-generator.gitcd web-wordlist-generator && pip3 install -r requirements.txtpython3 generator.py -d target-web.com From Dockerfile You can run this application on a container after bu ..read more