Search the Community

An SSRF-Tool wrote in golang Features Wordlist Creation Inject in every parameter one by one Very fast speed Inject into paths Silent Mode Fetch endpoints from Javascript files Bruteforce parameters Find SSRF in those parameters Match multiple patterns in the response Fetch endpoints from Javascript files Bruteforce parameters Find SSRF in those parameters Match multiple patterns in the response Note Make sure when creating wordlists or finding ssrf with my tool that the domains are resolved. You can use: httpx httprobe massdns [hide][Hidden Content]]

Golang reverse/bind shell generator This tool generates a Go binary that launches a shell of the desired type on the targeted host. The shell binary can be compiled for multiple platforms, supports partial polymorphism (unique functions’ names) and can use UDP protocol instead of the default TCP. If you send a DELETE command over the established connection, the shell binary removes itself from the host it was executed on. [HIDE][Hidden Content]]

[HIDE][Hidden Content]]

A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI. Abstract Trivy (tri pronounced like trigger, vy pronounced like envy) is a simple and comprehensive vulnerability scanner for containers. A software vulnerability is a glitch, flaw, or weakness present in the software or in an Operating System. Trivy detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and application dependencies (Bundler, Composer, npm, yarn etc.). Trivy is easy to use. Just install the binary and you're ready to scan. All you need to do for scanning is to specify an image name of the container. It is considered to be used in CI. Before pushing to a container registry, you can scan your local container image easily. Features Detect comprehensive vulnerabilities OS packages (Alpine, Red Hat Universal Base Image, Red Hat Enterprise Linux, CentOS, Debian, Ubuntu, Amazon Linux and Distroless) Application dependencies (Bundler, Composer, Pipenv, Poetry, npm, yarn and Cargo) Simple Specify only an image name Easy installation apt-get install, yum install and brew install is possible No pre-requisites such as installation of DB, libraries, etc. (The exception is that you need rpm installed to scan images based on RHEL/CentOS. This is automatically included if you use our installers or the Trivy container image.) High accuracy Especially Alpine Linux and RHEL/CentOS Other OSes are also high DevSecOps Suitable for CI such as Travis CI, CircleCI, Jenkins, etc. Gif Demo More info && Download [hide][Hidden Content]]

XRay is a tool for network OSINT gathering, its goal is to make some of the initial tasks of information gathering and network mapping automatic. How Does it Work? XRay is a very simple tool, it works this way: It'll bruteforce subdomains using a wordlist and DNS requests. For every subdomain/ip found, it'll use Shodan to gather open ports and other intel. If a ViewDNS API key is provided, for every subdomain historical data will be collected. For every unique ip address, and for every open port, it'll launch specific banner grabbers and info collectors. Eventually the data is presented to the user on the web ui. Grabbers and Collectors HTTP Server, X-Powered-By and Location headers. HTTP and HTTPS robots.txt disallowed entries. HTTPS certificates chain ( with recursive subdomain grabbing from CN and Alt Names ). HTML title tag. DNS version.bind. and hostname.bind. records. MySQL, SMTP, FTP, SSH, POP and IRC banners. Notes Shodan API Key The shodan.io API key parameter ( -shodan-key KEY ) is optional, however if not specified, no service fingerprinting will be performed and a lot less information will be shown (basically it just gonna be DNS subdomain enumeration). ViewDNS API Key If a ViewDNS API key parameter ( -viewdns-key KEY ) is passed, domain historical data will also be retrieved. Anonymity and Legal Issues The software will rely on your main DNS resolver in order to enumerate subdomains, also, several connections might be directly established from your host to the computers of the network you're scanning in order to grab banners from open ports. Technically, you're just connecting to public addresses with open ports (and there's no port scanning involved, as such information is grabbed indirectly using Shodan API), but you know, someone might not like such behaviour. If I were you, I'd find a way to proxify the whole process ... #justsaying Manual Compilation Make sure you are using Go >= 1.7, that your installation is working properly, that you have set the $GOPATH variable and you have appended $GOPATH/bin to your $PATH. Then: [Hidden Content] You'll find the executable in the build folder. Usage Usage: xray -shodan-key YOUR_SHODAN_API_KEY -domain TARGET_DOMAIN Options: -address string IP address to bind the web ui server to. (default "127.0.0.1") -consumers int Number of concurrent consumers to use for subdomain enumeration. (default 16) -domain string Base domain to start enumeration from. -port int TCP port to bind the web ui server to. (default 8080) -preserve-domain Do not remove subdomain from the provided domain name. -session string Session file name. (default "<domain-name>-xray-session.json") -shodan-key string Shodan API key. -viewdns-key string ViewDNS API key. -wordlist string Wordlist file to use for enumeration. (default "wordlists/default.lst") Example: # xray -shodan-key yadayadayadapicaboo... -viewdns-key foobarsomethingsomething... -domain fbi.gov ____ ___ \ \/ / \ RAY v 1.0.0b / by Simone 'evilsocket' Margaritelli /___/\ \ \_/ @ Saving session to fbi.gov-xray-session.json @ Web UI running on [Hidden Content] Download [hide][Hidden Content]]

Go tool for LSB steganography, capable of hiding any file within an image. stegify is a simple command line tool capable of fully transparent hiding any file within an image. This technique is known as LSB (Least Significant Bit) steganography. Demonstration Usage As a command line tool: $ stegify -op encode -carrier <file-name> -data <file-name> -result <file-name> $ stegify -op decode -carrier <file-name> -result <file-name> When encoding, the file with name given to flag -data is hidden inside the file with name given to flag -carrier and the resulting file is saved in new file in the current working directory under the name given to flag -result. The file extension of result file is inherited from the carrier file and must not be specified explicitly in the -result flag. When decoding, given a file name of a carrier file with previously encoded data in it, the data is extracted and saved in new file in the current working directory under the name given to flag -result. The result file won't have any file extension and therefore it should be specified explicitly in -result flag. In both cases the flag -result could be omitted and it will be used the default file name: result Programmatically in your code stegify can be used programmatically too and it provides easy to use functions working with file names or raw Readers and Writers. You can visit [Hidden Content] under steg package for details. Source && Download: [Hidden Content]

Redress - A tool for analyzing stripped Go binaries The redress software is a tool for analyzing stripped Go binaries compiled with the Go compiler. It extracts data from the binary and uses it to reconstruct symbols and performs analysis. It essentially tries to "re-dress" a "stripped" binary. It has two operation modes. The first is a standalone mode where the binary is executed on its own. The second mode is used when the binary is executed from within radare2 via r2pipe. The binary is aware of its environment and behaves accordingly. Running it standalone To run redress, just execute it on the command line. Below are some of the possible flags that can be given. It is possible to use multiple flags to extract different data. If no flags are given, no data is extracted. The idea is to print more information than what is asked by the user. Download [hide][Hidden Content]] More info [hide][Hidden Content]]

Vulnerability scanner for Linux/FreeBSD, agentless, written in golang. Agent-less vulnerability scanner for Linux, FreeBSD, Container Image, Running Container, WordPress, Programming language libraries, Network devices For a system administrator, having to perform security vulnerability analysis and software update on a daily basis can be a burden. To avoid downtime in a production environment, it is common for a system administrator to choose not to use the automatic update option provided by the package manager and to perform update manually. This leads to the following problems. The system administrator will have to constantly watch out for any new vulnerabilities in NVD (National Vulnerability Database) or similar databases. It might be impossible for the system administrator to monitor all the software if there are a large number of software packages installed in the server. It is expensive to perform analysis to determine the servers affected by new vulnerabilities. The possibility of overlooking a server or two during analysis is there. Vuls is a tool created to solve the problems listed above. It has the following characteristics. Informs users of the vulnerabilities that are related to the system. Informs users of the servers that are affected. Vulnerability detection is done automatically to prevent any oversight. A report is generated on a regular basis using CRON or other methods. to manage vulnerability. More info & Download [hide][Hidden Content]] Demo ascii [hide][Hidden Content]]