Search the Community

CloudFail is a tactical reconnaissance tool which aims to gather enough information about a target protected by CloudFlare in the hopes of discovering the location of the server. Using Tor to mask all requests, the tool as of right now has 3 different attack phases. Disclaimer This tool is a PoC (Proof of Concept) and does not guarantee results. It is possible to setup Cloudflare properly so that the IP is never released or logged anywhere; this is not often the case and hence why this tool exists. This tool is only for academic purposes and testing under controlled environments. Do not use without obtaining proper authorization from the network owner of the network under testing. The author bears no responsibility for any misuse of the tool. [hide][Hidden Content]]

cf-check Check a Host is Owned by Cloudflare. Changelog v1.0.4 1052d71 chore: Words d4f35d0 fix: Nil pointer derefer 6933a71 Add Go modules [hide][Hidden Content]]

iblessing iblessing is iOS security exploiting toolkit, it mainly includes application information collection, static analysis, and dynamic analysis. iblessing is based on a unicorn engine and capstone engine. Features 🔥 Cross-platform: Tested on macOS and Ubuntu. iOS App static info extract, including meta data, deeplinks, urls, etc. Mach-O parser and dyld symbol bind simulator Objective-C class realizing and parsing Scanners making dynamic analysis for arm64 assembly code and find key information or attack surface Scanners using unicorn to partially simulate Mach-O arm64 code execution and find some features Generators that can provide secondary processing on scanner’s report to start a query server, or generate script for IDA Super objc_msgSend xrefs scanner 😄 objc methods and subs (such as blocks) emulation to generate xrefs like flare-emu objc function wrapper detects and ida usercall generate objc_msgSend sub-functions analysis objc block to objc_msgSend xrefs in args and a capture list report format including json, etc. Swift class and method parsing following branches and calls SimProcedures for extern symbols Tests Android Scanners Support Diagnostic logs More flexible scanner infrastructure for new scanner plugins Changelog v1.0.4 beta fix: bof [hide][Hidden Content]]

BeDrive Mobile is a file storage, management and sharing mobile app . It fully integrates with BeDrive web version and allows instant file synchronization between the two, while adding a number of extra features like offline storage, camera uploads, background transfers and more. [Hidden Content] [hide][Hidden Content]]

Carnivore – Microsoft External Attack Tool Overview: Carnivore is an assessment tool for Skype for Business, Exchange, ADFS, and RDWeb servers as well as some O365 functionality. Carnivore includes some new post-authentication Skype for Business functionality. In general, the tabs will unlock in-line with what functionality you can use. Ie – the post auth options will unlock after you have discovered valid credentials. Feature Subdomain Enumeration Username Enumeration Smart Enumeration 9 lists of statistically likely usernames Automatically selects likely format Legacy vs Modern Format Password Spraying Discovered Format Pre-built lists Post Compromise [hide][Hidden Content]]

XCat XCat is a command-line tool to exploit and investigate blind XPath injection vulnerabilities. It supports a large number of features: Auto-selects injections (run xcat injections for a list) Detects the version and capabilities of the xpath parser and selects the fastest method of retrieval Built-in out-of-bound HTTP server Automates XXE attacks Can use OOB HTTP requests to drastically speed up retrieval Custom request headers and body Built-in REPL shell, supporting: Reading arbitrary files Reading environment variables Listing directories Uploading/downloading files (soon TM) [HIDE][Hidden Content]]