Collaborate Disseminate
truffleHog is a Python-based tool to search Git for high entropy strings, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.
truffleHog previously functioned by running entropy checks on git dif… Continue reading truffleHog – Search Git for High Entropy Strings with Commit History
Facebook is using trademark law to target the operators of sites that imitate or target Facebook and Instagram sites. Continue reading Facebook launches $2m suit against alleged phishing, hacking sites
UBoat is a PoC HTTP Botnet designed to replicate a full weaponised commercial botnet like the famous large scale infectors Festi, Grum, Zeus and SpyEye.
Reviews of popular botnets have shown HTTP-based botnets have a set of attributes that make it dif… Continue reading UBoat – Proof Of Concept PoC HTTP Botnet Project
Stardox is a Python-based GitHub stargazers information gathering tool, it scrapes Github for information and displays them in a list tree view. It can be used for collecting information about your or someone else’s repository stargazers details.
GitH… Continue reading Stardox – Github Stargazers Information Gathering Tool
Slurp is a blackbox/whitebox S3 bucket enumerator written in Go that can use a permutations list to scan from an external perspective or an AWS API to scan internally.
There are two modes that this tool operates at; blackbox and whitebox mode. Whitebo… Continue reading Slurp – Amazon AWS S3 Bucket Enumerator
BloodHound is for hacking active directory trust relationships and it uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment.
Attackers can use BloodHound to easily identify highly complex atta… Continue reading BloodHound – Hacking Active Directory Trust Relationships
Forensic analysis shows a Chinese APT using Equation Group hacking tools at least a year before Shadow Brokers dumped its cache in April 2017. Continue reading Chinese Spies Stole NSA Cyberweapons Long Before Shadow Brokers Leak
By Ryan De Souza
Chinese hackers then used NSA’s hacking tools and technology to target American allies. Symantec researchers have discovered that in 2016, Chinese intelligence managed to repurpose hacking tools used by the National Security Agency (NS… Continue reading Chinese hackers accessed NSA hacking tools before Shadow Brokers leak
SecLists is the security tester’s companion. It’s a collection of multiple types of lists used during security assessments, collected in one place.
List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, a… Continue reading SecLists – Usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells
GoBuster is a Go-based tool used to brute-force URIs (directories and files) in web sites and DNS subdomains (with wildcard support) – essentially a directory/file & DNS busting tool.
The author built YET ANOTHER directory and DNS brute forcing to… Continue reading GoBuster – Directory/File & DNS Busting Tool in Go