Arcane – Tool To Backdoor iOS Packages (iPhone ARM)

Arcane is a simple script tool to backdoor iOS packages (iPhone ARM) and create the necessary resources for APT repositories. It was created to help illustrate why Cydia repositories can be dangerous and what post-exploitation attacks are possible from a compromised iOS device. How Arcane Tool To Backdoor iOS Package Works It’s possible to supply...

Aug 2020

SharpHose – Asynchronous Password Spraying Tool

SharpHose is an asynchronous password spraying tool in C# for Windows environments that takes into consideration fine-grained password policies and can be run over Cobalt Strike’s execute-assembly. It provides a flexible way to interact with Active Directory using domain-joined and non-joined contexts, while also being able to target specific domains...

Jul 2020

Axiom – Pen-Testing Server For Collecting Bug Bounties

Project Axiom is a set of utilities for managing a small dynamic infrastructure setup for bug bounty, basically a pen-testing server out of the box with 1-line. With Axiom, you just need to run a single command to get setup, and then you can use the Axiom toolkit scripts to spin up and down your new hacking VPS. Setting up your own ‘hacking vps’,...

Jul 2020

Quasar RAT – Windows Remote Administration Tool

Quasar is a fast and light-weight Windows remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. It aims to provide high stability and an easy-to-use user interface and is a free, open source tool. Features of Quasar RAT Windows Remote Administration Tool The main...

May 2020

Pingcastle – Active Directory Security Assessment Tool

PingCastle is a Active Directory Security Assessment Tool designed to quickly assess the Active Directory security level with a methodology based on a risk assessment and maturity framework. It does not aim at a perfect evaluation but rather as an efficiency compromise. The risk level regarding Active Directory security has changed. Several vulnerabilities...

May 2020

Second Order – Subdomain Takeover Scanner Tool

Second Order Subdomain Takeover Scanner Tool scans web applications for second-order subdomain takeover by crawling the application and collecting URLs (and other data) that match specific rules or respond in a specific way. Using Second Order Subdomain Takeover Scanner Tool Command line options: -base string Base link to start scraping...

Apr 2020

Binwalk – Firmware Security Analysis & Extraction Tool

Binwalk is a fast and easy to use Python-based firmware security analysis tool that allows for firmware analysis, reverse engineering, and extraction of firmware images. Features of Binwalk Firmware Security Analysis & Extraction Tool Scanning Firmware – Binwalk can scan a firmware image for many different embedded file types and file systems...

Apr 2020

zBang – Privileged Account Threat Detection Tool

zBang is a risk assessment tool for Privileged Account Threat Detection on a scanned network, organizations and red teamers can utilize zBang to identify potential attack vectors and improve the security posture of the network. The results can be analyzed with the graphic interface or by reviewing the raw output files. The tool is built from five...

Mar 2020

Memhunter – Automated Memory Resident Malware Detection

Memhunter is an Automated Memory Resident Malware Detection tool for the hunting of memory resident malware at scale, improving the threat hunter analysis process and remediation times. It’s a self contained binary that can be deployed and managed at scale, does not use memory dumps and relies purely on memory inspection to do its work. It also does...

Mar 2020

Sandcastle – AWS S3 Bucket Enumeration Tool

Sandcastle is a Python-based Amazon AWS S3 Bucket Enumeration Tool, formerly known as bucketCrawler. The script takes a target’s name as the stem argument (e.g. shopify) and iterates through a file of bucket name permutations. Amazon S3 [Simple Storage Service] is cloud storage for the Internet. To upload your data (photos, videos, documents etc.),...

Mar 2020