Useful tips

Linux TIPS WORLD

Gophish – Open-Source Phishing Toolkit

Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training.InstallInstallation of Gophish is dead-simple – just download and extract the zip containing the release for your system, and run the binary. Gophish has binary releases for […]

Linux TIPS WORLD

Aaia – AWS Identity And Access Management Visualizer And Anomaly Finder

Aaia (pronounced as shown here ) helps in visualizing AWS IAM and Organizations in a graph format with help of Neo4j. This helps in identifying the outliers easily. Since it is based on neo4j , one can query the graph using cypher queries to find the anomalies.Aaia also supports modules to programatically fetch data from […]

Linux TIPS WORLD

Scallion – GPU-based Onion Addresses Hash Generator

Scallion lets you create vanity GPG keys and .onion addresses (for Tor’s hidden services) using OpenCL.Scallion runs on Mono (tested in Arch Linux) and .NET 3.5+ (tested on Windows 7 and Server 2008).Scallion is currently in beta stage and under active development. Nevertheless, we feel that it is ready for use. Improvements are expected primarily […]

TIPS WORLD

Bluewall – A Firewall Framework Designed For Offensive And Defensive Cyber Professionals

Bluewall is a firewall framework designed for offensive and defensive cyber professionals. This framework allows Cybersecurity professionals to quickly setup their environment while staying within their scope.CreditInspired by Andrew Benson’s hostfw iptable generation script. Features Bluewall * Configure Firewall* Configure Hostname* Configure Interface(s) Supported Operating Systems * Redhat/CentOS* Windows configuration can be generated but not […]

TIPS WORLD

AntiCheat-Testing-Framework – Framework To Test Any Anti-Cheat

Framework to test any Anti-Cheat on the market. This can be used as Template or Code Base to test any Anti-Cheat and learn along the way. The entry level to reverse AntiCheats and Cheats is quite high, therefore, I’m realeasing all the code I developed during my research. The main idea is to help people […]

Linux TIPS WORLD

Gowitness – A Golang, Web Screenshot Utility Using Chrome Headless

gowitness is a website screenshot utility written in Golang, that uses Chrome Headless to generate screenshots of web interfaces using the command line. Both Linux and macOS is supported, with Windows support ‘partially working’.Inspiration for gowitness comes from Eyewitness. If you are looking for something with lots of extra features, be sure to check it […]

TIPS WORLD

Lsassy – Extract Credentials From Lsass Remotely

Python library to remotely extract credentials. This blog post explains how it works.You can check the wikiThis library uses impacket project to remotely read necessary bytes in lsass dump and pypykatz to extract credentials.Requirements Python >= 3.6 pypykatz >= 0.3.0 impacket Installation From pip python3.7 -m pip install lsassy From sources python3.7 setup.py install Basic […]

TIPS WORLD

LOLBITS – C# Reverse Shell Using Background Intelligent Transfer Service (BITS) As Communication Protocol

LOLBITS is a C# reverse shell that uses Microsoft’s Background Intelligent Transfer Service (BITS) to communicate with the Command and Control backend. The Command and Control backend is hidden behind an apparently harmless flask web application and it’s only accesible when the HTTP requests received by the app contain a valid authentication header.LOLBITS is composed […]

TIPS WORLD

Shell Backdoor List – PHP / ASP Shell Backdoor List

What is a shell backdoor ?A backdoor shell is a malicious piece of code (e.g. PHP, Python, Ruby) that can be uploaded to a site to gain access to files stored on that site. Once it is uploaded, the hacker can use it to edit, delete, or download any files on the site, or upload […]

Linux TIPS WORLD

Hakrawler – Simple, Fast Web Crawler Designed For Easy, Quick Discovery Of Endpoints And Assets Within A Web Application

hakrawler is a Go web crawler designed for easy, quick discovery of endpoints and assets within a web application. It can be used to discover: Forms Endpoints Subdomains Related domains JavaScript files The goal is to create the tool in a way that it can be easily chained with other tools such as subdomain enumeration […]