smugglo An easy-to-use script for wrapping files into self-dropping HTML payloads to bypass content filters. Features One-file payload: Wrap any file into a single self-contained HTML file Automatic extraction: The generated HTML auto-extracts and downloads the...
The post Smugglo: Bypass Filters with Self-Dropping HTML appeared first on Penetration Testing Tools.
NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into Windows APIs to dynamically manipulate the Windows internals on the go. This allows...
The post NoArgs: dynamically spoof and conceal process arguments while staying undetected appeared first on Penetration Testing Tools.
PMAT-labs – The labs for Practical Malware Analysis & Triage This repository contains live malware samples for use in the Practical Malware Analysis & Triage course (PMAT). These samples are either written to emulate...
The post PMAT-labs: Labs for Practical Malware Analysis & Triage appeared first on Penetration Testing Tools.
bincrypter – Pack/Encrypt/Obfuscate ELF + SHELL scripts A Linux Binary Runtime Crypter – in BASH! Features Obfuscates & encrypts any ELF binary or #!-script AV/EDR death: Morphing + different signature every time 100% in-memory. No temporary...
The post bincrypter: A Linux Binary Runtime Crypter appeared first on Penetration Testing Tools.
Cloud Privilege Escalation Awesome Script Suite The current goal of Cloud PEASS is simple: Once you manage to get some credentials to access Azure, GCP or AWS, use different techniques to get the permissions the principal has and highlight...
The post cloudpeass: Cloud Privilege Escalation Awesome Script Suite appeared first on Penetration Testing Tools.
Shelter Shelter is a completely weaponized sleep obfuscation technique that allows you to fully encrypt your in-memory payload making extensive use of ROP. This crate comes with the following characteristics: AES-128 encryption. Whole PE...
The post Shelter: ROP-based sleep obfuscation to evade memory scanners appeared first on Penetration Testing Tools.
PortEx PortEx is a Java library for static malware analysis of Portable Executable files. Its focus is on PE malformation robustness, and anomaly detection. PortEx is written in Java and Scala, and targeted at...
The post PortEx: Java library for static malware analysis of Portable Executable files appeared first on Penetration Testing Tools.
landrun A lightweight, secure sandbox for running Linux processes using Landlock LSM. Think firejail, but with kernel-level security and minimal overhead. Linux Landlock is a kernel-native security module that lets unprivileged processes sandbox themselves...
The post landrun: Run any Linux process in a secure, unprivileged sandbox using Landlock LSM appeared first on Penetration Testing Tools.
secator is a task and workflow runner used for security assessments. It supports dozens of well-known security tools and it is designed to improve productivity for pentesters and security researchers. Feature A curated list...
The post secator: The pentester’s swiss knife appeared first on Penetration Testing Tools.
EVILRDP – More control over RDP The evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line. Features Control the mouse...
The post evilrdp: The Ultimate Tool for Elevated RDP Command Control appeared first on Penetration Testing Tools.
CAPE is a malware sandbox. It is derived from Cuckoo and is designed to automate the process of malware analysis with the goal of extracting payloads and configuration from malware. This allows CAPE to...
The post CAPEv2: Malware Configuration And Payload Extraction appeared first on Penetration Testing Tools.
It’s a modern and stealthy process injection technique was discovered by Outflank that involves injecting and executing code in the early stages of process creation before loading EDRs for their user mode detection measures. EarlyCascade technique...
The post EarlyCascade: A PoC for Early Cascade process injection technique appeared first on Penetration Testing Tools.
Arjun Arjun can find query parameters for URL endpoints. If you don’t get what that means, it’s okay, read along. Web applications use parameters (or queries) to accept user input, consider the following example...
The post Arjun: HTTP parameter discovery suite appeared first on Penetration Testing Tools.
TamaGo – bare metal Go for ARM SoCs TamaGo is a project that aims to provide compilation and execution of unencumbered Go applications for bare metal ARM System-on-Chip (SoC) components. The projects spawns from...
The post tamago: provide compilation and execution of unencumbered Go applications appeared first on Penetration Testing Tools.
medusa MEDUSA is an extensible and modularized framework that automates processes and techniques practiced during the dynamic analysis of Android and iOS Applications. Some of the framework’s features are the following: Tracing and instrumentation of API calls...
The post medusa: automates processes and techniques practised appeared first on Penetration Testing Tools.
DLL Sideloading Scanner A lightweight PowerShell-based scanner designed to identify missing or unresolved DLLs, helping you detect potential DLL sideloading vulnerabilities on your Windows system. Features Dynamic Process Analysis 🔄 Scans all running processes and...
The post DLL Sideloading Scanner: Catching Windows DLL Vulnerabilities appeared first on Penetration Testing Tools.
Puma Security Serverless Prey Serverless Prey is a collection of serverless functions (FaaS), that, once launched to a cloud environment and invoked, establish a TCP reverse shell, enabling the user to introspect the underlying...
The post serverless prey: serverless functions for establishing reverse shells appeared first on Penetration Testing Tools.
The WinPmem memory acquisition driver and userspace WinPmem has been the default open-source memory acquisition driver for windows for a long time. It used to live in the Rekall project but has recently been...
The post WinPmem: WinPmem memory acquisition driver and userspace appeared first on Penetration Testing Tools.
FileInsight-plugins: decoding toolbox of McAfee FileInsight hex editor for malware analysis FileInsight-plugins is a large set of plugins for the McAfee FileInsight hex editor. It adds many capabilities such as decryption, decompression, searching XOR-ed...
The post FileInsight-plugins: decoding toolbox of McAfee FileInsight hex editor appeared first on Penetration Testing Tools.
RustPotato is a Rust-based implementation of GodPotato, a privilege escalation tool that abuses DCOM and RPC to leverage SeImpersonatePrivilege and gain NT AUTHORITY\SYSTEM privileges on Windows systems. Key Features TCP-based Reverse Shell: RustPotato features a TCP-based reverse shell based on Rustic64Shell. It leverages Winsock APIs...
The post RustPotato: privilege escalation tool appeared first on Penetration Testing Tools.
