Hacking And Security Tools

APTRS (Automated Penetration Testing Reporting System) is an automated reporting tool in Python and Django. The tool allows Penetration testers to create a report directly without using the Traditional Docx file. It also provides an approach to keeping track of the projects and vulnerabilities. Prerequisites Python 3.8 and above [ Download ] wkhtmltopdf 0.12.6 and above [ Download ] Features Managing Vulnerabilities Manage All Projects in one place Create a Vulnerability Database and avoid writ…

INTLog is a simple Flask app designed to keep track of potentially interesting artifacts during an investigation. This application was designed to keep track of artifacts that you may stumble across during an investigation.  This project is in an EXTREMELY early stage. Setup Setup env: INTLog » python3 -m venv env INTLog » source env/bin/activate Install requirements: pip3 install -r requirements.txt Setup SQLite This script will automatically create the SQLite file and necessary entries upon …

EmailAllis a powerful Email Collect tool —— a powerful email collection tool. Installation $ git clone https://github.com/Taonn/EmailAll.git $ cd EmailAll $ pip3 install -r requirements.txt EmailAll is a powerful Email Collect tool Example: python3 emailall.py check python3 emailall.py --domain example.com run python3 emailall.py --domains ./domains.txt run python3 emailall.py --domain example.com run python3 emailall.py --domains ./domains.txt run The final result is saved to res…

Dumping relevant information on compromised targets without AV detection. DPAPI dumping Lots of credentials are protected by DPAPI . We aim at locating those "secured" credentials, and retrieve them using : User Password Domaine DPAPI BackupKey Local machine DPAPI Key (protecting TaskScheduled blob) Currently gathered info Windows credentials (Taskscheduled credentials & a lot more) Windows Vaults Windows RDP credentials AdConnect (still require a manual operation) Wifi key Intern…

Compromising an organization's cloud infrastructure is like sitting on a gold mine for attackers. And sometimes, a simple misconfiguration or a vulnerability in web applications, is all an attacker needs to compromise the entire infrastructure. Since the cloud is relatively new, many developers are not fully aware of the threatscape and they end up deploying a vulnerable cloud infrastructure. AWSGoat is vulnerable by design infrastructure on AWS featuring the latest released OWASP Top 10 we…