November 2022
APTRS - An Automated Penetration Testing Reporting System

APTRS - An Automated Penetration Testing Reporting System

APTRS (Automated Penetration Testing Reporting System) is an automated reporting tool in Python and Django. The tool allows Penetration testers to create a report directly without using the Traditional Docx file. It also provides an approach to keeping track of the projects and vulnerabilities. Prerequisites Python 3.8 and above [ Download ] wkhtmltopdf 0.12.6 and above [ Download ] Features Managing Vulnerabilities Manage All Projects in one place Create a Vulnerability Database and avoid writ…
INTLog - A Flask app to Track Interesting Artifacts during an Investigation

INTLog - A Flask app to Track Interesting Artifacts during an Investigation

INTLog is a simple Flask app designed to keep track of potentially interesting artifacts during an investigation. This application was designed to keep track of artifacts that you may stumble across during an investigation.  This project is in an EXTREMELY early stage. Setup Setup env: INTLog » python3 -m venv env INTLog » source env/bin/activate Install requirements: pip3 install -r requirements.txt Setup SQLite This script will automatically create the SQLite file and necessary entries upon …
EmailAll - A powerful Email Collect tool

EmailAll - A powerful Email Collect tool

EmailAllis a powerful Email Collect tool —— a powerful email collection tool. Installation $ git clone https://github.com/Taonn/EmailAll.git $ cd EmailAll $ pip3 install -r requirements.txt EmailAll is a powerful Email Collect tool Example: python3 emailall.py check python3 emailall.py --domain example.com run python3 emailall.py --domains ./domains.txt run python3 emailall.py --domain example.com run python3 emailall.py --domains ./domains.txt run The final result is saved to res…
DonPAPI : Dumping DPAPI Credential Remotely

DonPAPI : Dumping DPAPI Credential Remotely

Dumping relevant information on compromised targets without AV detection. DPAPI dumping Lots of credentials are protected by DPAPI . We aim at locating those "secured" credentials, and retrieve them using : User Password Domaine DPAPI BackupKey Local machine DPAPI Key (protecting TaskScheduled blob) Currently gathered info Windows credentials (Taskscheduled credentials & a lot more) Windows Vaults Windows RDP credentials AdConnect (still require a manual operation) Wifi key Intern…
AWSGoat : A Damn Vulnerable AWS Infrastructure

AWSGoat : A Damn Vulnerable AWS Infrastructure

Compromising an organization's cloud infrastructure is like sitting on a gold mine for attackers. And sometimes, a simple misconfiguration or a vulnerability in web applications, is all an attacker needs to compromise the entire infrastructure. Since the cloud is relatively new, many developers are not fully aware of the threatscape and they end up deploying a vulnerable cloud infrastructure. AWSGoat is vulnerable by design infrastructure on AWS featuring the latest released OWASP Top 10 we…