AI Summary: Stegseek is a high-performance steghide cracker designed to efficiently extract hidden data from files, achieving remarkable speeds by leveraging a comprehensive wordlist, such as rockyou.txt, to crack passwords in under two seconds. Its primary use case includes both password cracking and the detection of steghide metadata without requiring passwords, enabling users to ascertain file contents speedily. Notable features include the ability to brute-force the random number generator used in steghide to recover unencrypted files and detailed metadata extraction.

AI Summary: Storm-Breaker is a versatile cybersecurity tool that enables unauthorized access to device information, including location, webcam, and microphone on smartphones, without requiring user permissions. Notable features include a revamped web user interface, the ability to operate on personal hosting environments, auto-download functionality for Ngrok, and comprehensive logging capabilities. This tool is primarily designed for penetration testing and social engineering exercises within controlled environments.

README

A Tool With Attractive Capabilities.

AI Summary: Stowaway is a multi-tier proxy tool written in Go, designed specifically for penetration testers to route external traffic through multiple nodes into an internal network, thereby overcoming access restrictions. Notable features include user-friendly command-line interface, tree structure node management, support for various connection types (socks5, HTTP, SSH), traffic encryption using TLS/AES-256-GCM, and capabilities for remote shell, file transfer, and port mapping, all while maintaining compatibility across multiple platforms such as Linux, Mac, and Windows.

AI Summary: Stunner is a specialized tool designed for testing and exploiting STUN and TURN servers, particularly in the context of videoconferencing and audio chat applications utilizing the TURN protocol. Its primary use case involves identifying misconfigurations in TURN servers, enabling users to establish a SOCKS proxy that routes traffic through these servers into internal networks. Notable features include the ability to enumerate accessible IP addresses, perform detailed server information queries, and set up a local SOCKS server for traffic relaying.

AI Summary: SubDomainizer is a reconnaissance tool that identifies hidden subdomains and secrets from specified URLs, web pages, and external JavaScript files. It supports various cloud storage services and can detect S3 buckets and CloudFront URLs, potentially exposing vulnerabilities such as open read/write permissions and subdomain takeover risks. The tool is capable of scanning both individual URLs and lists, with a feature for extracting secrets based on keyword searches and Shannon Entropy calculations, although this is currently in beta phase.

AI Summary: Subjack is a DNS takeover scanner written in Go, designed for the concurrent scanning of domain lists to identify registrable domains vulnerable to hijacking. It features detection capabilities for various vulnerability types including CNAME takeovers, NS delegation issues, stale A records, and more, allowing security professionals to assess the risk of domain takeovers effectively. With an emphasis on speed and efficiency, Subjack provides functionalities such as customizable concurrency and thorough output options to facilitate large-scale testing.

AI Summary: Sublert is a Python-based security tool designed for monitoring new subdomains associated with specific organizations by leveraging certificate transparency. It facilitates automated alerts to a Slack workspace for newly identified subdomains and includes functionalities for DNS resolution to verify active subdomains. Key features include periodic monitoring, configuration options for concurrent threads, and logging capabilities.

README

                                   _____       __    __          __
                                  / ___/__  __/ /_  / /__  _____/ /_
                                  \__ \/ / / / __ \/ / _ \/ ___/ __/
                                 ___/ / /_/ / /_/ / /  __/ /  / /_
                                /____/\__,_/_.___/_/\___/_/   \__/

                                    Author: Yassine Aboukir
                                        Version: 1.4.7

AI Summary: SubOver is a Golang-based tool designed for detecting potential subdomain takeovers across more than 30 services, leveraging Go’s concurrency for enhanced speed and efficiency. Its primary use case is for security professionals conducting assessments of web applications to identify vulnerable subdomains that can be hijacked. Notable features include a comprehensive service list, customizable concurrent threads, and a straightforward command-line interface for easy operation.

README

SubOver

Note - This project is discontinued. No more updates will be provided! Sorry!

But something more awesome will come soon!

AI Summary: SubScraper is a subdomain enumeration tool designed for penetration testers and bug bounty hunters, enabling the discovery of an organization’s attack surface through multiple techniques. It supports DNS resolution, HTTP(S) requests, and CNAME lookups, along with modular support for various data sources and the capability to handle multiple targets. Key features include compatibility with Windows CLI, output formatting in .txt or .csv, and easy extensibility to add new enumeration methods.

AI Summary: SUDO_KILLER is a cybersecurity tool designed for professionals such as pentesters and security auditors, focusing on privilege escalation vulnerabilities in Linux systems related to SUDO configuration and usage. It manually identifies issues such as misconfigurations, risky binaries, and version-based vulnerabilities (CVEs), enabling users to exploit these weaknesses for gaining root-level privileges. The tool provides a detailed checklist of potential local exploits and requires users to perform the exploitation process manually, ensuring a controlled approach to privilege escalation testing.

AI Summary: Sudomy is a subdomain enumeration and analysis tool designed for advanced automated reconnaissance and OSINT activities. It features both active and passive enumeration methods, utilizing efficient techniques such as DNS brute-forcing via Gobuster and data collection from 22 curated third-party sources. Additional capabilities include subdomain testing, virtual host classification, port scanning, and technology identification, making it a comprehensive solution for penetration testing and bug bounty applications.

README

Sudomy

AI Summary: Swift-Keylogger is a macOS tool designed to monitor and log keystrokes while providing contextual information about the applications generating those keystrokes. It utilizes low-level HID APIs to ensure stability despite Apple’s deprecation of certain high-level APIs and organizes the logged data by application and timestamps in a structured directory format. The tool can be integrated with Cocoa applications, offering both executable usage and source code incorporation, making it flexible for developers.

AI Summary: SwiftnessX is a cross-platform note-taking and target-tracking application designed specifically for penetration testers, built on the ElectronJS framework. It features customizable checklists, including the OWASP Testing Checklist, and allows users to import/export their checklists, enhancing organized documentation throughout the penetration testing process. The tool aims to streamline the workflow for security professionals by providing a unified interface for managing testing notes and methodologies.

README

SwiftnessX v0.2

AI Summary: SydneyQt is a cross-platform desktop client designed for the jailbroken New Bing AI Copilot, enabling advanced interactions with the AI through capabilities such as prompt injection, CAPTCHA resolution via Selenium, and context editing. Key features include support for various file types and multimedia interactions, customizable quick responses, and integration with OpenAI’s API, all presented within a modern and user-friendly interface. The tool is built with Go and Wails, offering robust functionality while allowing users to bypass regional restrictions and enhance their AI interactions.

AI Summary: sysmon-modular is a modular Sysmon configuration repository designed for customization and maintenance of Microsoft Sysinternals’ Sysmon tool. Its primary use case is to generate tailored event logging configurations for monitoring system behavior and enhancing threat detection in diverse environments. Notable features include pre-generated configurations catering to different verbosity levels, a flexible module system for incorporating custom configurations, and automated XML generation through a PowerShell script integrated with Azure Pipelines.

AI Summary: T-load is a bash-based script designed for customizing the Termux terminal interface on both rooted and non-rooted Android devices. Its primary use case is to enhance the user experience by providing an attractive and engaging terminal environment, complete with sound effects and an updated layout. Notable features include an easy installation process, new interface options, and the ability to revert to the default terminal settings.

README

AI Summary: TABBY is a static code analysis tool designed for Java that rapidly identifies various types of vulnerabilities within Java applications. It utilizes the Soot framework to transform Java bytecode (JAR/WAR/CLASS files) into a code property graph (CPG), which is then stored in a Neo4j graph database, allowing for complex taint analysis and vulnerability chain detection through simple Cypher queries. Notable features include the ability to discover deserialization attack chains and common web vulnerabilities, significantly enhancing the efficiency of code audits by reducing manual search efforts.

AI Summary: Tangled WinExec is a repository that provides a collection of proof-of-concept tools focused on various Windows process execution techniques, aimed at facilitating investigation and understanding of these methods. Notable features include techniques such as Process Hollowing, Command Line Spoofing, and Process Doppelgänging, with some PoCs tailored for specific Windows versions and kernel protection mechanisms. Each toolset includes documentation for testing and utilization, enabling advanced users to explore process manipulation techniques effectively.

AI Summary: Taranis AI is an advanced Open-Source Intelligence (OSINT) tool that utilizes Artificial Intelligence and Natural Language Processing to gather and enhance information from various unstructured data sources, primarily news articles. Its notable features include a streamlined workflow for analysts to convert unstructured data into structured reports, multi-format output capabilities, seamless publication of intelligence products, and experimental support for collaborative threat intelligence via integration with MISP.

README

Taranis AI

AI Summary: The Tata Sky/Play IPTV Script generator is a tool that creates an m3u playlist containing direct streamable files, specifically designed for users with a Tata Sky subscription. It offers both an easy-to-use app and a command-line script for generating the playlist, with features like automatic login credential storage and expiration notifications for the generated playlist. This tool is primarily aimed at facilitating seamless access to subscribed channels through compatible IPTV applications.

AI Summary: TegraRcmGUI is a Windows-based graphical user interface that facilitates the injection of payloads into Nintendo Switch consoles utilizing the Fusée Gelée exploit for RCM mode. Key features include the ability to manage favorites, run Linux on the Switch, mount the device as USB mass storage, and dump BIS keys for eMMC content decryption. The tool also offers conveniences such as auto-injection options, minimizing to the system tray, and automatic startup with Windows.

AI Summary: Telegram-OSINT is a comprehensive resource hub designed for open-source intelligence (OSINT) researchers focusing on the Telegram platform. It provides guides, tools, and best practices to ensure users maintain operational security (OPSEC) while gathering intelligence, including constructing virtual machines for safe research. Noteworthy features include links to various blogs, tools, and a transparency report bot, addressing the complexities of OSINT in a rapidly changing digital landscape.

README

Telegram-OSINT

AI Summary: The Telegram Channel Scraper is a Python-based tool that enables users to scrape messages and media from Telegram channels using the Telethon library. Key features include real-time scraping, enhanced metadata capture such as message statistics and reactions, smart filtering for channel management, and data export capabilities in CSV and JSON formats. With automatic database migration and a user-friendly interactive menu, it supports efficient channel monitoring and data retrieval.

AI Summary: Telemetry Sourcerer is a tool designed for red teamers and security researchers to enumerate and disable various sources of telemetry utilized by antivirus and endpoint detection and response (EDR) systems on Windows. It features the ability to suppress kernel-mode callbacks, unhook inline user-mode hooks, and identify relevant Event Tracing for Windows (ETW) sessions, making it instrumental in identifying blind spots and validating evasion techniques within lab environments. However, it is primarily for research applications and carries OPSEC risks if deployed in production settings.

AI Summary: Template is a heuristic internal network scanning tool designed for security assessments and vulnerability detection. It features a producer-consumer model for efficient data handling, employs heuristic scanning methods to minimize packet sending, and includes robust web fingerprinting capabilities with over 900 fingerprints. Additionally, it supports extreme concurrency in its modules, optimizing performance during scans and brute force attacks.

README

Template - 启发式内网扫描