Category: NEW TOOLS

Auditing ToolAWSCommand LineCSV FileEC2HTML ReportNEW TOOLSpenetration testingScout2

Scout2 – Security Auditing Tool For AWS Environments

Scout2 is a security tool that lets AWS administrators assess their environment's security posture. Using the AWS API, Scout2 gathers configuration data for manual inspection and highlights high-risk areas automatically. Rather than pouring through dozens of pages on the web, Scout2 supplies a clear view of the attack surface automatically.Note: Scout2 is stable and actively maintained, but a number of features and internals may change. As such, please bear with us as we find time to work on, and improve, the tool. Feel free…

CMS BruteforceCMS DetectionCMS FrameworkCMSeeKDrupal BruteforceExploitation FrameworkJoomla BruteforceMacNEW TOOLSWeb ScannerWordpress BruteforceWordpress Scanner

CMSeeK v1.0.5 – CMS Detection And Exploitation Suite

What is a CMS?A content management system (CMS) manages the creation and modification of digital content. It typically supports multiple users in a collaborative environment. Some noteable examples are: WordPress, Joomla, Drupal etc.Release History- Version 1.0.5 [19-07-2018]- Version 1.0.4 [17-07-2018]- Version 1.0.3 [06-07-2018]- Version 1.0.2 [06-07-2018]- Version 1.0.1 [19-06-2018]- Version 1.0.0 [15-06-2018]Changelog FileFunctions Of CMSeek:Basic CMS Detection of over 20 CMSAdvanced Wordpress ScansDetects VersionUser EnumerationPlugins EnumerationTheme EnumerationDetects Users (3 Detection Methods)Looks for Version Vulnerabilities and much more!Advanced Joomla ScansVersion detectionBackup files finderAdmin page finderCore…

AWSAWS EC2AWS IAMAWS Policy TrackingAWS S3AWS SecurityAWS SQSAWS VPCBotoBoto3BotocoreNEW TOOLSScanSecurity Monkey

Security Monkey – Tool To Monitors Your AWS And GCP Accounts For Policy Changes And Alerts On Insecure Configurations

Security Monkey monitors your AWS and GCP accounts for policy changes and alerts on insecure configurations. Support is available for OpenStack public and private clouds. Security Monkey can also watch and monitor your GitHub organizations, teams, and repositories.It provides a single UI to browse and search through all of your accounts, regions, and cloud services. The monkey remembers previous states and can show you exactly what changed, and when.Security Monkey can be extended with custom account types, custom watchers, custom auditors, and custom alerters.It…

CamelishingNEW TOOLSSocial Engineering

Camelishing – Social Engineering Tool

CamelishingSocial Engineering ToolFeaturesBulk email sendingBasic Python Agent CreatorOffice Excel Macro CreatorDDE Excel Creator(or Custom Payload)Return İnformation[Mail Open Track][Agent Open Track]AutoSaveStatistics ReportUser ControlInstallation Modules$ pip install -r requirements.txt$ Install Microsoft OfficeTested and Supported[+]Windows 7[+]Windows 10+SCREENSHOTMail Sender[+]Note : Compress and send the exe file(rar,zip)[+] Start Project : python start.pyMacro CreatorAgent CreatorAgentDDE CreatorGeneral SettingMail SendOpen MailReturn InformationStatistic Reportand more...Contact| Coded Abdulaziz ALTUNTAŞ || Email: [email protected] || Github: github/azizaltuntas || Twitter: @esccopyright |Download Camelishing

NEW TOOLSWeb Services

Scan your exposure to domain and subdomain hijacking over 10’s of cloud providers

Domain Hijacking is a well-known security issue that can be carried in many different ways. In addition to social engineering or unauthorized access to the domain owner’s account, the exploitation of neglected DNS records configured for cloud services is increasingly common. In the latter case, a threat actor (TA) can potentially take control of a subdomain configured for a disused or legacy third party cloud service allowing them to then launch a variety of attacks against your organization.Third party cloud services are an extremely…

AccuracyAltitudeGeolocationLatitudeLongitudeNEW TOOLSPHPSeekerSystem Information

Seeker – Find GeoLocation With High Accuracy

Seeker utilizes HTML5, Javascript, JQuery and PHP to grab Device Information and GeoLocation with High Accuracy.Other tools and services offer IP Geolocation which is not very accurate and does not give location of user. Generally if a user accepts location permsission, Accuracy of the information recieved is accurate to approximately 30 meters. Note : On iPhone due to some reason location accuracy is approximately 65 meters.It Hosts a fake website on Apache Server and uses Ngrok to generate a SSL link which asks for…


AWS Key Disabler – A Small Lambda Script That Will Disable Access Keys Older Than A Given Amount Of Days

The AWS Key disabler is a Lambda Function that disables AWS IAM User Access Keys after a set amount of time in order to reduce the risk associated with old access keys.AWS Lambda ArchitectureSysOps Output for EndUserDeveloper ToolchainCurrent LimitationsA report containing the output (json) of scan will be sent to a single defined sysadmin account, refer to the report_to attribute in the /grunt/package.json build configuration file.Keys are only disabled, not deleted nor replacedPrerequisitesThis script requires the following components to run.Node.js with NPM installed ;

Command LineCrawlerGNUNEW TOOLSNoisyPrivacy OnlineRasberrypiRaspberry PiTraffic GeneratorTraffic Inspection

Noisy – Simple Random DNS, HTTP/S Internet Traffic Noise Generator

A simple python script that generates random HTTP/DNS traffic noise in the background while you go about your regular web browsing, to make your web traffic data less valuable for selling and for extra obscurity.Tested on MacOS High Sierra, Ubuntu 16.04 and Raspbian Stretch and is compatable with both Python 2.7 and 3.6Getting StartedThese instructions will get you a copy of the project up and running on your local machineDependenciesInstall requests if you do not have it already installed, using pip:pip install requestsUsageClone the…

ipv4BypassIPv6KaliNEW TOOLS

ipv4Bypass – Using IPv6 To Bypass Security

Using IPv6 to Bypass Security Dependences (tested on Kali Linux)python2.7nmappython-nmap ()termcolor ()Example on how to run the tool$ python -i eth0 -r $ python -hUsage: [options]Options: -h, --help show this help message and exit -i INTERFACENO Network interface (e.g. eth0) -r IPRANGE Local network IP range (e.g. More informationSee for an explanation on the technique and how the tool works.Download ipv4Bypass