Sandpolis:-- #Ultimate #Remote #Management #utility.
#Sandpolis is a remote administration platform for #servers, #desktop #computers, and anything in-between.
Sandpolis is designed for #sysadmins and #enthusiasts but can be used by anyone once set up. Most users will use Sandpolis via the #JavaFX desktop application or the #iOS #mobile #application.
⚡️Sandpolis is unfinished and therefore should only be used in a #secure #testing environment! ⚡️
Here are some fundamental objectives that Sandpolis tries to achieve:-
1. compatible with as many operating systems as possible
2. #flexible, configurable, and easily extensible to niche applications via #plugins
3. uncompromising on #performance and #security
4. low latency and high concurrency
5. user-friendly
#Download #Link:-
https://github.com/Subterranean-Security/Sandpolis
Sandpolis:-- #Ultimate #Remote #Management #utility.
#Sandpolis is a remote administration platform for #servers, #desktop #computers, and anything in-between.
Sandpolis is designed for #sysadmins and #enthusiasts but can be used by anyone once set up. Most users will use Sandpolis via the #JavaFX desktop application or the #iOS #mobile #application.
⚡️Sandpolis is unfinished and therefore should only be used in a #secure #testing environment! ⚡️
Here are some fundamental objectives that Sandpolis tries to achieve:-
1. compatible with as many operating systems as possible
2. #flexible, configurable, and easily extensible to niche applications via #plugins
3. uncompromising on #performance and #security
4. low latency and high concurrency
5. user-friendly
#Download #Link:-
https://github.com/Subterranean-Security/Sandpolis
#Sandpolis is a remote administration platform for #servers, #desktop #computers, and anything in-between.
Sandpolis is designed for #sysadmins and #enthusiasts but can be used by anyone once set up. Most users will use Sandpolis via the #JavaFX desktop application or the #iOS #mobile #application.
⚡️Sandpolis is unfinished and therefore should only be used in a #secure #testing environment! ⚡️
Here are some fundamental objectives that Sandpolis tries to achieve:-
1. compatible with as many operating systems as possible
2. #flexible, configurable, and easily extensible to niche applications via #plugins
3. uncompromising on #performance and #security
4. low latency and high concurrency
5. user-friendly
#Download #Link:-
https://github.com/Subterranean-Security/Sandpolis
Sandpolis:-- #Ultimate #Remote #Management #utility.
#Sandpolis is a remote administration platform for #servers, #desktop #computers, and anything in-between.
Sandpolis is designed for #sysadmins and #enthusiasts but can be used by anyone once set up. Most users will use Sandpolis via the #JavaFX desktop application or the #iOS #mobile #application.
⚡️Sandpolis is unfinished and therefore should only be used in a #secure #testing environment! ⚡️
Here are some fundamental objectives that Sandpolis tries to achieve:-
1. compatible with as many operating systems as possible
2. #flexible, configurable, and easily extensible to niche applications via #plugins
3. uncompromising on #performance and #security
4. low latency and high concurrency
5. user-friendly
#Download #Link:-
https://github.com/Subterranean-Security/Sandpolis
WindowsSpyBlocker:-- #Block #spying and #tracking on #Windows
#WindowsSpyBlocker is an #application written in #Go and delivered as a single #executable to block spying and tracking on Windows #systems.
The approach of this project is to capture and interpret #network #traffic based on a set of #tools. Depending on the interactions between services and source or #destination of traffic, rules are created and sorted by #assignment.
#Downlaod #Link:-
https://github.com/crazy-max/WindowsSpyBlocker
WindowsSpyBlocker:-- #Block #spying and #tracking on #Windows
#WindowsSpyBlocker is an #application written in #Go and delivered as a single #executable to block spying and tracking on Windows #systems.
The approach of this project is to capture and interpret #network #traffic based on a set of #tools. Depending on the interactions between services and source or #destination of traffic, rules are created and sorted by #assignment.
#Downlaod #Link:-
https://github.com/crazy-max/WindowsSpyBlocker
#WindowsSpyBlocker is an #application written in #Go and delivered as a single #executable to block spying and tracking on Windows #systems.
The approach of this project is to capture and interpret #network #traffic based on a set of #tools. Depending on the interactions between services and source or #destination of traffic, rules are created and sorted by #assignment.
#Downlaod #Link:-
https://github.com/crazy-max/WindowsSpyBlocker
WindowsSpyBlocker:-- #Block #spying and #tracking on #Windows
#WindowsSpyBlocker is an #application written in #Go and delivered as a single #executable to block spying and tracking on Windows #systems.
The approach of this project is to capture and interpret #network #traffic based on a set of #tools. Depending on the interactions between services and source or #destination of traffic, rules are created and sorted by #assignment.
#Downlaod #Link:-
https://github.com/crazy-max/WindowsSpyBlocker
Photos from National Cyber Security Services's post
Tishna:-- Complete #Automated #pentest #framework for #Servers, #Application #Layer to #Web #Security.
Software have 61 Options with full #automation and can be used for web security #swiss #knife.
Brief Introduction:-
1. #Tishna is useful in #Banks, #Private #Organisations and #Ethical #hacker personnel for legal #auditing.
2. It serves as a #defense method to find as much information possible for gaining unauthorized access and intrusion.
3. With the emergence of more #advanced #technology, cybercriminals have also found more ways to get into the system of many organizations.
4. Tishna #software can audit, servers and web-behavior.
5. Tishna can perform #Scanning & #Enumeration as much as possible of the target.
6. It’s the first step to stop #cyber #criminals by securing your Servers and Web Application Security.
7. Tishna is false positive free when there is something it will show no matter what, if it is not, it will give blank results rather error.
#Download #Link:-
https://github.com/haroonawanofficial/Tishna
Tishna:-- Complete #Automated #pentest #framework for #Servers, #Application #Layer to #Web #Security.
Software have 61 Options with full #automation and can be used for web security #swiss #knife.
Brief Introduction:-
1. #Tishna is useful in #Banks, #Private #Organisations and #Ethical #hacker personnel for legal #auditing.
2. It serves as a #defense method to find as much information possible for gaining unauthorized access and intrusion.
3. With the emergence of more #advanced #technology, cybercriminals have also found more ways to get into the system of many organizations.
4. Tishna #software can audit, servers and web-behavior.
5. Tishna can perform #Scanning & #Enumeration as much as possible of the target.
6. It’s the first step to stop #cyber #criminals by securing your Servers and Web Application Security.
7. Tishna is false positive free when there is something it will show no matter what, if it is not, it will give blank results rather error.
#Download #Link:-
https://github.com/haroonawanofficial/Tishna
Photos from National Cyber Security Services's post
PwnDoc:-- #Pentesting #report generator.
#PwnDoc is a #pentest reporting #application making it simple and easy to write your findings and generate a customizable docx report. The main goal is to have more time to Pwn and less time to Doc by mutualizing data like #vulnerabilities between users.
#Download #Link:-
https://github.com/pwndoc/pwndoc
PwnDoc:-- #Pentesting #report generator.
#PwnDoc is a #pentest reporting #application making it simple and easy to write your findings and generate a customizable docx report. The main goal is to have more time to Pwn and less time to Doc by mutualizing data like #vulnerabilities between users.
#Download #Link:-
https://github.com/pwndoc/pwndoc
secDevLabs:-- A #laboratory for learning #secure #web #development in a #practical manner.
By provisioning local #environments via docker-compose, you will learn how the most #critical web #application #security risks are #exploited and how these #vulnerable codes can be fixed to mitigate them.
After forking this repository, you will find multiple intended vulnerable apps based on real-life scenarios in various languages such as #Golang, #Python and #PHP. A good start would be installing the ones you are most familiar with. You can find instructions to do this on each of the apps.
#Download #Link:-
https://github.com/globocom/secDevLabs
secDevLabs:-- A #laboratory for learning #secure #web #development in a #practical manner.
By provisioning local #environments via docker-compose, you will learn how the most #critical web #application #security risks are #exploited and how these #vulnerable codes can be fixed to mitigate them.
After forking this repository, you will find multiple intended vulnerable apps based on real-life scenarios in various languages such as #Golang, #Python and #PHP. A good start would be installing the ones you are most familiar with. You can find instructions to do this on each of the apps.
#Download #Link:-
https://github.com/globocom/secDevLabs
By provisioning local #environments via docker-compose, you will learn how the most #critical web #application #security risks are #exploited and how these #vulnerable codes can be fixed to mitigate them.
After forking this repository, you will find multiple intended vulnerable apps based on real-life scenarios in various languages such as #Golang, #Python and #PHP. A good start would be installing the ones you are most familiar with. You can find instructions to do this on each of the apps.
#Download #Link:-
https://github.com/globocom/secDevLabs
secDevLabs:-- A #laboratory for learning #secure #web #development in a #practical manner.
By provisioning local #environments via docker-compose, you will learn how the most #critical web #application #security risks are #exploited and how these #vulnerable codes can be fixed to mitigate them.
After forking this repository, you will find multiple intended vulnerable apps based on real-life scenarios in various languages such as #Golang, #Python and #PHP. A good start would be installing the ones you are most familiar with. You can find instructions to do this on each of the apps.
#Download #Link:-
https://github.com/globocom/secDevLabs
InjuredAndroid:-- A #Vulnerable #Android #Application That Shows Simple Examples Of #Vulnerabilities In A #CTF Style.
Setup for a physical device:-
1. Download injuredandroid.apk from #Github
2. Enable #USB debugging on your Android test phone.
3. Connect your phone and your pc with a #USB cable.
4. Install via ADB. ADB install injuredandroid.apk. Note: You need to use the absolute path to the .apk file or be in the same directory.
Setup for an Android #Emulator using Android Studio:-
1. Download the #APK file.
2. Start the emulator from Android Studio (I recommend downloading an emulator with #Google #APIs so #root adb can be enabled).
3. Drag and drop the .apk file on the emulator and injuredandroid.apk will install.
#Download #Link:-
https://github.com/B3nac/InjuredAndroid
InjuredAndroid:-- A #Vulnerable #Android #Application That Shows Simple Examples Of #Vulnerabilities In A #CTF Style.
Setup for a physical device:-
1. Download injuredandroid.apk from #Github
2. Enable #USB debugging on your Android test phone.
3. Connect your phone and your pc with a #USB cable.
4. Install via ADB. ADB install injuredandroid.apk. Note: You need to use the absolute path to the .apk file or be in the same directory.
Setup for an Android #Emulator using Android Studio:-
1. Download the #APK file.
2. Start the emulator from Android Studio (I recommend downloading an emulator with #Google #APIs so #root adb can be enabled).
3. Drag and drop the .apk file on the emulator and injuredandroid.apk will install.
#Download #Link:-
https://github.com/B3nac/InjuredAndroid
Setup for a physical device:-
1. Download injuredandroid.apk from #Github
2. Enable #USB debugging on your Android test phone.
3. Connect your phone and your pc with a #USB cable.
4. Install via ADB. ADB install injuredandroid.apk. Note: You need to use the absolute path to the .apk file or be in the same directory.
Setup for an Android #Emulator using Android Studio:-
1. Download the #APK file.
2. Start the emulator from Android Studio (I recommend downloading an emulator with #Google #APIs so #root adb can be enabled).
3. Drag and drop the .apk file on the emulator and injuredandroid.apk will install.
#Download #Link:-
https://github.com/B3nac/InjuredAndroid
InjuredAndroid:-- A #Vulnerable #Android #Application That Shows Simple Examples Of #Vulnerabilities In A #CTF Style.
Setup for a physical device:-
1. Download injuredandroid.apk from #Github
2. Enable #USB debugging on your Android test phone.
3. Connect your phone and your pc with a #USB cable.
4. Install via ADB. ADB install injuredandroid.apk. Note: You need to use the absolute path to the .apk file or be in the same directory.
Setup for an Android #Emulator using Android Studio:-
1. Download the #APK file.
2. Start the emulator from Android Studio (I recommend downloading an emulator with #Google #APIs so #root adb can be enabled).
3. Drag and drop the .apk file on the emulator and injuredandroid.apk will install.
#Download #Link:-
https://github.com/B3nac/InjuredAndroid
#Django-DefectDojo:--
#DefectDojo is an #open-source #application #vulnerability correlation and #security #orchestration #tool.
DefectDojo is a security program and vulnerability #management tool. DefectDojo allows you to manage your application #security #program, maintain product and application #information, schedule #scans, triage #vulnerabilities and push findings into #defect trackers. Consolidate your findings into one source of truth with #DefectDojo.
#Download #Link:-
https://github.com/DefectDojo/django-DefectDojo
#Django-DefectDojo:--
#DefectDojo is an #open-source #application #vulnerability correlation and #security #orchestration #tool.
DefectDojo is a security program and vulnerability #management tool. DefectDojo allows you to manage your application #security #program, maintain product and application #information, schedule #scans, triage #vulnerabilities and push findings into #defect trackers. Consolidate your findings into one source of truth with #DefectDojo.
#Download #Link:-
https://github.com/DefectDojo/django-DefectDojo
#DefectDojo is an #open-source #application #vulnerability correlation and #security #orchestration #tool.
DefectDojo is a security program and vulnerability #management tool. DefectDojo allows you to manage your application #security #program, maintain product and application #information, schedule #scans, triage #vulnerabilities and push findings into #defect trackers. Consolidate your findings into one source of truth with #DefectDojo.
#Download #Link:-
https://github.com/DefectDojo/django-DefectDojo
#Django-DefectDojo:--
#DefectDojo is an #open-source #application #vulnerability correlation and #security #orchestration #tool.
DefectDojo is a security program and vulnerability #management tool. DefectDojo allows you to manage your application #security #program, maintain product and application #information, schedule #scans, triage #vulnerabilities and push findings into #defect trackers. Consolidate your findings into one source of truth with #DefectDojo.
#Download #Link:-
https://github.com/DefectDojo/django-DefectDojo
Photos from National Cyber Security Services's post
BlackWidow:-- A #Python-based #web #application #scanner to gather #OSINT and fuzz for #OWASP #vulnerabilities on a target website.
#BlackWidow is a python based web application spider to gather #subdomains, #URL's, #dynamic #parameters, #email addresses and #phone numbers from a #target #website. This project also includes Inject-X fuzzer to scan dynamic URL's for common OWASP vulnerabilities.
#FEATURES:-
1. Automatically collect all URL's from a target website
2. Automatically collect all dynamic URL's and parameters from a target website
3. Automatically collect all subdomains from a target website
4. Automatically collect all phone numbers from a target website
5. Automatically collect all email addresses from a target website
6. Automatically collect all form URL's from a target website
7. Automatically scan/fuzz for common OWASP TOP vulnerabilities
8. Automatically saves all data into sorted text files
#Download #Link:-
https://github.com/1N3/BlackWidow
BlackWidow:-- A #Python-based #web #application #scanner to gather #OSINT and fuzz for #OWASP #vulnerabilities on a target website.
#BlackWidow is a python based web application spider to gather #subdomains, #URL's, #dynamic #parameters, #email addresses and #phone numbers from a #target #website. This project also includes Inject-X fuzzer to scan dynamic URL's for common OWASP vulnerabilities.
#FEATURES:-
1. Automatically collect all URL's from a target website
2. Automatically collect all dynamic URL's and parameters from a target website
3. Automatically collect all subdomains from a target website
4. Automatically collect all phone numbers from a target website
5. Automatically collect all email addresses from a target website
6. Automatically collect all form URL's from a target website
7. Automatically scan/fuzz for common OWASP TOP vulnerabilities
8. Automatically saves all data into sorted text files
#Download #Link:-
https://github.com/1N3/BlackWidow
Photos from National Cyber Security Services's post
Android Application Analyzer:-- The #tool is used to #analyze the content of the #android #application in local storage.
Install the dependency using following #command:-
1. chmod +x setup.sh
2. ./setup.sh
Use the following command to run the tool:
1. python3 main.py
In order to run "Fridump" and "Frida #universal #ssl unpinning" script, #Frida client must be installed on base machine
#Download #Link:-
https://github.com/NotSoSecure/android_application_analyzer
Android Application Analyzer:-- The #tool is used to #analyze the content of the #android #application in local storage.
Install the dependency using following #command:-
1. chmod +x setup.sh
2. ./setup.sh
Use the following command to run the tool:
1. python3 main.py
In order to run "Fridump" and "Frida #universal #ssl unpinning" script, #Frida client must be installed on base machine
#Download #Link:-
https://github.com/NotSoSecure/android_application_analyzer