xss2png
▲ requirements :
➜ To use :
https://github.com/vavkamil/xss2png?tab=readme-ov-file
▲ requirements :
Pillow==6.2.0
➜ To use :
python3 xss2png.py -p <your payload> -o xss.png
https://github.com/vavkamil/xss2png?tab=readme-ov-file
GitHub
GitHub - vavkamil/xss2png: PNG IDAT chunks XSS payload generator
PNG IDAT chunks XSS payload generator. Contribute to vavkamil/xss2png development by creating an account on GitHub.
👍6❤2
Android & IOS Security
a useful article about android and ios security with various resources (in Russian 'some resources are in English')
https://habr.com/en/companies/swordfish_security/articles/660179/?fbclid=IwY2xjawIQW3NleHRuA2FlbQIxMQABHZ3Scph3hott5AH6Xn756Ym_LTMVGYySo1r7jrgo6NpVRAZNMcNeRTFgFA_aem_d5dxt5cnAFrhHrdXkk1qzw
Habr
Подборка материалов по мобильной безопасности «Awesome Mobile Security»
Привет, Хабр! Меня зовут Юрий Шабалин, я один из основателей компании "Стингрей Технолоджиз" (входит в группу компаний Swordfish Security), мы разрабатываем платформу анализа защищенности мобильных...
❤5👍2
Sir Mohamed Fathy had started a great playlist in Android security for free on YouTube
unfortunately it is in Arabic so not all people will find that useful
https://youtube.com/playlist?list=PLhgtN5PV5kNRNzE4BiFBxSDcih4eiUymb
unfortunately it is in Arabic so not all people will find that useful
https://youtube.com/playlist?list=PLhgtN5PV5kNRNzE4BiFBxSDcih4eiUymb
❤12👎3👍2💔1
▲Security Threat
This phishing email is sent to a lot of people who have repository on github saying that your email is logged in from a device in Iceland 🇮🇸 asking you to change your password or review your activity after that they can takeover your account
ⓘ That email is well crafted so be careful
➜ Please don't click on any links
◉ Keep safe @reverseengineer101
This phishing email is sent to a lot of people who have repository on github saying that your email is logged in from a device in Iceland 🇮🇸 asking you to change your password or review your activity after that they can takeover your account
ⓘ That email is well crafted so be careful
➜ Please don't click on any links
◉ Keep safe @reverseengineer101
👍15❤8😱4
The European Union has released their own linux distro Eu-OS based fedora distribution
https://eu-os.gitlab.io/
https://eu-os.gitlab.io/
EU OS Proof-of-Concept
EU OS
Proof-of-Concept OS for the EU
🤡11🤨6🥴1
APKLEAKS
• apkleaks is a powerful tool (based on Jadx) to extract :
▲ secrets from apk
▲ URLs/endpoints
▲ IP adresses
▲ general info about the authorization
▲ more and more
• apkleaks supports :
ⓘ JSON output format
ⓘ Custom patterns/outputs
ⓘ Windows/Linux/Android(Termux)
• installation :
▲ Docker
▲ pip/pip3
▲ git
Github : https://github.com/dwisiswant0/apkleaks
Shared by @reverseengineer101
• apkleaks is a powerful tool (based on Jadx) to extract :
▲ secrets from apk
▲ URLs/endpoints
▲ IP adresses
▲ general info about the authorization
▲ more and more
• apkleaks supports :
ⓘ JSON output format
ⓘ Custom patterns/outputs
ⓘ Windows/Linux/Android(Termux)
• installation :
▲ Docker
docker pull dwisiswant0/apkleaks:latest
▲ pip/pip3
pip3 install apkleaks
▲ git
git clone https://github.com/dwisiswant0/apkleaks
cd apkleaks/
pip3 install -r requirements.txt
Github : https://github.com/dwisiswant0/apkleaks
Shared by @reverseengineer101
❤13👍7👏2💯1
Waydroid
A container-based approach to boot a full Android system on regular GNU/Linux systems running Wayland based desktop environments.
https://waydro.id
A container-based approach to boot a full Android system on regular GNU/Linux systems running Wayland based desktop environments.
https://waydro.id
🥰5❤3👍2🔥2👏1💯1
GDA(GJoy Dex Analyzer)
Is a great tool for android apks analysis and reverse engineering, also a great alternative of Jadx-gui since it's so fast (based on C++)
https://github.com/charles2gan/GDA-android-reversing-Tool
Is a great tool for android apks analysis and reverse engineering, also a great alternative of Jadx-gui since it's so fast (based on C++)
https://github.com/charles2gan/GDA-android-reversing-Tool
❤7👏2👍1
If you have trouble with programs or exe that only runs on Windows while you are using Linux
You can simply use wine to run these on your linux machine
Official website : https://www.winehq.org/
You can use apt to install as well (I tested on Debian based distros)
@reverseengineer101
You can simply use wine to run these on your linux machine
Wine (originally an acronym for "Wine Is Not an Emulator") is a compatibility layer capable of running Windows applications on several POSIX-compliant operating systems, such as Linux, macOS, & BSD. Instead of simulating internal Windows logic like a virtual machine or emulator, Wine translates Windows API calls into POSIX calls on-the-fly, eliminating the performance and memory penalties of other methods and allowing you to cleanly integrate Windows applications into your desktop.
Official website : https://www.winehq.org/
You can use apt to install as well (I tested on Debian based distros)
@reverseengineer101
WineHQ
WineHQ - Run Windows applications on Linux, BSD, Solaris and macOS
Open Source Software for running Windows applications on other operating systems.
🔥4
a great collection of courses in different fields
https://github.com/Developer-Y/cs-video-courses?fbclid=IwY2xjawKhlLFleHRuA2FlbQIxMQABHiKUJ7UbJTd3xUZ-VRe-w6vfjO10_bn7VyKvVUb-5iDYz7dZqpmnhny6rE4a_aem_6nZlFeBlHrxEhfKPr0ei7w#math-for-computer-scientist
@reverseengineer101
https://github.com/Developer-Y/cs-video-courses?fbclid=IwY2xjawKhlLFleHRuA2FlbQIxMQABHiKUJ7UbJTd3xUZ-VRe-w6vfjO10_bn7VyKvVUb-5iDYz7dZqpmnhny6rE4a_aem_6nZlFeBlHrxEhfKPr0ei7w#math-for-computer-scientist
@reverseengineer101
GitHub
GitHub - Developer-Y/cs-video-courses: List of Computer Science courses with video lectures.
List of Computer Science courses with video lectures. - Developer-Y/cs-video-courses
❤5👍5
APKWeaker : https://github.com/Dark-Night0/APKWeaker
APKWeaker is a command-line tool designed to simplify the process of modifying Android APKs for testing and debugging purposes It automates the process of pulling APKs from the Android emulator, decompiling them, injecting networkSecurityConfiguration into the base.apk if the application uses Split Packages to allow ClearTextTraffic (HTTP), forcing the application to trust a certificate (user, system), rebuilding the APKs, and signing them for reinstallation
GitHub
GitHub - mohammed-1337/APKWeaker
Contribute to mohammed-1337/APKWeaker development by creating an account on GitHub.
👍9❤4🥰2
Jwt_tool crack and attack json web tokens
https://github.com/ticarpi/jwt_tool
Its functionality includes:
Checking the validity of a token
Testing for known exploits:
(CVE-2015-2951) The alg=none signature-bypass vulnerability
(CVE-2016-10555) The RS/HS256 public key mismatch vulnerability
(CVE-2018-0114) Key injection vulnerability
(CVE-2019-20933/CVE-2020-28637) Blank password vulnerability
(CVE-2020-28042) Null signature vulnerability
(CVE-2022-21449) Psychic Signature ECDSA vulnerability
Scanning for misconfigurations or known weaknesses
Fuzzing claim values to provoke unexpected behaviours
Testing the validity of a secret/key file/Public Key/JWKS key
Identifying weak keys via a High-speed Dictionary Attack
Forging new token header and payload contents and creating a new signature with the key or via another attack method
Timestamp tampering
RSA and ECDSA key generation, and reconstruction (from JWKS files)
Rate-limiting for all attacks
...and lots more!
https://github.com/ticarpi/jwt_tool
GitHub
GitHub - ticarpi/jwt_tool: :snake: A toolkit for testing, tweaking and cracking JSON Web Tokens
:snake: A toolkit for testing, tweaking and cracking JSON Web Tokens - ticarpi/jwt_tool
❤5👍3🥰2🥱1
Forwarded from pancake
a new release of the reai plugin is out
🔥2🥰1
Exodia OS
A highly customized arch-based distro For All Cybersecurity fields
https://exodia-os.github.io
A highly customized arch-based distro For All Cybersecurity fields
https://exodia-os.github.io
😁4👍3🔥2❤1
https://www.darkentry.net
Check your email's or work's email password if it has been breached for free without registration
This check is based on hackers data bases and what's leaked on dark web
Dark entry is a trusted source and they are monitoring the dark web as well so if you have your own company they can help you, managed by Ebrahem Hegazy
Post by, @reverseengineer101
Check your email's or work's email password if it has been breached for free without registration
This check is based on hackers data bases and what's leaked on dark web
Dark entry is a trusted source and they are monitoring the dark web as well so if you have your own company they can help you, managed by Ebrahem Hegazy
Post by, @reverseengineer101
darkentry.net
Dark Entry
Dark Entry is a Dark Web Monitoring platform specialized in Breach notification
❤9