Discover CiscoCXSecurity/unix-audit Open Source project

SQL Injection Exploitation Tool

936

bbqsql

NeoPI

linikatz

linikatz is a tool to attack AD on UNIX

425

creddump7

rdp-sec-check is a Perl script to enumerate security settings of an RDP Service (AKA Terminal Services)

357

rdp-sec-check

166

suddensix

IPV6 MITM attack tool

udp-proto-scanner is a Perl script which discovers UDP services by sending triggers to a list of hosts

udp-proto-scanner

A collection of tools and resources to explore MPTCP on your network. Initially released at Black Hat USA 2014.

mptcp-abuse

udpy_proto_scanner is a Python script which discovers UDP services by sending triggers to a list of hosts

udpy_proto_scanner

Exfiltrate data with QR code videos generated from files by HTML5/JS.

QRCode-Video-Data-Exfiltration

JavaScript

presentations

Presentations from the CX Security Labs team

ssl-cipher-suite-enum

ssl-cipher-suite enum is a Perl script to enumerate supported SSL cipher suites supported by network services (principally HTTPS)

sslxray is an SSL/TLS scanning tool designed to detect a wide range of issues

sslxray

Detection rules to look for Log4J usage and exploitation

log4j

YARA

http-dir-enum

http-dir-enum is a tool for finding content that is not linked on a website. Its main use is for finding directories that exist on a server. Simply provide a dictionary file and a URL.

Injectable Windows DLL which enforces a W^X memory policy on a process

httpShell

CoffeeScript

WXPolicyEnforcer

sudo-parser

sudo-parser is a tool to audit complex sudoers files

Archive from the article CVE-2015-5119 Flash ByteArray UaF: A beginner's walkthrough

CVE-2015-5119_walkthrough

ActionScript

tlsplayback

tlsplayback is a set of Proof of Concepts (PoC) showing real-world replay attacks against TLS 1.3 libraries and browsers by exploiting 0-RTT

MAT is a tool to assess mobile applications

mat

HTML

secdump

secdump is a simple meterpreter module that uploads and runs gsecdump

Ruby

FreeRDP-pth

FreeRDP-pth is a slightly modified version of FreeRDP that tries to authenticate using a password hash instead of a password

onesixtyone

Onesixtyone is an SNMP scanner that sends multiple SNMP requests to multiple IP addresses, trying different community strings and waiting for replies

SSHatter

SSHatter is a Perl script to perform brute force attacks on SSH

UNIXSocketScanner is a Perl script to scan UNIX domain sockets

UNIXSocketScanner

cspCalculator is a PoC implementation of a dynamic Content Security Policy creator

cspCalculator

JavaScript

ms08-067-check

MS08-067 check is Python script which can anonymously check if a target machine or a list of target machines are affected by MS08-067 vulnerability

allthevhosts is a tool to scrape a series of web applications (including Bing and You Get Signal’s database) and looks at Subject Alternative Names in the SSL certificate to find as many web applications which resolve to an IP address as possible

allthevhosts

PowerShell PoC for detecting horizontal user brute force attacks

detect-horizontal-user-brute-force-attack

PowerShell

rmiInfo

rmiInfo is a tool to help extract information from Java Remote Method Invocation (RMI) services, which can then be used to find possible security vulnerabilities

Java

bsql-brute-forcer

bsql-brute-forcer is a Perl script allows extraction of data from Blind SQL Injections

iker is a Python script to analyse the security of the key exchange phase in IPsec based VPNs

iker

NBTscan is a program for scanning IP networks for NetBIOS name information

nbtscan

hoppy

hoppy is a Python script to probe HTTP options and perform scanning for information disclosure issues

ownCloud PoC for CVE-2013-0303

ownCloud_RCE_CVE-2013-0303

acccheck is a Perl script is designed as a password dictionary attack tool that targets windows authentication via the SMB protocol

acccheck

massSSgrab is a tool that uses the JCIFS library to grab copies of both system and SAM files from “C:\windows\repair\” directory from multiple hosts

massSSgrab

Java

vessl

vessl is a bash script that can fetch and verify the SSL certificate of a remote server

Protocol analysis is a Python module which can be used in scripted analysis or interactively using ipython

protoanal

Fast cross-platform TCP Connect Scanner written in Python

tcpy_scanner

Viewstate is an ASP.Net viewstate decoder, checker, parser and encoder

viewstate

NVAPT

NVAPT is a set of shell scripts for a Not Very Advanced Persistent Threat PoC for iOS

apache-users is a Perl script for finding user home directories that are exposed from Apache web server

apache-users

AMES is a tool to parse the new Nessus output files and autogenerate an easy to copy and paste command line exploit using Metasploit CLI

AMES

OSBoxDeploy is a set of Ansible playbooks and associated artefacts to deploy OpenStack compute hosted Docker containers. It is work in progress, so do not expect too much, too soon

osboxdeploy

MIBparse.pl has been designed as an offline parser to quickly parse output from SNMP tools such as ‘snmpwalk’

MIBparse

BannerGrab is a tool that performs connection, trigger-based and basic information collection from network services

bannergrab

openssl3-nov2022

Detection rules to look for OpenSSL 3.x usage and exploitation

ManySSL

ManySSL is a Perl script to enumerate supported SSL cipher suites supported by network services (principally HTTPS)

smaSHeM is a System V shared memory segment manipulator

smaSHeM

WordPress Build Review is a tool to check the basic security settings in a WordPress installation

wordpress-build-review

RPDscan (Remmina Password Decrypt Scanner) is a tool to find and decrypt saved passwords in Remmina RDP configurations

RPDscan

crash is a tool to catch crashes from OS X applications and print debugging information such as registers, disassembled code and a memory dump of the stack

crash

mysql-bruteforcer

MySQL Bruteforcer is a Python script to assess the strength of the local MySQL access passwords

Papers from the CX Security Labs team

whitepapers

HeaderCheck

HeaderCheck is a Python script used to check the security settings of various headers returned by web servers

get-dhcp-opts is a tool to discover DHCP/BOOTP servers on your LAN, and dump the DHCP/BOOTP options

get-dhcp-opts

whoislikeaboss is a tool that takes the IP addresses given in a file (one per line), and will give you the range and owner of each of the addresses (with duplicates removed) so you can spot anything that looks fishy before you start testing

whoislikeaboss

winlanfoe is a tool that parses the output from enum4linux and displays Domain/Workgroup membership, IP address, Operating System (OS) information and if a host is a domain controller

winlanfoe