Google CTF
This repository lists most of the challenges used in the Google CTF 2017. The missing challenges are not ready to be open-sourced, or contain third-party code.
IMPORTANT - The code in the 2017 and 2018 folders has unfixed security vulnerabilities. These are there on purpose, and running these on real production infrastructure is not safe.
Read more about the Google CTF here: https://security.googleblog.com/2017/06/announcing-google-capture-flag-2017.html
Note this is not an official Google product
The SUDO(Substitute User and Do) command , allows users to delegate privileges resources proceeding activity logging. In other words users can execute command under root ( or other users) using their own passwords instead of root’s one or without password depending upon sudoers setting.
mimikatz-like for saml
MoonGen is a fully scriptable high-speed packet generator built on DPDK and LuaJIT. It can saturate a 10 Gbit/s connection with 64 byte packets on a single CPU core while executing user-provided Lu...
SpiderFoot is an open source intelligence automation tool. Use it to build intelligence about threats targeting your network, or gather information about your own network before the bad guys do.
Leading source of Security Tools, Hacking Tools, CyberSecurity and Network Security ☣
Printer Exploitation Toolkit PRET is a new tool for printer security testing developed in the scope of a Master's Thesis at Ruhr University Bochum. PRE
EvilAbigail is a Python-based tool that allows you run an automated Evil Maid attack on Linux systems, this is the Initrd encrypted root fs attack.
ptf - The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.
The Cross-site scripting (XSS) game by @Google
via https://twitter.com/therealskildust/status/801519151575605252
In this blog post, I described how I used that certificate in order to pwn victims using a rogue WiFi hotspot.
voir en annexe liste de chipsets wifi plus actuels
SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections.
Debian: apt-get install sslsplit
tutorial https://blog.heckel.xyz/2013/08/04/use-sslsplit-to-transparently-sniff-tls-ssl-connections/
http://www.secuobs.com/news/04042010-pwnat_tunnel_udp_tcp_nat_icmp.shtml
Résumé : PWnat est un outil qui permet d'établir une communication client/serveur entre des hôtes qui sont situés derrière des NAT différents et cela sans avoir à recourir à des configurations externes comme de la redirection de port.
Droidsheep et autres. Ne pas utiliser les liens dans la page... mais plutôt chercher le site d'origine
- DroidSheep [Root] is an Android app for Security analysis in wireless networks and capturing facebook, twitter, linkedin and other accounts.
- DroidSheep Guard is another Android app for monitoring Androids ARP-table. It tries to detect ARP-Spoofing on the network, such as an attack by DroidSheep, FaceNiff and other software.
'tention: apk non dispo, ni non plus semble-t-il le source. L'apk se trouve, gaffe et vérifier les checksum sur le site
cSploit is a free/libre and open source (GPLed) Android network analysis and penetration suite which aims to be the most complete and advanced professional toolkit for IT security experts/geeks to perform network security assessments on a mobile device.