Websurfx (https://github.com/neon-mmd/websurfx ) is an open source meta–search system, an alternative to the famous Searx, which focuses on privacy, security and speed
Websurf offers results without ads, has nine color schemes. The project is written in Rust
⤷ Link to the project (https://github.com/neon-mmd/websurfx )
bootlicker is a legacy, extensible UEFI firmware (https://www.kitploit.com/search/label/Firmware) rootkit targeting vmware hypervisor (https://www.kitploit.com/search/label/Hypervisor) virtual machines. It is designed to achieve initial code execution within the context of the windows kernel, regardless of security settings configured.
bootlicker takes its design from the legacy CosmicStrain, MoonBounce, and ESPECTRE rootkits to achive arbitrary code excution without triggering patchguard (https://www.kitploit.com/search/label/PatchGuard) or other related security mechanisms. After initial insertion into a UEFI driver firmware using the the injection utility (https://github.com/realoriginal/bootlicker/blob/master/scripts/inject.py), the shellcodes (https://www.kitploit.com/search/label/Shellcodes) EfiMain (https://github.com/realoriginal/bootlicker/blob/master/bootkit/EfiMain.c) achieves execution as the host starts up, and inserts a hook into the UEFI firmware's ExitBootServices routine (https://github.com/realoriginal/bootlicker/blob/master/bootkit/ExitBootServices.c). The ExitBootServices routine will then, on execution, find the source caller of the function, and if it matches WinLoad.EFI, attempts to find the unexported winload.efi!OslArchTransferToKernel routine, which will allow us to att ack the booting kernel before it achieves its initial execution. Once OslArchTransferToKernel (https://github.com/realoriginal/bootlicker/blob/master/bootkit/OslArchTransferToKernel.c) executes, it will search for the ACPI.SYS driver, find the .rsrc PE section, and inject a small stager shellcode entrypoint called DrvMain (https://github.com/realoriginal/bootlicker/blob/master/bootkit/DrvMain.c) to copy over a larger payload that will act as our kernel implant. Resources Entirely based upon d_olex / cr4sh's DmaBackdoorBoot (https://github.com/Cr4sh/s6_pcie_microblaze/tree/master/python/payloads/DmaBackdoorBoot) Epilogue This code is apart of a larger project I've been working on that on / off in between burnout, like most of the concepts I've produced over the years under various aliases, will never see the light of day. Some of the code comments I've been to lazy to strip out that refer to unrelated functiaonlity, despite it being previously present. Do not expect this to work out of the box, some slight modifications are certainly necessary.
A GPT-empowered penetration testing (https://www.kitploit.com/search/label/Penetration Testing) tool.
www.kitploit.com
github.com
Configure the cookies (https://www.kitploit.com/search/label/Cookies) in config
dupeGuru
dupeGuru is a cross—platform (GNU/Linux, (https://t.me/open_source_friend ) OS X, (https://t.me/open_source_friend ) Windows) a tool with a graphical interface to search for duplicate files in the system.
(https://t.me/open_source_friend)https://github.com/arsenetar/dupeguru
Mods
This is a tool, (https://t.me/open_source_friend ) simplifying the use of AI in the command line and in the pipeline
github.com
Automatic query builder for Google dorking
If you are tired of typing a lot of Google-dorks for various files during your OSINT exploration, then you can use FilePhish (https://cartographia .github.io/FilePhish /) — automatic query constructor for the most popular file extensions.
Enola Holmes - CLI tool
It is an improved sister of the Sherlock utility and a modern CLI tool written with Golang to help you track down social media accounts by username on social media.
⏺ Link to GitHub (https://github.com/sherlock-project/enola )
🖥 dtreevis (https://github.com/parrt/dtreeviz ): a tool for visualizing and interpreting decision trees
BEST 10 WEBSITE THAT EVERY PROFESSIONAL HACKER USE
These Website helps you to find BUG, Vulnerabilities, lookup DNS records, email verification tool, find IOT device and bugs in android etc.
**Website LIST
Cyber Security Paid Course Collection 
Basics
Reconnaissance and Footprinting
Network Scanning
mega.nz
Enumeration
Firewalls HIDs Honeypot
mega.nz
Malware and Threats
Mobile Platform
mega.nz
Pentesting
Sql Injection
System Hacking
Web Application
Wireless Network
Cloud Computing
Web Server
Social Engineering
Session Hijacking
Sniffing
BufferOverflow
Cryptography
Denial Of Service
Pbh
VMware Memory Analysis with MemProcFS
blog.ecapuano.com
Large selection of various OSINT tools
PART 1🪬
1. Geoestimation (https://labs.tib.eu/geoestimation /) — assesses the location of the photo using AI;
2. Sondehub (https://sondehub.org /) — a map of radiosondes with a detailed description;
3. Skydb (https://www.skydb.net /)— information about various buildings;
4. EarthCam (https://www.earthcam.com/)— aggregator of working webcams around the world;
5. Scyscrapepage (https://skyscraperpage.com /) — information about skyscrapers;
6. Peakvisor (http://peakvisor.com/)— contains data on more than 1,000,000 mountains around the world;
7. Resource Watch (https://resourcewatch.org/data/explore ) — provides hundreds of datasets about the state of resources and inhabitants of the planet;
8. Airportwebcams (https://airportwebcams.net /) — aggregator of webcams in various airports around the world;
9. FIRMS (https://firms.modaps.eosdis.nasa.gov/map/#d:24hrs ;@0.0,0.0,3z)- — map of fires, close to real time (delay ~3 hours);
10. OpenInfraMap (https://openinframap.org/#2/26/12 ) — the map contains power lines, telecommunications, solar, oil, gas, water infrastructure around the world;
PEzor is an open source tool for bypassing antivirus solutions
The implementation and the principle of operation of this tool can be read in the author's blog.
(https://iwantmore.pizza/posts/PEzor.html) ⏺ Link to GitHub
Hacking with an image. The PHP payload is in the image.
Using the php-jpeg-injector tool (https://github.com/dlegs/php-jpeg-injector .git) it is possible to make attacks on web applications that run the image.jpeg via the PHP GD graphics library.
The tool creates a new one .jpeg file with PHP payload. Infected .The jpeg file is launched via the PHP gd library. PHP interprets the payload entered in jpeg and executes it.
⏺ Link to GitHub
Automated search for confidential data
A new tool called back-me-up (https://github.com/Dheerajmadhukar/back-me-up ) allows you to check the leakage of confidential data using some templates/regular expressions. The templates are mainly aimed at data from the Wayback Machine.
⏺ Link to GitHub
Powerful web application scanner combining a wide range of tools
⏺ Link to GitHub
Websurf offers results without ads, has nine color schemes. The project is written in Rust
⤷ Link to the project (https://github.com/neon-mmd/websurfx )
bootlicker is a legacy, extensible UEFI firmware (https://www.kitploit.com/search/label/Firmware) rootkit targeting vmware hypervisor (https://www.kitploit.com/search/label/Hypervisor) virtual machines. It is designed to achieve initial code execution within the context of the windows kernel, regardless of security settings configured.
bootlicker takes its design from the legacy CosmicStrain, MoonBounce, and ESPECTRE rootkits to achive arbitrary code excution without triggering patchguard (https://www.kitploit.com/search/label/PatchGuard) or other related security mechanisms. After initial insertion into a UEFI driver firmware using the the injection utility (https://github.com/realoriginal/bootlicker/blob/master/scripts/inject.py), the shellcodes (https://www.kitploit.com/search/label/Shellcodes) EfiMain (https://github.com/realoriginal/bootlicker/blob/master/bootkit/EfiMain.c) achieves execution as the host starts up, and inserts a hook into the UEFI firmware's ExitBootServices routine (https://github.com/realoriginal/bootlicker/blob/master/bootkit/ExitBootServices.c). The ExitBootServices routine will then, on execution, find the source caller of the function, and if it matches WinLoad.EFI, attempts to find the unexported winload.efi!OslArchTransferToKernel routine, which will allow us to att ack the booting kernel before it achieves its initial execution. Once OslArchTransferToKernel (https://github.com/realoriginal/bootlicker/blob/master/bootkit/OslArchTransferToKernel.c) executes, it will search for the ACPI.SYS driver, find the .rsrc PE section, and inject a small stager shellcode entrypoint called DrvMain (https://github.com/realoriginal/bootlicker/blob/master/bootkit/DrvMain.c) to copy over a larger payload that will act as our kernel implant. Resources Entirely based upon d_olex / cr4sh's DmaBackdoorBoot (https://github.com/Cr4sh/s6_pcie_microblaze/tree/master/python/payloads/DmaBackdoorBoot) Epilogue This code is apart of a larger project I've been working on that on / off in between burnout, like most of the concepts I've produced over the years under various aliases, will never see the light of day. Some of the code comments I've been to lazy to strip out that refer to unrelated functiaonlity, despite it being previously present. Do not expect this to work out of the box, some slight modifications are certainly necessary.
A GPT-empowered penetration testing (https://www.kitploit.com/search/label/Penetration Testing) tool.
KitPloit - PenTest & Hacking Tools
Leading source of security tools, hacking tools, cybersecurity and network security. Learn about new tools and updates in one place.
PentestGPT/PentestGPT_design.md at main · GreyDGL/PentestGPT
A GPT-empowered penetration testing tool. Contribute to GreyDGL/PentestGPT development by creating an account on GitHub.
github.com
Configure the cookies (https://www.kitploit.com/search/label/Cookies) in config
dupeGuru
dupeGuru is a cross—platform (GNU/Linux, (https://t.me/open_source_friend ) OS X, (https://t.me/open_source_friend ) Windows) a tool with a graphical interface to search for duplicate files in the system.
(https://t.me/open_source_friend)https://github.com/arsenetar/dupeguru
Mods
This is a tool, (https://t.me/open_source_friend ) simplifying the use of AI in the command line and in the pipeline
GitHub - charmbracelet/mods: AI on the command line
AI on the command line. Contribute to charmbracelet/mods development by creating an account on GitHub.
github.com
If you are tired of typing a lot of Google-dorks for various files during your OSINT exploration, then you can use FilePhish (https://cartographia .github.io/FilePhish /) — automatic query constructor for the most popular file extensions.
Enola Holmes - CLI toolIt is an improved sister of the Sherlock utility and a modern CLI tool written with Golang to help you track down social media accounts by username on social media.
⏺ Link to GitHub (https://github.com/sherlock-project/enola )
🖥 dtreevis (https://github.com/parrt/dtreeviz ): a tool for visualizing and interpreting decision trees
BEST 10 WEBSITE THAT EVERY PROFESSIONAL HACKER USE
These Website helps you to find BUG, Vulnerabilities, lookup DNS records, email verification tool, find IOT device and bugs in android etc.
**Website LIST
Cyber Security Paid Course Collection Basics
Reconnaissance and Footprinting
Network Scanning
File folder on MEGA
Enumeration
Firewalls HIDs Honeypot
File folder on MEGA
Malware and Threats
Mobile Platform
File folder on MEGA
Pentesting
Sql Injection
System Hacking
Web Application
Wireless Network
Cloud Computing
Web Server
Social Engineering
Session Hijacking
Sniffing
BufferOverflow
Cryptography
Denial Of Service
VMware Memory Analysis with MemProcFS
VMware Memory Analysis with MemProcFS
A lab guide for analyzing an infected memory image of a running VMware system with MemProcFS.
blog.ecapuano.com
Large selection of various OSINT tools PART 1🪬
1. Geoestimation (https://labs.tib.eu/geoestimation /) — assesses the location of the photo using AI;
2. Sondehub (https://sondehub.org /) — a map of radiosondes with a detailed description;
3. Skydb (https://www.skydb.net /)— information about various buildings;
4. EarthCam (https://www.earthcam.com/)— aggregator of working webcams around the world;
5. Scyscrapepage (https://skyscraperpage.com /) — information about skyscrapers;
6. Peakvisor (http://peakvisor.com/)— contains data on more than 1,000,000 mountains around the world;
7. Resource Watch (https://resourcewatch.org/data/explore ) — provides hundreds of datasets about the state of resources and inhabitants of the planet;
8. Airportwebcams (https://airportwebcams.net /) — aggregator of webcams in various airports around the world;
9. FIRMS (https://firms.modaps.eosdis.nasa.gov/map/#d:24hrs ;@0.0,0.0,3z)- — map of fires, close to real time (delay ~3 hours);
10. OpenInfraMap (https://openinframap.org/#2/26/12 ) — the map contains power lines, telecommunications, solar, oil, gas, water infrastructure around the world;
PEzor is an open source tool for bypassing antivirus solutionsThe implementation and the principle of operation of this tool can be read in the author's blog.
(https://iwantmore.pizza/posts/PEzor.html) ⏺ Link to GitHub
Hacking with an image. The PHP payload is in the image.Using the php-jpeg-injector tool (https://github.com/dlegs/php-jpeg-injector .git) it is possible to make attacks on web applications that run the image.jpeg via the PHP GD graphics library.
The tool creates a new one .jpeg file with PHP payload. Infected .The jpeg file is launched via the PHP gd library. PHP interprets the payload entered in jpeg and executes it.
⏺ Link to GitHub
Automated search for confidential dataA new tool called back-me-up (https://github.com/Dheerajmadhukar/back-me-up ) allows you to check the leakage of confidential data using some templates/regular expressions. The templates are mainly aimed at data from the Wayback Machine.
⏺ Link to GitHub
Powerful web application scanner combining a wide range of tools⏺ Link to GitHub
