MLOps Attack Toolkit

MLOKit is a toolkit that can be used to attack MLOps platforms by taking advantage of the available REST API. This tool allows the user to specify an attack module, along with specifying valid credentials (API key or stolen access token) for the respective MLOps platform. The attack modules supported include reconnaissance, data extraction and model extraction. MLOKit was built in a modular approach, so that new modules can be added in the future by the information security community.

Mapping of open-source detection rules and atomic tests.

The goal of this project is to bridge the gap between Atomic Red Team's adversary simulations and open-source detection rules. By doing so, this project aims to help security professionals simulate attacks and evaluate their detection strategies more effectively.

• AttackRuleMap @ GitHub.

Fast SNMP Scanner.

onesixtyone takes a different approach to SNMP scanning. It takes advantage of the fact that SNMP is a connectionless protocol and sends all SNMP requests as fast as it can. Then the scanner waits for responses to come back and logs them, in a fashion similar to Nmap ping sweeps. By default onesixtyone waits for 10 milliseconds between sending packets, which is adequate for 100MBs switched networks. The user can adjust this value via the -w command line option. If set to 0, the scanner will send packets as fast as the kernel would accept them, which may lead to packet drop.

CF-Hero is a reconnaissance tool that uses multiple data sources to discover the origin IP addresses of Cloudflare-protected web applications

This repository is all about tips on ethical hacking and penetration testing!

Fast Enumeration Tool using Shodan.

This is a Python script developed to assist in the reconnaissance process during penetration testing.

Related contents:

• Resolver : Accélérez votre reconnaissance avec Shodan ! @ Maori S.' LinkedIn .

D4TA-HUNTER is a tool created in order to automate the collection of information about the employees of a company that is going to be audited for ethical hacking.

In addition, in this tool we can find in the "search company" section by inserting the domain of a company, emails of employees, subdomains and IP's of servers.

Find vulnerabilities in AD Group Policy, but do it better than Grouper2 did.

Like its ancestors, Group3r is a tool for pentesters and red teamers to rapidly enumerate relevant settings in AD Group Policy, and to identify exploitable misconfigurations in same. It does this by talking LDAP to Domain Controllers, parsing GPO config files off the domain SYSVOL share, and also by looking at other files (usually on file shares) that are referenced within GPOs, like scripts, MSI packages, exes, etc.

Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab

OSINT tool for searching people's digital footprint and leaked passwords across various social networks, written in Go.

Go-written Malware targeting Windows systems, extracting User Data from Discord, Browsers, Crypto Wallets and more, from every user on every disk. (PoC. For Educational Purposes only).

Next-Gen Stealer written in Go. Stealing from Discord, Chromium-Based & Firefox-Based Browsers, Crypto Wallets and more, from every user on every disk. (PoC. For educational purposes only)

A super fast CLI tool to decode and encode JWTs built in Rust.

jwt-cli is a command line tool to help you work with JSON Web Tokens (JWTs). Like most JWT command line tools out there, you can decode almost any JWT header and claims body. Unlike any that I've found, however, jwt-cli allows you to encode a new JWT with nearly any piece of data you can think of. Custom header values (some), custom claim bodies (as long as it's JSON, it's game), and using any secret you need.

Pentoo is a Live CD and Live USB designed for penetration testing and security assessment. Based off Gentoo Linux, Pentoo is provided both as 32 and 64 bit installable livecd.

Penetration Testing Distribution.

BlackArch Linux is an Arch Linux-based penetration testing distribution for penetration testers and security researchers. The repository contains 2828 tools. You can install tools individually or in groups. BlackArch Linux is compatible with existing Arch installs.

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. MobSF can be used for a variety of use cases such as mobile application security, penetration testing, malware analysis, and privacy analysis. The Static Analyzer supports popular mobile app binaries like APK, IPA, APPX and source code. Meanwhile, the Dynamic Analyzer supports both Android and iOS applications and offers a platform for interactive instrumented testing, runtime data and network traffic analysis. MobSF seamlessly integrates with your DevSecOps or CI/CD pipeline, facilitated by REST APIs and CLI tools, enhancing your security workflow with ease.

• Mobile Security Framework (MobSF) @ GitHub.

A smarter web fuzzing tool that combines local LLM models and ffuf to optimize directory and file discovery.

This tool enhances traditional web fuzzing by using local AI language models (via Ollama) to generate intelligent guesses for potential paths and filenames.

• Brainstorm tool release: Optimizing web fuzzing with local LLMs @ invicti.

A research project to add some brrrrrr to Burp.

"burpference" started as a research idea of offensive agent capabilities and is a fun take on Burp Suite and running inference. The extension is open-source and designed to capture in-scope HTTP requests and responses from Burp's proxy history and ship them to a remote LLM API in JSON format. It's designed with a flexible approach where you can configure custom system prompts, store API keys and select remote hosts from numerous model providers as well as the ability for you to create your own API configuration. The idea is for an LLM to act as an agent in an offensive web application engagement to leverage your skills and surface findings and lingering vulnerabilities. By being able to create your own configuration and model provider allows you to also host models locally via Ollama to prevent potential high inference costs and potential network delays or rate limits.

A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.

• CyberAdvent Day 12: Force SMB and HTTP authentications with Coercer! @ Rémi Gascou (Podalirius)'s LinkedIn.

Your Persistent Adversary.
Real Attack Surface Management, within the watchTowr Platform.
The future of Continuous Automated Red Teaming and Attack Surface Management.

• PoC Exploit L'exploit zero-day et PoC de Mitel MiCollab dévoilé @ Almamy Diakho's LinkedIn .

ChainReactor is a research project that leverages AI planning to discover exploitation chains for privilege escalation on Unix systems. The project models the problem as a sequence of actions to achieve privilege escalation from initial access to a target system.

• ChainReactor: Automated Privilege Escalation Chain Discovery via AI Planning @ Usenix association.