Archive | 2019

exe2powershell – Convert EXE to BAT Files


exe2powershell is used to convert EXE to BAT files, the previously well known tool for this was exe2bat, this is a version for modern Windows.

exe2powershell - Convert EXE to BAT Files


This will convert any binary file (*.exe) to a BAT file, the resulting BAT file contains only echo commands followed by a PowerShell command to re-create the original binary file.

This kind of tool can be useful during a pen-test when you want to trigger a shell without any upload feature. With echo and PowerShell the auditor is able to upload any binary file to the target system.

This version is modernized from exe2bat to work with current Windows versions as exe2bat had some limitations:

  • Needs debug.exe available on the target computer (16-bit application which was removed in Windows 7 x64 but available in Windows 7 x86)
  • Limits input exe size to 64kB

exe2powershell replaces the need of debug.exe by using a PowerShell command line which is available on all Windows since Windows 7 / 2008 and there is no more limitation in input exe size.

Usage of exe2powershell to Convert EXE to BAT Files

You can download exe2powershell here:

exe2powershell-master.zip

Or read more here.

Posted in: Windows Hacking

Topic: Windows Hacking


Latest Posts:


LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc
GKE Auditor - Detect Google Kubernetes Engine Misconfigurations GKE Auditor – Detect Google Kubernetes Engine Misconfigurations
GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security & dev teams streamline the configuration process
zANTI - Android Wireless Hacking Tool Free Download zANTI – Android Wireless Hacking Tool Free Download
zANTI is an Android Wireless Hacking Tool that functions as a mobile penetration testing toolkit that lets you assess the risk level of a network using mobile.


HiddenWall – Create Hidden Kernel Modules


HiddenWall is a Linux kernel module generator used to create hidden kernel modules to protect your server from attackers. It supports custom rules with netfilter (block ports, hidden mode, rootkit functions etc).

HiddenWall - Create Hidden Kernel Modules


The motivation is basically another layer of protection, much like a hidden firewall – setting securelevel to 2 on BSD would have a similar effect.

In a typical attack, the bad actor can alter your IPTables or UFW rules – with HiddenWall you still have another layer that can block external access because it hooks directly into netfilter from kernel land.

The author created it to protect his own servers but realised it also helps people who can’t write low-level code roll their own customized, hidden kernel modules.

If you can write low-level code, you can always add more module templates to HiddenWall.

Installing HiddenWall to Create Hidden Kernel Modules

Verify if the kernel version is 3.x, 4.x or 5.x:

Clone the repository

Enter the folder

Edit your firewall rules in directory rules/server.yaml, the python scripts use that file to generate a new firewall module.

If you want to study the static code to generate, look the content at directory “templates”.

Then you would want to generate a kernel module following your YAML file of rules:

Then install it with insmod.

You can download HiddenWall here:

HiddenWall03.zip

Or read more here.

Posted in: Security Software

Topic: Security Software


Latest Posts:


LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc
GKE Auditor - Detect Google Kubernetes Engine Misconfigurations GKE Auditor – Detect Google Kubernetes Engine Misconfigurations
GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security & dev teams streamline the configuration process
zANTI - Android Wireless Hacking Tool Free Download zANTI – Android Wireless Hacking Tool Free Download
zANTI is an Android Wireless Hacking Tool that functions as a mobile penetration testing toolkit that lets you assess the risk level of a network using mobile.


Anteater – CI/CD Security Gate Check Framework


Anteater is a CI/CD Security Gate Check Framework to prevent the unwanted merging of nominated strings, filenames, binaries, deprecated functions, staging environment code/credentials etc.

It’s main function is to block content based on regular expressions.

Anteater - CI/CD Security Gate Check Framework


Anything that can be specified with regular expression syntax, can be sniffed out by Anteater. You tell Anteater exactly what you don’t want to get merged, and anteater looks after the rest.

How Anteater CI/CD Security Gate Check Framework Works

If Anteater finds something, it exits with a non-zero code which in turn fails the build of your CI tool, with the idea that it would prevent a pull request merging. Any false positives are easily negated by using the same RegExp framework to cancel out the false match.

Entire projects may also be scanned also, using a recursive directory walk. With a few simple steps, it can be easily implemented into a CI/CD workflow with tooling such as Travis CI, CircleCI, Gitlab CI/CD and Jenkins.

Anteater also provides integrates with the Virus Total API, so any binaries, public IP addresses or URL’s found by Anteater, will be sent to the Virus Total API and a report will be returned. If any object is reported as malicious, it will fail the CI build job.

You can also set it to block all binaries or tamper with existing binaries (this includes PDFs, Images etc.) and you can whitelist desired binaries using a SHA256 checksum.

Using Anteater CI/CD Security Gate Checks

There is some excellent documentation for Anteater here:

Docs » Anteater – CI/CD Gate Check Framework

This includes how to get it working with CircleCI which is my personal choice for CI tooling.

In order to use the VirusTotal API, you will first require an API key. These are free to get and can be obtained by signing up to the service here.

Once you have your key, it needs to be set as an environment variable.

You can download Anteater here:

anteater-master.zip

Or read more here.

Posted in: Countermeasures

Topic: Countermeasures


Latest Posts:


LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc
GKE Auditor - Detect Google Kubernetes Engine Misconfigurations GKE Auditor – Detect Google Kubernetes Engine Misconfigurations
GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security & dev teams streamline the configuration process
zANTI - Android Wireless Hacking Tool Free Download zANTI – Android Wireless Hacking Tool Free Download
zANTI is an Android Wireless Hacking Tool that functions as a mobile penetration testing toolkit that lets you assess the risk level of a network using mobile.


Stardox – Github Stargazers Information Gathering Tool


Stardox is a Python-based GitHub stargazers information gathering tool, it scrapes Github for information and displays them in a list tree view. It can be used for collecting information about your or someone else’s repository stargazers details.

Stardox - Github Stargazers Information Gathering Tool


GitHub allows visitors to star a repo to bookmark it for later perusal. Stars represent a casual interest in a repo, and when enough of them accumulate, it’s natural to wonder what’s driving interest. Stargazers attempts to get a handle on who these users are by finding out what else they’ve starred, which other repositories they’ve contributed to, and who’s following them on GitHub.

The Data Collected by Stardox Github Stargazers Information Gathering Tool

  • Total repositories
  • Total stars
  • Total followers
  • Total following
  • Stargazer’s e-mail address

How to Install Stardox Github Stargazers Information Gathering Tool

Using Stardox Github Stargazers Information Gathering Tool

Positional arguments:

Optional arguments:

You can download Stardox here:

Stardox-master.zip

Or read more here.

Posted in: Hacking Tools

Topic: Hacking Tools


Latest Posts:


LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc
GKE Auditor - Detect Google Kubernetes Engine Misconfigurations GKE Auditor – Detect Google Kubernetes Engine Misconfigurations
GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security & dev teams streamline the configuration process
zANTI - Android Wireless Hacking Tool Free Download zANTI – Android Wireless Hacking Tool Free Download
zANTI is an Android Wireless Hacking Tool that functions as a mobile penetration testing toolkit that lets you assess the risk level of a network using mobile.


ZigDiggity – ZigBee Hacking Toolkit


ZigDiggity a ZigBee Hacking Toolkit is a Python-based IoT (Internet of Things) penetration testing framework targeting the ZigBee smart home protocol.

ZigDiggity - ZigBee Hacking Toolkit


ZigBee continues to grow in popularity as a method for providing simple wireless communication between devices (i.e. low power/traffic, short distance), & can be found in a variety of consumer products that range from smart home automation to healthcare. Security concerns introduced by these systems are just as diverse and plentiful, underscoring a need for quality assessment tools.

This ZigBee penetration testing framework enables cybersecurity professionals, auditors, and developers to run complex interactions with ZigBee networks using a single device.

The current version of ZigDiggity is solely designed for use with the Raspbee, the RaspBee premium is ZigBee addon for Raspberry Pi with Firmware.

The RaspBee provides:

  • Pluggable add on with radio module (IEEE 802.15.4) for Raspberry Pi
  • Brings Raspberry Pi as LAN-ZigBee gateway
  • Frequency: 2.4 GHz ISM band, can be used worldwide
  • Based on Atmel´s single chip microcontroller ATmega256RFR2
  • With ZigBee firmware and extensive software package to control up to 200 devices

Using ZigDiggity the ZigBee Hacking Toolkit

Currently, scripts are available in the root of the repository, they can all be run using Python3:

When running with Wireshark, root privileges may be required.

Scripts for ZigBee Hacking

  • ack_attack.py – Performs the acknowledge attack against a given network.
  • beacon.py – Sends a single beacon and listens for a short time. Intended for finding which networks are near you.
  • find_locks.py – Examines the network traffic on a channel to determine if device behavior looks like a lock. Displays which devices it thinks are locks.
  • insecure_rejoin.py – Runs an insecure rejoin attempt on the target network.
  • listen.py – Listens on a channel piping all output to wireshark for viewing.
  • scan.py – Moves between channels listening and piping the data to wireshark for viewing.
  • unlock.py – Attempts to unlock a target lock

You can download ZigDiggity here:

zigdiggity-master.zip

Or read more here.

Posted in: Hardware Hacking

Topic: Hardware Hacking


Latest Posts:


LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc
GKE Auditor - Detect Google Kubernetes Engine Misconfigurations GKE Auditor – Detect Google Kubernetes Engine Misconfigurations
GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security & dev teams streamline the configuration process
zANTI - Android Wireless Hacking Tool Free Download zANTI – Android Wireless Hacking Tool Free Download
zANTI is an Android Wireless Hacking Tool that functions as a mobile penetration testing toolkit that lets you assess the risk level of a network using mobile.


RandIP – Network Mapper To Find Servers


RandIP is a nim-based network mapper application that generates random IP addresses and uses sockets to test whether the connection is valid or not with additional tests for Telnet and SSH.

RandIP - Network Mapper To Find Servers


RandIP – Network Mapper Features

  • HTTP and HTTPS enumeration
  • Python enumeration exploits
  • SSH enumeration exploits
  • Logger and error-code handler
  • SSH and Telnet Timeouts to prevent blocking
  • SSH Enumerations work in tandem

You can download RandIP here:

randip-master.zip

Or read more here.

Posted in: Networking Hacking Tools

Topic: Networking Hacking Tools


Latest Posts:


LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc
GKE Auditor - Detect Google Kubernetes Engine Misconfigurations GKE Auditor – Detect Google Kubernetes Engine Misconfigurations
GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security & dev teams streamline the configuration process
zANTI - Android Wireless Hacking Tool Free Download zANTI – Android Wireless Hacking Tool Free Download
zANTI is an Android Wireless Hacking Tool that functions as a mobile penetration testing toolkit that lets you assess the risk level of a network using mobile.