Hacking Tools and Research

Broken Hill is a productionized Greedy Coordinate Gradient (CGC) attack tool for use against large language models.

JSluice is an open-source, Go package and command-line tool used to extract information from JavaScript files and code.

Swagger Jacker is an audit tool designed to improve inspection of unintentionally exposed OpenAPI definition files.

asminject.py is a code injection tool that compromises Linux-trusted processes and containers.

CloudFox is a command line tool created to help penetration testers and other offensive security professionals find exploitable attack paths in cloud infrastructure. It currently supports AWS.

Unredacter focuses on pixelation – and will show you why it’s a no-good, bad, insecure, surefire way to get your sensitive data leaked. The tool takes redacted, pixelized text and reverses it back into its unredacted form.

Big-IP Scanner aids you in determining which software version is running on a remote F5 BIG-IP management interface.

Eyeballer is for large-scope network penetration tests where you need to find targets from a huge set of web-based hosts. Use your favorite screenshotting tools and then run them through Eyeballer to tell you what's likely to contain vulnerabilities, and what isn't.

GadgetProbe takes a wordlist of Java classes, outputs serialized DNS callback objects, and reports what's lurking in the remote classpath. Start probing endpoints!

GitGot is a semi-automated, feedback-driven tool to empower users to rapidly search through troves of public data on GitHub for sensitive secrets.

Practical guide to Drone hacking for penetration testers. This research is helping equip security professionals with the tools to test the effectiveness of their drone defenses and eliminate exposed attack vectors.

Search through public Elastic Block Storage (EBS) snapshots for secrets that may have been accidentally left in. You may be surprised by all the passwords and secrets just laying around!

Defeat Zigbee smart locks and alarms sensors with ZigDiggity. It enables cybersecurity professionals and developers to run complex interactions with ZigBee networks using a single device.

Sliver is a cross-platform general purpose implant framework designed to be an open-source alternative to Cobalt Strike. It supports asymmetrically encrypted C2 over DNS, HTTP, HTTPS, and Mutual TLS, and supports multiplayer mode for collaboration.

h2cSmuggler smuggles HTTP traffic past insecure edge-server proxy_pass configurations allowing a bypass of proxy rules and access controls.

RMIScout enables wordlist and bruteforce attacks against exposed Java RMI interfaces to safely guess method signatures without invocation. It supports multiple Java RMI protocols, method invocation, and exploitation.

IAM Vulnerable uses the Terraform binary and your AWS credentials to deploy over 250 IAM resources into your selected AWS account. Within minutes, you can start learning how to identify and exploit vulnerable IAM configurations that allow for privilege escalation.

This research builds upon existing AWS privesc research and expands it. We tried 21 existing methods and grouped them into five categories. The result is findings that can benefit both attackers and defenders.

Practical guide for penetration testers includes tools and techniques for stealing and using RFID proximity badge information to gain unauthorized access to buildings and other secure areas.

This research is dedicated to investigating Google Hacking, i.e. the latest techniques that leverage search engines, such as Google, Bing, and Shodan, to quickly identify vulnerable systems and sensitive data in corporate networks.

This research is about bypassing home and office digital physical security systems before it can alert the authorities. All the methods presented are for covert entry and leave no physical sign of entry or compromise.

This research investigates tools and techniques in hacking Microsoft SharePoint to help administrators identify insecure configurations and exposures introduced by vulnerable SharePoint deployments.