The ibet-Prime security token management system for ibet network. Features ibet-Prime is an API service that enables the issuance and management of security tokens on the ibet network. It supports tokens developed by the ibet-SmartContract project and various smart contracts. As a security token ledger management system, ibet-Prime provides a variety of functions required under Japanese regulations. By calling the ibet-Prime API from your own front-end application, you can easily build a security token management service. Dependencies Supported ibet smart […]

This guide is intended to help you determine which flags you should use to compile your C Code using GCC, Clang or MSVC, in order to: detect the maximum number of bugs or potential security problems. enable security mitigations in the produced binaries. enable runtime sanitizers to detect errors (overflows, race conditions, etc.) and make fuzzing more efficient. Disclaimer: The flags selected and recommended here were chosen to maximize the number of classes of detected errors which could have a […]

Did you know that DoD accepts server headers? 😲 (example: apache”version” , php”version”) ? In this code it is possible to extract all headers from the URLS.Tracking versions and being able to report as cwe-200 on hackerone. the 200dds file is an example: You can put your list of treated URLS. Install dependencies git clone https://github.com/KingOfBugbounty/Discovery-Header-Bug-Bounty.git cd Discovery-Header-Bug-Bounty pip install -r requirements.txt python3 searchHEADER.py -h usage: searchHEADER.py [-h] help positional arguments: help Run to code = python3 searchHEADER.py FileToUrls optional […]

TeamVault TeamVault is an open-source web-based shared password manager for behind-the-firewall installation. It requires Python 3.3+ and Postgres (with the unaccent extension). Installation apt-get install libffi-dev libldap2-dev libpq-dev libsasl2-dev python3.6-dev postgresql-contrib pip install teamvault teamvault setup vim /etc/teamvault.conf # note that the teamvault database user will need SUPERUSER privileges # during this step in order to activate the unaccent extension teamvault upgrade teamvault plumbing createsuperuser teamvault run Update pip install –upgrade teamvault teamvault upgrade Development Install Postgres and create a […]

MedSec Network utility tool that performs some network and security administrator tasks. This is a network utility tool that I developed to perform some network and security administrator tasks. Currently, this script can perform a good variety of tasks such as: Port scans, including SYN, TCP, UDP, ACK and comprehensive scan; Banner grabbing; DNS checks; ifconfig; ping; traceroute. Other features are still being implemented. Future implementations may include WAP (web application firewall) detection, vulnerability reconnaissance, offensive tasks such as packet […]

Pylint Secure Coding Standard Plugin pylint plugin that enforces some secure coding standards. Installation pip install pylint-secure-coding-standard Pylint codes Code Description R8000 Use os.path.realpath() instead of os.path.abspath() and os.path.relpath() E8001 Avoid using exec() and eval() E8002 Avoid using os.sytem() E8003 Avoid using shell=True in subprocess functions or using functions that internally set this R8004 Avoid using tempfile.mktemp(), prefer tempfile.mkstemp() instead E8005 Avoid using unsafe PyYAML loading functions E8006 Avoid using jsonpickle.decode() C8007 Avoid debug statement in production code C8008 Avoid […]

evtx-hunter evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files. It can process a high number of events quickly, making it suitable for use during investigations and hunting activities across a high number of collected events. evtx-hunter is a Python tool that generates a web report of interesting activity observedin EVTX files. The tool comes with a few predefined rules to help you get going. This includesrules to spot for example: The first time a […]

Openhaystack-python This python daemon will allow you to gather your Openhaystack-based airtag reports and display them on a Grafana dashboard.You can also use AirTagCrypto.py library alone to decrypt your reports via Python Requirements Running Openhaystack simple-server (I’m using a Big Sur Hackintosh virtual machine on my Proxmox server). Grafana instance with installed Track map plugin (in my case running on a separate Arch Linux machine with InfluxDB). InfluxDB 2.0 to store your decrypted reports and send them to Grafana. Installation […]

CMSeeK CMS Detection and Exploitation suite – Scan WordPress, Joomla, Drupal and over 180 other CMSs Functions Of CMSeek: Basic CMS Detection of over 170 CMS Drupal version detection Advanced WordPress Scans Detects Version User Enumeration Plugins Enumeration Theme Enumeration Detects Users (3 Detection Methods) Looks for Version Vulnerabilities and much more! Advanced Joomla Scans Version detection Backup files finder Admin page finder Core vulnerability detection Directory listing check Config leak detection Various other checks Modular bruteforce system Use pre […]