Open-Source Scripts to Help the World

Endure Secure Knowledge Base
Table of Contents
< All Topics

Open-Source Scripts to Help the World

Script Languages




Offensive and Defensive Security

Since moving into the world of information security, I have often identified use cases where automation can be quite powerful. While the best examples of these are the projects I’ve built, featured at, there are many smaller scripts, which I’ve built for fun and profit.

My hope is that these scripts can be helpful to the wider security community.

NameDescriptionUse CasesLink
AutoDecoderAutomatically detects and decodes various supported encoding types. See link for more details. Useful when decoding multiple layers and types of encoding.Determining if an encoded email is malicious. (Encoding is a common technique used by attackers to bypass mail filters.)GitHub Link
BOFAutomationAutomatically builds a Buffer Overflow Exploit, based on a structure that reflects where the vulnerability exists and how to communicate with the port.Useful for training for the OSCP, and at the time of this article, can be used in the exam. However, you will need to familiarise yourself with the tool and practice.GitHub Link
CronScheduleEfficiencyFilterTakes a cron schedule (either quartz or unix types), and ensures that the schedule is efficiently written. This is useful for cron jobs in general.Threat detection algorithms that need to run on a schedule.

Features in Scrummage, when a task is created and a cron schedule is included in the task definition, it will be processed by this filter.
GitHub Link
DNSCheckerPerforms a series of checks against a domain. Obtaining records such as SPF, DKIM, DMARC, and DNSSEC records.Perimeter AssessmentsGitHub Link
FlashVulnScanDecodes a flash file and performs a SAST scan against the source-code.Vulnerability Assessments and Penetration Tests against Flash applicationsGitHub Link
JSONWebTokenCrackerPerforms a dictionary attack against a JWT locally.Web Application Penetration TestsGitHub Link
PunycodeDomainFuzzerA punycode domain contains letters of alphabets not in the English alphabet.

This tool enumerates a dictionary of these domains that resemble or are similar to letters in the English alphabet. These domains can be used to trick users to going to a malicious site that looks identical to the real site.

The tool then attempts to resolve the domain, which is successful reports it as a potential domain spoof.
Open-Source Intelligence Investigations and Penetration TestsGitHub Link
SessionEntropyCalculatorChecks the entropy of a given sessionWeb Application Penetration TestsGitHub Link
WPA2-PSK-PMKID-CrackerA script that automates the capturing and cracking of PMKIDs leaked by many wireless access points.Wireless Penetration TestsGitHub Link
Mifare RC522 Auth Key BruteforcerA script that automates the bruteforcing of the Mifare RC522 Authentication KeyRFID Penetration Tests and Red Teaming ActivitiesGitHub Link