Open-Source Scripts to Help the World
Offensive and Defensive Security
Since moving into the world of information security, I have often identified use cases where automation can be quite powerful. While the best examples of these are the projects I’ve built, featured at https://endsec.au/projects/, there are many smaller scripts, which I’ve built for fun and profit.
My hope is that these scripts can be helpful to the wider security community.
|AutoDecoder||Automatically detects and decodes various supported encoding types. See link for more details. Useful when decoding multiple layers and types of encoding.||Determining if an encoded email is malicious. (Encoding is a common technique used by attackers to bypass mail filters.)||GitHub Link|
|BOFAutomation||Automatically builds a Buffer Overflow Exploit, based on a structure that reflects where the vulnerability exists and how to communicate with the port.||Useful for training for the OSCP, and at the time of this article, can be used in the exam. However, you will need to familiarise yourself with the tool and practice.||GitHub Link|
|CronScheduleEfficiencyFilter||Takes a cron schedule (either quartz or unix types), and ensures that the schedule is efficiently written. This is useful for cron jobs in general.||Threat detection algorithms that need to run on a schedule.|
Features in Scrummage, when a task is created and a cron schedule is included in the task definition, it will be processed by this filter.
|DNSChecker||Performs a series of checks against a domain. Obtaining records such as SPF, DKIM, DMARC, and DNSSEC records.||Perimeter Assessments||GitHub Link|
|FlashVulnScan||Decodes a flash file and performs a SAST scan against the source-code.||Vulnerability Assessments and Penetration Tests against Flash applications||GitHub Link|
|JSONWebTokenCracker||Performs a dictionary attack against a JWT locally.||Web Application Penetration Tests||GitHub Link|
|PunycodeDomainFuzzer||A punycode domain contains letters of alphabets not in the English alphabet.|
This tool enumerates a dictionary of these domains that resemble or are similar to letters in the English alphabet. These domains can be used to trick users to going to a malicious site that looks identical to the real site.
The tool then attempts to resolve the domain, which is successful reports it as a potential domain spoof.
|Open-Source Intelligence Investigations and Penetration Tests||GitHub Link|
|SessionEntropyCalculator||Checks the entropy of a given session||Web Application Penetration Tests||GitHub Link|
|WPA2-PSK-PMKID-Cracker||A script that automates the capturing and cracking of PMKIDs leaked by many wireless access points.||Wireless Penetration Tests||GitHub Link|
|Mifare RC522 Auth Key Bruteforcer||A script that automates the bruteforcing of the Mifare RC522 Authentication Key||RFID Penetration Tests and Red Teaming Activities||GitHub Link|