Reconmap is a vulnerability assessment and penetration testing (VAPT) platform. It helps software engineers and infosec pros collaborate on security projects, from planning, to implementation and documentation. The tool’s aim is to go from recon to report in the least possible time.

Read More : https://reconshell.com/reconmap-vapt-aut...-platform/

In0ri is a defacement detection system utilizing a image-classification convolutional neural network.

Introduction

When monitoring a website, In0ri will periodically take a screenshot of the website then put it through a preprocessor that will resize the image down to 250x250px and numericalize the image before passing it onto the classifier. The core of the classifier is a convolutional neural network that is trained to detect the defacement of a website. If the monitored website is indeed, defaced, In0ri will send out warnings via email to the user.

Read More : https://reconshell.com/in0ri-defacement-...-learning/

Azure JSON Web Token (“JWT”) Manipulation Toolset

Azure access tokens allow you to authenticate to certain endpoints as a user who signs in with a device code. Even if they used multi-factor authentication. Once you have a user’s access token, it may be possible to access certain apps such as Outlook, SharePoint, OneDrive, MSTeams and more.

For instance, if you have a Graph or MSGraph token, you can then connect to Azure and dump users, groups, etc. You could then, depending on conditional access policies, switch to an Azure Core Management token and run AzureHound. Then, switch to an Outlook token and read/send emails or MS Teams and read/send teams messages!

Read More : https://reconshell.com/tokentactics-azur...n-toolset/

Powerful, customizable and easy to use Instagram dm bot. With TUI and Electron.js GUI! Using Selenium webdriver and Yaml configuration files. (WIP)

IGopher : (WIP) Golang smart bot for Instagram DM automation
Powerful, customizable and easy to use Instagram dm bot. With TUI and Eletron.js GUI! Using Selenium webdriver and Yaml configuration files.

This project is under active development, there may be bugs or missing features. If you have any problem or would like to see a feature implemented, please, open an issue. This is essential so that we can continue to improve IGopher!

Disclaimer: This is a research project. I am in no way responsible for the use you made of this tool. In addition, I am not responsible for any sanctions and/or limitations imposed on your account after using this bot.

Read More : https://reconshell.com/igopher-golang-sm...tagram-dm/

DevOps resources – Linux, Jenkins, AWS, SRE, Prometheus, Docker, Python, Ansible, Git, Kubernetes, Terraform, OpenStack, SQL, NoSQL, Azure, GCP

This repository is about gathering any useful resources and information regarding DevOps and secondly, provide some roadmap for those who want to practice DevOps.

Feel free to add more resources by sumitting pull requests

Read More : https://reconshell.com/devops-resources/

Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark

kube-bench is tool that checks whether Kubernetes is deployed securely by running the checks documented in the CIS Kubernetes Benchmark.

Tests are configured with YAML files, making this tool easy to update as test specifications evolve.

Read More : https://reconshell.com/kube-bench-is-too...-securely/

Description

hive-metasploit is a python library for:

Import data from Metasploit workspace to Hive project
Export data from Hive project to Metasploit workspace

with hive-metasploit you can import/export Metasploit data to/from Hive such as:

Read More : https://reconshell.com/hive-metasploit-c...etasploit/

A scanner/exploitation tool written in GO, which leverages Prototype Pollution to XSS by exploiting known gadgets.

ppmap

A simple scanner/exploitation tool written in GO which automatically exploits known and existing gadgets (checks for specific variables in the global context) to perform XSS via Prototype Pollution. NOTE: The program only exploits known gadgets, but does not cover code analysis or any advanced Prototype Pollution exploitation, which may include custom gadgets.

Read More : https://reconshell.com/ppmap-scanner-exp...tten-in-go

Cloud C2 Framework, which at the moment offers reconnaissance, enumeration, exploitation, post exploitation on AWS, but still working to allow testing other Cloud Providers and DevOps Components.

Nebula is a Cloud and (hopefully) DevOps Penetration Testing framework. It is build with modules for each provider and each functionality. As of April 2021, it only covers AWS, but is currently an ongoing project and hopefully will continue to grow to test GCP, Azure, Kubernetes, Docker, or automation engines like Ansible, Terraform, Chef, etc.

Read More : https://reconshell.com/nebula-cloud-c2-framework/

Dystopia

Low to medium Ubuntu Core honeypot coded in Python.

Read More : https://reconshell.com/dystopia-low-to-m...in-python/