STEWS
Villain
| STEWS | Villain | |
|---|---|---|
| 2 | 2 | |
| 286 | 3,571 | |
| 5.9% | - | |
| 1.8 | 7.7 | |
| over 2 years ago | about 2 months ago | |
| Python | Python | |
| Apache License 2.0 | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
STEWS
-
WebSocket security: 9 common vulnerabilities & prevention methods
Comprehensive WebSocket security testing requires a deep understanding of the WebSocket protocol and practical experience in both manual and automated security testing techniques. Open tools like STEWS can detect known WebSocket vulnerabilities while commercial security tools like Burp Suite exist to intercept and manipulate WebSocket frames with ease, however they won't catch everything. Perform manual testing and fuzzing to identify unexpected behavior or vulnerabilities that automated tools might miss.
- STEWS :-- Una herramienta de seguridad para enumerar WebSockets. 👀
Villain
-
Is MSF Venom - Metasploit a good investment for the long run in terms of RATs?
Villain (recommend) https://github.com/t3l3machus/Villain
- Villain - a Windows & Linux backdoor generator and multi-session handler that allows users to connect with sibling servers (other machines running Villain) and share their backdoor sessions, handy for working as a team.
What are some alternatives?
Deep-Inside - Command line tool that allows you to explore IoT devices by using Shodan API.
hoaxshell - A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.
PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
HavocNotion - A simple ExternalC2 POC for Havoc C2. Communicates over Notion using a custom python agent, handler and extc2 channel. Not operationally safe or stable, built as a PoC to showcase Havoc C2's modular C2 channel interface.
SSTImap - Automatic SSTI detection and exploitation tool with interactive interface
Pentest-Notes - Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)
cerberus - Cerberus is another simple stressing tool simulating DDoS attacks.
aizawa - Simple command-line webshell that executes commands via the HTTP request in order to avoid any WAF or IDS while bypassing disable_function.
asio - All Shell In One. Generate Reverse Shells and/or generate single code that runs all the payloads.
PowerShell-Obfuscation-Bible - A collection of techniques, examples and a little bit of theory for manually obfuscating PowerShell scripts to achieve AV evasion, compiled for educational purposes. The contents of this repository are the result of personal research, including reading materials online and conducting trial-and-error attempts in labs and pentests.
cli - Snyk CLI scans and monitors your projects for security vulnerabilities.
uuid-loader - UUID based Shellcode loader for your favorite C2