svachal
GTFONow
Our great sponsors
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
svachal
-
Automate writeup for vulnerable machines
Link for the source repo is in tweet linked in above image descriptions and here.
-
Commandline access for VulnHub, TryHackMe and HackTheBox machines
https://github.com/7h3rAm/svachal - Helps me with automating machine writeups. It has a graphviz wrapper to auto generate these graphs from nested text descriptions. An example killchain here is converted to the following dotfile which is then rendered as the graph above.
GTFONow
-
Traitor: Linux privilege escalation made easy
How do you plan to use this universally across compromised systems, if they don't have Go to compile this?
A better solution might be https://github.com/Frissi0n/GTFONow which is written in python without dependencies and supports Py2/3. I would expect this to work on more hosts.
What are some alternatives?
starcli - :sparkles: Browse trending GitHub projects from your command line
Wfetch - Neofetch/pfetch, but for weather
brotab - Control your browser's tabs from the command line
PEASS-ng - PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
writeups - CTF writeups from The Flat Network Society
pwncat - Fancy reverse and bind shell handler
hackthebox - Notes Taken for HTB Machines & InfoSec Community.
SUID3NUM - A standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! ( ͡~ ͜ʖ ͡°)
reverse-shell-generator - Hosted Reverse Shell generator with a ton of functionality. -- (Great for CTFs)
PowerHub - A post exploitation tool based on a web application, focusing on bypassing endpoint protection and application whitelisting
writeups - Writeups for vulnerable machines.
traitor - :arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock