Bob the Smuggler is a tool that leverages the HTML Smuggling Attack and allows you to create HTML files with embedded 7z/zip archives. The tool would compress your binary (EXE/DLL) into 7z/zip file format, then XOR encrypts the archive and then hides it inside PNG/GIF image file format (Image Polyglots). The JavaScript embedded within the HTML will download the PNG/GIF file and store it in the cache. Following this, the JavaScript will extract the data embedded in the PNG/GIF, assemble it, perform XOR decryption, and then store it as an in-memory blob.
apk2url is a tool that easily extracts URL and IP endpoints from an APK file and performs filtering into a .txt output. This is suitable for information gathering by the red team, penetration testers, and developers to quickly identify endpoints associated with an application.
msoffcrypto-tool is a Python tool and library for decrypting encrypted MS Office files with password, intermediate key, or private key which generated its escrow key. It supports various MS Office file formats, including Word (MS-DOCX), Excel (MS-XLSX), and PowerPoint (MS-PPTX).
SessionProbe is a multi-threaded tool designed for pentesting and bug bounty hunting. It evaluates user privileges in web apps by taking a session token and checking access across a list of URLs, highlighting potential authorization issues.
Troll-A is a command line tool for extracting secrets such as passwords, API keys, and tokens from WARC (Web ARChive) files. Troll-A is an easy-to-use, comprehensive, and fast solution for finding secrets in web archives.
sn0int is a semi-automatic OSINT framework and package manager designed for IT security professionals, bug bounty hunters, law enforcement agencies, and individuals seeking to gather intelligence about a target or themselves.
