Skip to content

libcrack/pentest

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits

android

android

 
 

burpsuite

burpsuite

 
 

drozer

drozer

 
 

ios

ios

 
 

ms15-034

ms15-034

 
 

nmap

nmap

 
 

poc/libc

poc/libc

 
 

scripts

scripts

 
 

sqlmap

sqlmap

 
 

.gitignore

.gitignore

 
 

README.md

README.md

 
 

swfdecrypt_w32_unix.cpp

swfdecrypt_w32_unix.cpp

 
 

Repository files navigation

Pentest utils

Misc

swfdecrypt_w32_unix.cpp Win32 + Linux port of swfdecrypt

Burp suite extensions & helpers

burpsuite/burp.sh Init script with custom Java memory parameters, etc.

burpsuite/mkBurpExtension.sh Extensions creator helper

burpsuite/extensions/HTTPInjector.py Extension to inject JavaScript by @Agarry_FR

burpsuite/extensions/RandomUUID.py Standard Life RandomUUID injector for web app test

burpsuite/extensions/SQLiPy.py Fixed SQLMap extension (the bappstore does not work)

burpsuite/extensions/base64/ Java Base64 enc/dec extension

burpsuite/burp_issue2appendix.py Reads an Burp Suite issues XML file and print all the issues, payloads and details

burpsuite/burp_item2appendix.py Reads an Burp Suite issues XML file and print all the issues, payloads and details

burpsuite/burp_item2web.py: Reads an Burp Suite issues XML file and creates the web hierarchy of the scoped web site (imagine that you could dump the contents spidered by Burp's spider to the filesystem) [Note: Incompleted]

burpsuite/burp_item.xml: test XML file

Nmap NSE scripts

nmap/http-ms15-034.nse MS15-034 Nmap NSE scrip

Android

drozer/object_input_stream.py CVE-2014-7911 java.io.ObjectInputStream Android<5.0

drozer/secure_random.py java.secure.SecureRandom (patched module)

android/dump_preferences.sh: Dump Android application preferences (/data/data/appname)

android/dump_sqlite.sh: Explore the filesystem for sqlite

android/logcat.sh: Android LogCat Wrapper

android/mystrace.sh: Android strace wrapper

android/screenshot.sh: Takes a screenshot of a device's screen

android/install_strace.sh: Installs strace on an Android device

iOS

ios/install-iRET-deps.sh: Installs iRET on an iOS device

ios/install_pentest_iOS_env.sh: Installs all pentest toolz on an iOS device

ios/iOSaudit.sh: Performs a quick security audit of an iOS app

Execution example:

iPhone:~ root# ./iOSaudit.sh Test.ipa

[*]======================================================
[*] >> iOS app quick audit
[*] >> devnull@libcrack.so
[*]======================================================
[*]
[*] Unpacking Test.ipa
[*] Searching ipa binary...
[*] Checking binary Payload/Test.app/Test
[*] Detected architectures:
[*]    > armv7
[*]    > armv7s
[*]
[*] Discovering _check_ procedures
[*]    > Executing _check_stack
[*]      [SUCCESS] Stack guard found: __stack_chk_guard
[*]    > Executing _check_pie
[*]      [SUCCESS] PIE is enabled
[*]    > Executing _check_arc
[*]      [SUCCESS] ARC found: _objc_retain
[*]    > Executing _check_badcalls
[*]      [FAIL] found function call _malloc
[*]
[*] Done

About

Pentest utils

Resources

Readme
Activity

Stars

14 stars

Watchers

5 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages