Podman is a daemonless, open source, Linux native tool designed to make it easy to find, run, build, share and deploy applications using Open Containers Initiative (OCI) Containers and Container Images. Podman provides a command line interface (CLI) familiar to anyone who has used the Docker Container Engine. Most users can simply alias Docker to Podman (alias docker=podman) without any problems. Similar to other common Container Engines (Docker, CRI-O, containerd), Podman relies on an OCI compliant Container Runtime (runc, crun, runv, etc) to interface with the operating system and create the running containers. This makes the running containers created by Podman nearly indistinguishable from those created by any other common container engine.
Containers under the control of Podman can either be run by root or by a non-privileged user. Podman manages the entire container ecosystem which includes pods, containers, container images, and container volumes using the libpod library. Podman specializes in all of the commands and functions that help you to maintain and modify OCI container images, such as pulling and tagging. It allows you to create, run, and maintain those containers and container images in a production environment.
A simple command line tool which takes a directory of images, reorganizes them a little bit (I'm not wild about this but it's not too hard to put everything back the way it was), and generates a static image gallery. Uses just a little bit of Javascript webshit to make the gallery responsive and mobile-friendly. The default theme looks a bit like Flickr's default album.
A command line tool to extract the main content from a webpage, as done by the "Reader View" feature of most modern browsers. It's intended to be used with terminal RSS readers, to make the articles more readable on web browsers such as lynx. The code is closely adapted from the Firefox version and the output is expected to be mostly equivalent.
This tool is young and written in C, so it's reasonable to wonder about the potential for memory issues. To be safe, all HTML parsing happens inside a sandboxed subprocess. Seccomp is used for this purpose on Linux, Pledge on OpenBSD, and Capsicum on FreeBSD.
Small program that computes and plots spectrograms, either in a live window or to disk, with support for stdin input. In theory, you can run any data through it and generate a spectrogram. Read the manpage.
In the AUR (but you want specgram-git because specgram has a bug and won't compile!)
Automated decoding of encrypted text without knowing the key or ciphers used. Ares is the next generation of decoding tools, built by the same people that brought you Ciphey. We fully intend to replace Ciphey with Ares.
Ares is fast. Very fast. Other decoders such as Ciphey require advance artifical intelligence to determine which path it should take to decode (whether to try Caesar next or Base64 etc). Ares is so fast we don't need to worry about this currently. For every 1 decode Ciphey can do, Ares can do ~7. That's a 700% increase in speed.
There are 2 main parts to Ares, the library and the CLI. The CLI simply uses the library which means you can build on-top of Ares.
Ares currently supports 16 decoders and it is growing fast. Ciphey supports around ~50, and we are adding more everyday.
A tool that downloads official firmware images from Samsung's update servers. Can also decrypt encrypted images.
The regions are not called standard things. For example, the US/North American firmware region is XAR.
VHS is a tool for creating GIFs that can be used to demo CLI tools. But what if we used it to do something different? Like re-create some classic scifi movie scenes. Such as Trinity using NMAP in the Matrix or hacking WOPR in War Games? This project has some VHS tapes that generate:
- Neo receiving messages from Trinity in the Matrix
- Trinity hacking using NMAP
- Hacking WOPR in War Games
- WOPR realising Thermonuclear war is a mugs game
- Dennis Nedry's terminal in Jurassic Park
- Ripley asking about Special Order 937
Utility code that can extract an AppleDouble file's contents and extract the individual resources from its resource fork segment.
This is useful if you have stored Mac files on FAT32-formatted floppy disks or in macOS X ZIP archives and want to (further) extract the data from them on a non-Mac operating system.
Pebble is a complete modular music engine in the form of a simple text editor. Using the Pebble code language, you can create custom sounds and arrange them into full songs using a dynamic piano-roll notation.
The editor supports live playback and looping, as well as WAV export. For more information about using Pebble, see the Guide page on this site or type help in the FILE bar in the program!
You can get the software from itch.io: https://nashhigh.itch.io/pebble
This is an in-depth guide to the different elements of the Pebble code language. It is set up to be a reference more than a tutorial, so if you are just starting out, you might want to go through the welcome document first. (This is the first file that loads when you start Pebble.) Or you could try out one of the demo files, by typing demo1, demo2, or demo3 into the File bar and pressing Load. You can also enter help to access this guide in-program, or use ref to get the quick-reference guide. The default soundpack is sounds which you can import (IMP sounds) to access many basic sounds, or you can load it directly to scope out how they are created.
The Pebble code language is modular, which means that all the sounds, instruments, and patterns are created by combining and arranging different modules, each of which typically performs a simple function (like addition, or changing volume).
Crack legacy zip encryption with Biham and Kocher's known plaintext attack.
A ZIP archive may contain many entries whose content can be compressed and/or encrypted. In particular, entries can be encrypted with a password-based symmetric encryption algorithm referred to as traditional PKWARE encryption, legacy encryption or ZipCrypto. This algorithm generates a pseudo-random stream of bytes (keystream) which is XORed to the entry's content (plaintext) to produce encrypted data (ciphertext). The generator's state, made of three 32-bits integers, is initialized using the password and then continuously updated with plaintext as encryption goes on. This encryption algorithm is vulnerable to known plaintext attacks as shown by Eli Biham and Paul C. Kocher in the research paper A known plaintext attack on the PKZIP stream cipher. Given ciphertext and 12 or more bytes of the corresponding plaintext, the internal state of the keystream generator can be recovered. This internal state is enough to decipher ciphertext entirely as well as other entries which were encrypted with the same password. It can also be used to bruteforce the password with a complexity of nl-6 where n is the size of the character set and l is the length of the password.
Textual adds interactivity to Rich with a Python API inspired by modern web development. It's kind of like a framework but for console tools.
On modern terminal software (installed by default on most systems), Textual apps can use 16.7 million colors with mouse support and smooth flicker-free animation. A powerful layout engine and re-usable components makes it possible to build apps that rival the desktop and web experience. If you've seen something as a desktop app, chances are you could also build it as a console application with Textual.
Documentation: https://textual.textualize.io/
Nginxpwner is a simple tool to look for common Nginx misconfigurations and vulnerabilities. Give it a list of URLs (Burp Suite is namechecked here) and turn it loose, and it'll look for misconfigurations.
A terminal-based webcam viewer. Video streams are displayed as ASCII (default) or ANSI graphics.
DNS Reaper is yet another sub-domain takeover tool, but with an emphasis on accuracy, speed and the number of signatures in our arsenal!
We can scan around 50 subdomains per second, testing each one with over 50 takeover signatures. This means most organisations can scan their entire DNS estate in less than 10 seconds.
Currently only supports Route53, Cloudflare, and Azure.
A CLI tool that adds interactivity as well as flair to your shell scripts. Text entry in several forms, pick-and-choose lists, radio buttons, "I'm busy" spinners, spreadsheet-like tables, progress indicators, countup and countdown timers, CSS-like color schemes, and more.
In the standard Arch Linux package repo.
BBOT is a recursive, modular OSINT framework written in Python.
It is capable of executing the entire OSINT process for entire domains in a single command, including subdomain enumeration, port scanning, web screenshots (with its gowitness module), vulnerability scanning (with nuclei), and much more.
BBOT currently has over 50 modules and counting.
Requires Python v3.9.x or later.
An ACME protocol client written purely in Shell (Unix shell) language.
Full ACME protocol implementation. Support ECDSA certs. Support SAN and wildcard certs. Simple, powerful and very easy to use. You only need 3 minutes to learn it. Bash, dash and sh compatible. Purely written in Shell with no dependencies on python. Self-contained, just one script is needed to issue, renew and install your certificates automatically. DOES NOT require root/sudoer access. Docker ready. IPv6 ready. Cron job notifications for renewal or error etc.
At the beginning of 2020, we discovered the Red Unlock technique that allows extracting Intel Atom Microcode. We were able to research the internal structure of the microcode and then x86 instruction implementation. Also, we recovered a format of microcode updates, algorithm and the encryption key used to protect the microcode.
This is the tools they used to take it apart.